I modified the WEB-INF\applicationContext-externalAuth-LDAP-mt.xml file so that I could login to JasperReports Server using users from my LDAP server. After saving the file and restarting JasperReports Server, trying to login with an LDAP user failed. The error was:
HTTP Status 500 - Error during synchronization type Exception report message Error during synchronization description The server encountered an internal error that prevented it from fulfilling this request. exception org.springframework.security.authentication.AuthenticationServiceException: Error during synchronization com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl.synchronize(ExternalDataSynchronizerImpl.java:106) ... root cause java.lang.RuntimeException: com.jaspersoft.jasperserver.api.JSException: jsexception.folder.too.long.uri com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.ldap.LdapExternalTenantProcessor.process(LdapExternalTenantProcessor.java:74) ...
The full distinguished name for the user was very long, and it included severals organizational units (ou) and domain components (dc). By default, when an external user logs into JasperReports Server for the first time, it is created in an organization tree that corresponds to the distinguished name. In this case, the organization tree was so large that their resultant URIs caused the exception.
The solution was to shrink the organization tree by setting excludeRootDN to "true" in WEB-INF\applicationContext-externalAuth-LDAP-mt.xml and specify the baseDN (which we wanted excluded from the organization tree) in the ldapContextSource's constructor-arg value.
Another way to shrink the organization tree would be to modify the ldapExternalTenantProcessor's organizationRDNs property by removing values you do not want to include in the organization tree.
Ref. Case 00059296