How to enable LDAP authentication in CABI 6.1 JasperServer Reports

Document ID : KB000044611
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

This article explains how to enable LDAP authentication in CABI 6.1 JasperReports Server

 

Environment:  

 

CABI 6.1 - Windows

CABI 6.2 - Windows and Linux

 

 

Instructions: 

 

SSO and LDAP DONT work together.

Either SSO or LDAP can work. Both cannot be enabled in the CABI Jasper Reports Server at present.

Note for removing SSO configuration:- Please remove applicationContext-externalAuth-template-mt.xml from <tomcat-folder>\webapps\<webapp-name>\WEB-INF folder before starting this configuration for CA jasperReport Server 6.2 build.

 

Microsoft Active Directory:

1. Say you extracted the build to c:/jasperreports-server-6.2.0-bin and installed it using C:\apache-tomcat-8.0.23 app server. Stop tomcat service, and go to C:\apache-tomcat-8.0.23\webapps\jasperserver-pro\WEB-INF and remove applicationContext-externalAuth-template-mt.xml  file.

2. Download  applicationContext-externalAuth-LDAP-mt.xml and copy it to C:\apache-tomcat-8.0.23\webapps\jasperserver-pro\WEB-INF

3. In that file perform the below modifications (which are in bold)

In <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">

<property name="groupSearchFilter" value="(&amp;(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.1941:=2)))"/>

 

In <bean id="userSearch"       class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">

<constructor-arg index="1">

            <value>(sAMAccountName={0})</value>

        </constructor-arg>

 

In <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">

        <constructor-arg value="ldap://ldaphost:port/dc=ca,dc=com"/>

        <!-- manager user name and password (may not be needed)  -->

        <property name="userDn" value="cn=bansr02,ou=users,ou=itc hyderabad,dc=ca,dc=com"/>

        <property name="password" value="*****"/>

        <property name="referral" value="follow"/>

    </bean>

4. Start tomcat service and login with your LDAP credentials.

Steps to enable encryption for the LDAP Password:

  1. Stop the Tomcat and Add following properties in default_master.properties which is present in <CA-Build>/buildomatic folder.  if it is not available go to sample_conf and copy related database properties file  to buildomatic folder and  rename it to default_master.properties .
    external.ldapDn - This property should contain the LDAP user DN
    external.ldapPassword - This property should contain the password for the LDAP user in plain text.
    encrypt - This property should contain true as it value to encrypt the password.
    propsToEncrypt - This property should contain the properties name which needs to be encrypted.(Ex: external.ldapPassword)
  2. Open the command prompt/terminal and change the directory to <CA-Build>/buildomatic and trigger following command to encrypt the password :-
    js-ant.bat gen-config (Windows)
    js-ant gen-config (Linux)

    Copy the values of following properties from default_master.properties to js.externalAuth.properties(present in <tomcat-base-dir>/<webapps>/<webappname>/WEB-INF) :-

    external.ldapUrl
    external.ldapDn
    external.ldapPassword

  3. Change following attributes in ldapContextSource bean in applicationContext-externalAuth-LDAP-mt.xml(present in <tomcat-base-dir>/<webapps>/<webappname>/WEB-INF) :-
  4. Restart the Tomcat.

Steps to map LDAP hierarchy to a particular organization (Such as Spectrum or SOI) :

         Following changes needs to be performed in applicationContext-externalAuth-LDAP-mt.xml(present in <tomcat-base-dir>/<webapps>/<webappname>/WEB-INF) :-

         1. Remove the organizationRDNs property (or make sure the list of properties is empty).

         2. Add following tag in ldapExternalTenantProcessor bean  :-

             <property name="defaultOrganization" value="gaurav"/>

         3. Change the value of the defaultOrganization to the name of the organization to which the mapping is required in Jasperserver.

Pending work: How can we allow multiple/multi-level LDAP organization users into similar Organization structure in CABI, how can we map the LDAP roles into CABI roles and also can we mention multiple LDAP details for multiple CABI organizations. How can we map LDAP user fields to CABI user fields when importing.

Known Issues and Solutions:

CABI Jasper Reports 6.1 LDAP Null Pointer exception error.

Issue description: When user runs a report from LDAP integrated CABI Jaspersoft 6.1 server, The report gives an “ Java.lang.NullPointer Exception”

Solution:

        Follow below steps to resolve the issue.

  • Stop the application server.
  • Find the root web application folder (e.g. c:\apache-tomcat\webapps\jasperserver-pro\).
  • Make a back-up copy of that folder to a new, separate location.
  • Contact CA Support to obtain a hotfix_JRSPro6.1.0_cumulative patch.

  • Replace below specified jar files with the files available in "hotfix_JRSPro6.1.0_cumulative\WEB-INF\lib"

    WEB-INF/lib/jasperserver-api-common-impl-6.1.0.jar

    WEB-INF/lib/jasperserver-api-engine-impl-6.1.0.jar

    WEB-INF/lib/jasperserver-api-externalAuth-impl-6.1.0.jar

     WEB-INF/lib/jasperserver-api-metadata-impl-6.1.0

  • Remove the Application Server's JSP cache.
        For a Tomcat deployment on Windows, for instance, the JSP cache might be in: C:\apache-tomcat\work\Catalina\localhost\jasperserver-pro. 
  • Start the application server.
  • Clear browser cache
File Attachments:
TEC1677289.zip