LDAP Connector
The LDAP connector allows a process to retrieve data from an LDAP server by running a query.
If you are looking for LDAP Authentication please go to: Active Directory or LDAP authentication.
Configuring an LDAP connector with the wizard:
-
In the General screen:
-
Enter a name and description for the connector.
-
Specify whether the connector runs at the start or the end of the step.
-
Specify the behavior if the connector fails.
-
Click Next.
-
-
Specify the LDAP server information:
Input | Description | Type |
---|---|---|
Host |
IP address or name of server hosting LDAP directory |
string |
Port |
LDAP directory port number |
number |
Protocol |
LDAP, LDAPS or TLS |
select |
user |
LDAP user name |
string |
password |
LDAP user password |
string |
Then click Next.
-
Specify the search criteria:
Input | Description | Type |
---|---|---|
Base DN |
the Distinguished Name at which to start search |
string |
Filter |
specify a subset, e.g. (&(objectClass=person)(givenname=John)) |
string in accordance with LDAP syntax |
Attributes |
define attributes to return in result entries using LDAP syntax |
string of strings separated by "," |
Scope |
subtree: entire subtree starting as the base DN, one level: entries immediately below the base DN, base: search just the named entry |
select |
Size limit |
maximum number of entries to return |
number |
Time limit (in seconds) |
maximum time to allow search to run |
number |
Referral handling |
ignore or follow referrals |
select |
Alias dereferencing |
always: always dereference aliases, searching: dereference aliases only after name resolution, never: never dereference aliases, finding: dereference aliases only during name resolution |
select |
Then click Next.
-
Specify the output operations. The connector returns a list object.
-
Click Finish.
Troubleshooting
LDAP Connector fails to manage more than 1000 users.
When using the LDAP Connector to get information from your LDAP Active Directory, for example the users and emails inside the process, the process fails on the connector with the trace:
org.bonitasoft.engine.core.connector.exception.SConnectorException: PROCESS_DEFINITION_ID=8541609964140124956 | PROCESS_NAME=Test Ldap connector | PROCESS_VERSION=2.0 |
PROCESS_INSTANCE_ID=3002 | ROOT_PROCESS_INSTANCE_ID=3002 | FLOW_NODE_DEFINITION_ID=6398664828292262535 | FLOW_NODE_INSTANCE_ID=60012 |FLOW_NODE_NAME=LDAP request |
CONNECTOR_IMPLEMENTATION_CLASS_NAME=getLDAPNamesAndMails | CONNECTOR_INSTANCE_ID=60005 |
org.bonitasoft.engine.connector.exception.SConnectorException: java.util.concurrent.ExecutionException: org.bonitasoft.engine.connector.exception.SConnectorException:
org.bonitasoft.engine.connector.ConnectorException: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'ou=Sites,dc=htestlit,dc=local'
at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnectorInClassloader(ConnectorServiceImpl.java:275)
at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnector(ConnectorServiceImpl.java:148)
at org.bonitasoft.engine.connector.ConnectorServiceDecorator.executeConnector(ConnectorServiceDecorator.java:114)
at org.bonitasoft.engine.execution.work.ExecuteConnectorWork.work(ExecuteConnectorWork.java:138)
at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
at org.bonitasoft.engine.execution.work.FailureHandlingBonitaWork.work(FailureHandlingBonitaWork.java:66)
at org.bonitasoft.engine.work.BonitaWork.run(BonitaWork.java:56)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.bonitasoft.engine.connector.exception.SConnectorException: java.util.concurrent.ExecutionException: org.bonitasoft.engine.connector.exception.SConnectorException: org.bonitasoft.engine.connector.ConnectorException: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'ou=Sites,dc=htestlit,dc=local'
at org.bonitasoft.engine.connector.impl.ConnectorExecutorImpl.execute(ConnectorExecutorImpl.java:125)
at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnectorInClassloader(ConnectorServiceImpl.java:269)
... 12 more
Cause Your LDAP Active Directory is using the pagination. Generally on LDAP Server using the pagination, the page size is set to 1000. By default, the pagination is not managed by the LDAP Connector since is not supported by all LDAP servers. So if your LDAP Active Directory is using the pagination, it will not be handled by the connector and will make it fail after 1000 users.
Solution
-
Increase the page size on your Active Directory by increasing the value of MaxPageSize : https://support.microsoft.com/en-us/kb/315071
-
Develop a Custom LDAP Connector managing the pagination of your Active Directory.
To do so, you can read the documentation page on the connector archetype.