LDAP Connector

The LDAP connector allows a process to retrieve data from an LDAP server by running a query.

If you are looking for LDAP Authentication please go to: Active Directory or LDAP authentication.

Configuring an LDAP connector with the wizard:

  1. In the General screen:

    • Enter a name and description for the connector.

    • Specify whether the connector runs at the start or the end of the step.

    • Specify the behavior if the connector fails.

    • Click Next.

  2. Specify the LDAP server information:

Input Description Type

Host

IP address or name of server hosting LDAP directory

string

Port

LDAP directory port number

number

Protocol

LDAP, LDAPS or TLS

select

user

LDAP user name

string

password

LDAP user password

string

Then click Next.

  1. Specify the search criteria:

Input Description Type

Base DN

the Distinguished Name at which to start search

string

Filter

specify a subset, e.g. (&(objectClass=person)(givenname=John))

string in accordance with LDAP syntax

Attributes

define attributes to return in result entries using LDAP syntax

string of strings separated by ","

Scope

subtree: entire subtree starting as the base DN, one level: entries immediately below the base DN, base: search just the named entry

select

Size limit

maximum number of entries to return

number

Time limit (in seconds)

maximum time to allow search to run

number

Referral handling

ignore or follow referrals

select

Alias dereferencing

always: always dereference aliases, searching: dereference aliases only after name resolution, never: never dereference aliases, finding: dereference aliases only during name resolution

select

Then click Next.

  1. Specify the output operations. The connector returns a list object.

  2. Click Finish.

Troubleshooting

LDAP Connector fails to manage more than 1000 users.

When using the LDAP Connector to get information from your LDAP Active Directory, for example the users and emails inside the process, the process fails on the connector with the trace:

    org.bonitasoft.engine.core.connector.exception.SConnectorException: PROCESS_DEFINITION_ID=8541609964140124956 | PROCESS_NAME=Test Ldap connector | PROCESS_VERSION=2.0 |
    PROCESS_INSTANCE_ID=3002 | ROOT_PROCESS_INSTANCE_ID=3002 | FLOW_NODE_DEFINITION_ID=6398664828292262535 | FLOW_NODE_INSTANCE_ID=60012 |FLOW_NODE_NAME=LDAP request |
    CONNECTOR_IMPLEMENTATION_CLASS_NAME=getLDAPNamesAndMails | CONNECTOR_INSTANCE_ID=60005 |
    org.bonitasoft.engine.connector.exception.SConnectorException: java.util.concurrent.ExecutionException: org.bonitasoft.engine.connector.exception.SConnectorException:
    org.bonitasoft.engine.connector.ConnectorException: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'ou=Sites,dc=htestlit,dc=local'
            at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnectorInClassloader(ConnectorServiceImpl.java:275)
            at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnector(ConnectorServiceImpl.java:148)
            at org.bonitasoft.engine.connector.ConnectorServiceDecorator.executeConnector(ConnectorServiceDecorator.java:114)
            at org.bonitasoft.engine.execution.work.ExecuteConnectorWork.work(ExecuteConnectorWork.java:138)
            at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
            at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
            at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
            at org.bonitasoft.engine.execution.work.failurewrapping.TxInHandleFailureWrappingWork.work(TxInHandleFailureWrappingWork.java:42)
            at org.bonitasoft.engine.execution.work.FailureHandlingBonitaWork.work(FailureHandlingBonitaWork.java:66)
            at org.bonitasoft.engine.work.BonitaWork.run(BonitaWork.java:56)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
            at java.lang.Thread.run(Thread.java:745)
    Caused by: org.bonitasoft.engine.connector.exception.SConnectorException: java.util.concurrent.ExecutionException: org.bonitasoft.engine.connector.exception.SConnectorException: org.bonitasoft.engine.connector.ConnectorException: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'ou=Sites,dc=htestlit,dc=local'
            at org.bonitasoft.engine.connector.impl.ConnectorExecutorImpl.execute(ConnectorExecutorImpl.java:125)
            at org.bonitasoft.engine.core.connector.impl.ConnectorServiceImpl.executeConnectorInClassloader(ConnectorServiceImpl.java:269)
            ... 12 more

Cause Your LDAP Active Directory is using the pagination. Generally on LDAP Server using the pagination, the page size is set to 1000. By default, the pagination is not managed by the LDAP Connector since is not supported by all LDAP servers. So if your LDAP Active Directory is using the pagination, it will not be handled by the connector and will make it fail after 1000 users.

Solution

  1. Increase the page size on your Active Directory by increasing the value of MaxPageSize : https://support.microsoft.com/en-us/kb/315071

  2. Develop a Custom LDAP Connector managing the pagination of your Active Directory.
    To do so, you can read the documentation page on the connector archetype.