NullPointerException When Configuring LDAP Authentication on XNAT 1.9.0 with Active Directory LDAP

[Aymane]

Hello XNAT Community,

I'm experiencing issues configuring LDAP authentication with XNAT 1.9.0 using an Active Directory LDAP server. Despite multiple troubleshooting steps, I continue to receive a NullPointerException during the authentication process. I'm seeking assistance to resolve this issue.

Environment Details:

• XNAT Version: 1.9.0

• LDAP Server: Active Directory LDAP

• Server OS: Ubuntu 24.04 LTS

• Java Version: OpenJDK 1.8

• Tomcat Version: Tomcat 9

• LDAP Plugin: ldap-auth-plugin-1.2.0.jar (from the XNAT plugin repository)

Issue Summary:

When attempting to log in with an LDAP user, XNAT throws a NullPointerException, indicating that the username is null during the authentication process. The error occurs even though the LDAP validation script confirms successful authentication for both the bind user and the LDAP user.

Note: I have redacted sensitive information such as passwords and actual user data to maintain security and privacy.

Error Message:

java.lang.NullPointerException: username is marked non-null but is null at org.nrg.xdat.exceptions.UsernameAuthMappingNotFoundException.<init>(UsernameAuthMappingNotFoundException.java:8) ...

LDAP Configuration (ldap1-provider.properties):

name=Active Directory LDAP provider.id=ad-server auth.method=ldap auto.enabled=true auto.verified=true

address=ldap://repalced-my-ldap-server:389

user.id=sAMAccountName user.login=sAMAccountName user.email=userPrincipalName user.firstname=givenName user.lastname=sn referral=follow provider.order=1 # Credentials for LDAP binding userdn=cn=Administrador,cn=Users,dc=vhio,dc=org password=************** # LDAP search base and filter search.base=dc=vhio,dc=org search.filter=(sAMAccountName={0}) # Validation properties (for testing only) validate.username=aymaneelhanbali validate.password=**************

LDAP Entry for the User (Using ldapsearch):

dn: CN=Aymane El Hanbali,OU=replaced-my-department,OU=replaced-my-working-office,DC=vhio,DC=org sn: El Hanbali givenName: Aymane sAMAccountName: aymaneelhanbali userPrincipalName: aymanee...@vhio.net

Validation Script Output:

Loading properties from /data/xnat/home/config/auth/ldap1-provider.properties Address: ldap://SRVVHIODC1.vhio.org:389 User DN: cn=Administrador,cn=Users,dc=vhio,dc=org Password: ************** Search base: dc=vhio,dc=org Search filter: (sAMAccountName={0}) Username: aymaneelhanbali password: ************** Validating the binding user account 'cn=Administrador' with search base 'cn=Users,dc=vhio,dc=org' User 'cn=Administrador' authentication state: true Binding user 'cn=Administrador' authenticated successfully, validating the user account 'aymaneelhanbali' User 'aymaneelhanbali' authentication state: true User 'aymaneelhanbali' authenticated successfully

Steps I have taken to Resolve the Issue:

1. Verified LDAP Attributes:

   • Confirmed that sAMAccountName, givenName, sn, and userPrincipalName are present for the user.

2. Adjusted ldap1-provider.properties:

   • Set user.id to sAMAccountName to avoid special characters.

   • Ensured that attribute names match exactly and are case-sensitive.

3. Validated LDAP Credentials:

   • Used the validation script provided with the LDAP plugin, which confirms successful authentication for both the bind user and the LDAP user.

4. Tested with Another LDAP User:

   • Attempted to log in with a different LDAP user, encountering the same error.

Relevant Log Excerpts:

2024-10-25 10:41:49,467 [http-nio-8080-exec-5] ERROR org.nrg.xnat.security.XnatAuthenticationFilter - An unknown error occurred while trying to authenticate the user with the name 'aymaneelhanbali' java.lang.NullPointerException: username is marked non-null but is null at org.nrg.xdat.exceptions.UsernameAuthMappingNotFoundException.<init>(UsernameAuthMappingNotFoundException.java:8) ...

Attachments:

• ldap1-provider.properties file

• Full stack trace of the error

• Relevant log files

Conclusion:

Despite extensive troubleshooting, I have been unable to resolve the NullPointerException when attempting to authenticate LDAP users.

It is strange since I was able to set up many other applications using similar AD properties. Any insights or suggestions from the community would be greatly appreciated.

Thank you for your assistance.

Best regards,

Aymane

[Kym Eden]

Hi, 

I have the exact same issue.  In my case I believe the cause to be that our AD server doesn't assign uid, we just use sAMAccountName, so the lookup for the uid attribute returns null even though the rest of the record is valid.  The fallback to the pre 1.2 behaviour doesn't work because it only catches if the user wasn't found, not if there's a null in the username.  You have a few extra parameters in your properties file than we do, and than are documented.  For example the `user.id` and `referral`.  Where did you find instructions on these?  At a guess from the sourecode, you want `attributes.uid=sAMAccountName`, but that isn't working for me.

Something else weird: your post's text appears to be white which made it hard to read.

Kym

[George Kowalski Sr]

I'm having the same NullPointer exception . Anyone find a fix ? 

[George Kowalski Sr]

OK , The fix is to map the values coming back from the Active Directory server for that user to the fields required . 

This is done ( undocumented , but should have been listed on this page https://wiki.xnat.org/xnat-tools/xnat-ldap-authentication-plugin ) in the properties file ldap1-provider.properties 

 

# Attributes Mapping comping back from Active directory , Ad field names are on the right , xnat on the left and must begin with "attribites."

attributes.email=mail
attributes.firstname=givenName
attributes.lastname=sn
attributes.uid=sAMAccountName
attributes.cn=cn

 

Found this in the code : https://bitbucket.org/xnatx/ldap-auth-plugin/src/1982e2fc95f187eb9d21050c039f9099c523d508/src/main/java/org/nrg/xnatx/plugins/auth/ldap/XnatLdapUserDetailsMapper.java#lines-124