After configuring LDAP authentication, unable to login due to "jsexception.folder.too.long.uri"

HTTP Status 500 - Error during synchronization type Exception report message Error during synchronization description The server encountered an internal error that prevented it from fulfilling this request.
exception org.springframework.security.authentication.AuthenticationServiceException: Error during synchronization com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl.synchronize(ExternalDataSynchronizerImpl.java:106)

...

root cause java.lang.RuntimeException: com.jaspersoft.jasperserver.api.JSException: jsexception.folder.too.long.uri
com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.ldap.LdapExternalTenantProcessor.process(LdapExternalTenantProcessor.java:74)

...

Resolution

The full distinguished name for the user was very long, and it included severals organizational units (ou) and domain components (dc). By default, when an external user logs into JasperReports Server for the first time, it is created in an organization tree that corresponds to the distinguished name. In this case, the organization tree was so large that their resultant URIs caused the exception.

The solution was to shrink the organization tree by setting excludeRootDN to "true" in WEB-INFapplicationContext-externalAuth-LDAP-mt.xml and specify the baseDN (which we wanted excluded from the organization tree) in the ldapContextSource's constructor-arg value.

Another way to shrink the organization tree would be to modify the ldapExternalTenantProcessor's organizationRDNs property by removing values you do not want to include in the organization tree.

Ref. Case 00059296