After configuring LDAP in Jaspersoft, if it is added the administration role to one of the users, after is saved successfully and the users logs in, the role is removed.

Document ID : KB000006295
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After configuring LDAP in Jaspersoft, if it is added the administration role to one of the users, after is saved successfully and the users logs in, the role is removed and therefore the administration permissions are lost.

Environment:
Service Desk Manager 14.1 Cum3 or aboveJaspersoft 6.2
Cause:

Due to some code changes in JasperReports Server for role synchronization to meet a specific requirement, all roles assigned to an external user must be configured with organizationRoleMap to map between external and internal roles.

Any unmapped roles for the external user found in the repository DB (jiuser – jiuserrole – jirole) are dereferenced (deleted) through synchronization when user logs in.

 

Resolution:

Modify the file "applicationContext-externalAuth-LDAP-mt", located under the path "..\tomcat\webapps\jasperserver-pro\WEB-INF", look for and comment out the "organizationRoleMap" as shown below:

<property name="organizationRoleMap">
    <map>
        <!-- Example of mapping customer roles to JRS roles -->
        <entry>
            <key>
                <value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
            </key>
            <!-- JRS role that the <key> external role is mapped to-->
            <value>ROLE_ADMINISTRATOR</value>
        </entry>
    </map>
</property>

to:

<!--
<property name="organizationRoleMap">
    <map>
       Example of mapping customer roles to JRS roles 
        <entry>
            <key>
                <value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
            </key>
            JRS role that the <key> external role is mapped to
            <value>ROLE_ADMINISTRATOR</value>
        </entry>
    </map>
</property>
-->

Restart the tomcat server and test again.

This should disable the external role to internal mapping and workaround the problem as discussed.

Additional Information:

Internal Role Mapped to an Externally Authenticate Active Directory User Through LDAP Got Deleted After Logging In