Skip to main content
Kofax

Null Pointer Exception when using LDAP for New Systems 10.7 and later

Problem

After signing into a brand new system 10.7 and up with LDAP, an error screen is shown instead of the Management Console  

an unexpected error occurred.png

The Tomcat logs show a 500 null pointer exception:

ERROR 500_Error  - Unexpected error
java.lang.NullPointerException
    at com.kapowtech.scheduler.server.spring.security.KapowLdapAuthenticationProvider.authenticate(KapowLdapAuthenticationProvider.java

 

Cause

There were new tags introduced into login.xml such that there is now two sections for declaring LDAP groups as admin groups:

10.7.0.1:

 <bean class="com.kapowtech.mc.config.LdapDirectory">

                   <property name="adminGroups">

                       <list>

                           <value>GROUPNAME</value>

                       </list>

                   </property>

                   <property name="administratorGroups">

                       <list>

                           <value>GROUPNAME</value>

                       </list>

                   </property>

 

Previous versions only had the "adminGroups" tag":

<bean class="com.kapowtech.mc.config.LdapDirectory">

                  <property name="adminGroups">

                       <list>

                          <value>KAP_ADMINS</value>

                       </list>

                   </property>

The Null Pointer exception is most likely coming from the login.xml missing the administratorGroups tag.

 

Resolution

If login.xml was copied from an earlier system, make sure admin groups tags are present for both adminGroups and administratorGroup, like in the example below.

Example of what the admin group section looks in login.xml:

 <bean class="com.kapowtech.mc.config.LdapDirectory">

 

                   <property name="adminGroups">

                       <list>

                           <value>KAPOWADMIN</value>

                       </list>

                   </property>

                   <property name="administratorGroups">

                       <list>

                           <value>RPAADMINISTRATORS</value>

                       </list>

                   </property>

The difference between the two is that "adminGroup" is the tag for the super administrators, the people who would have rights to take/restore MC backup, while "administratorGroups" will be the group for regular administrators, who have all rights except backup/restore. 

  • Was this article helpful?