Hello,
I am trying to use ldap for authentication.
It seems like I am able to connect to the ldap server, but camunda cant retrieve any users or groups from the store.
This is my config:
@Configuration
@ConfigurationProperties (prefix = “ldap”)
public class CamundaLdapConfig {
String serverUrl;
Boolean acceptUntrustedCertificates;
Boolean allowAnonymousLogin;
Boolean useSsl;
String securityAuthentication;
// manager Einstellungen
String baseDn;
String managerDn;
String managerPassword;
// user-spezifische Einstellungen
String userSearchBase;
String userSearchFilter;
String userIdAttribute;
String userFirstnameAttribute;
String userLastnameAttribute;
String userEmailAttribute;
String userPasswordAttribute;
// gruppen-spezifische Einstellungen
String groupSearchBase;
String groupSearchFilter;
String groupIdAttribute;
String groupNameAttribute;
String groupMemberAttribute;
String adminUserName;
String adminGroupName;
@Bean
@Order (Ordering.DEFAULT_ORDER + 1)
public ProcessEnginePlugin strongUUIDGenerator() {
return new ProcessEnginePlugin() {
@Override
public void preInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
processEngineConfiguration.setIdGenerator(new StrongUuidGenerator());
}
@Override
public void postInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
}
@Override
public void postProcessEngineBuild(ProcessEngine processEngine) {
}
};
}
@Bean
@Order (Ordering.DEFAULT_ORDER + 2)
public LdapIdentityProviderPlugin ldapIdentityProviderPlugin() {
LdapIdentityProviderPlugin plugin = new LdapIdentityProviderPlugin();
plugin.setServerUrl(getServerUrl());
plugin.setAcceptUntrustedCertificates(getAcceptUntrustedCertificates());
plugin.setAllowAnonymousLogin(getAllowAnonymousLogin());
plugin.setUseSsl(getUseSsl());
plugin.setSecurityAuthentication(getSecurityAuthentication());
// manager Einstellungen
plugin.setBaseDn(getBaseDn());
plugin.setManagerDn(getManagerDn());
plugin.setManagerPassword(getManagerPassword());
// user-spezifische Einstellungen
plugin.setUserSearchBase(getUserSearchBase());
plugin.setUserSearchFilter(getUserSearchFilter());
plugin.setUserIdAttribute(getUserIdAttribute());
plugin.setUserFirstnameAttribute(getUserFirstnameAttribute());
plugin.setUserLastnameAttribute(getUserLastnameAttribute());
plugin.setUserEmailAttribute(getUserEmailAttribute());
// plugin.setUserPasswordAttribute(getUserPasswordAttribute());
// gruppen-spezifische Einstellungen
plugin.setGroupSearchBase(getGroupSearchBase());
plugin.setGroupSearchFilter(getGroupSearchFilter());
plugin.setGroupIdAttribute(getGroupIdAttribute());
plugin.setGroupNameAttribute(getGroupNameAttribute());
plugin.setGroupMemberAttribute(getGroupMemberAttribute());
return plugin;
}
@Bean
@Order (Ordering.DEFAULT_ORDER + 3)
public AdministratorAuthorizationPlugin administratorAuthorizationPlugin() {
AdministratorAuthorizationPlugin plugin = new AdministratorAuthorizationPlugin();
plugin.setAdministratorGroupName(getAdminGroupName()); //Group Name available in the ldap server
plugin.setAdministratorUserName(getAdminUserName()); //User-id available in the ldap server
return plugin;
}
public String getUserPasswordAttribute() {
return userPasswordAttribute;
}
public void setUserPasswordAttribute(String userPasswordAttribute) {
this.userPasswordAttribute = userPasswordAttribute;
}
public String getServerUrl() {
return serverUrl;
}
public void setServerUrl(String serverUrl) {
this.serverUrl = serverUrl;
}
public Boolean getAcceptUntrustedCertificates() {
return acceptUntrustedCertificates;
}
public void setAcceptUntrustedCertificates(Boolean acceptUntrustedCertificates) {
this.acceptUntrustedCertificates = acceptUntrustedCertificates;
}
public Boolean getAllowAnonymousLogin() {
return allowAnonymousLogin;
}
public void setAllowAnonymousLogin(Boolean allowAnonymousLogin) {
this.allowAnonymousLogin = allowAnonymousLogin;
}
public Boolean getUseSsl() {
return useSsl;
}
public void setUseSsl(Boolean useSsl) {
this.useSsl = useSsl;
}
public String getSecurityAuthentication() {
return securityAuthentication;
}
public void setSecurityAuthentication(String securityAuthentication) {
this.securityAuthentication = securityAuthentication;
}
public String getBaseDn() {
return baseDn;
}
public void setBaseDn(String baseDn) {
this.baseDn = baseDn;
}
public String getManagerDn() {
return managerDn;
}
public void setManagerDn(String managerDn) {
this.managerDn = managerDn;
}
public String getManagerPassword() {
return managerPassword;
}
public void setManagerPassword(String managerPassword) {
this.managerPassword = managerPassword;
}
public String getUserSearchBase() {
return userSearchBase;
}
public void setUserSearchBase(String userSearchBase) {
this.userSearchBase = userSearchBase;
}
public String getUserSearchFilter() {
return userSearchFilter;
}
public void setUserSearchFilter(String userSearchFilter) {
this.userSearchFilter = userSearchFilter;
}
public String getUserIdAttribute() {
return userIdAttribute;
}
public void setUserIdAttribute(String userIdAttribute) {
this.userIdAttribute = userIdAttribute;
}
public String getUserFirstnameAttribute() {
return userFirstnameAttribute;
}
public void setUserFirstnameAttribute(String userFirstnameAttribute) {
this.userFirstnameAttribute = userFirstnameAttribute;
}
public String getUserLastnameAttribute() {
return userLastnameAttribute;
}
public void setUserLastnameAttribute(String userLastnameAttribute) {
this.userLastnameAttribute = userLastnameAttribute;
}
public String getUserEmailAttribute() {
return userEmailAttribute;
}
public void setUserEmailAttribute(String userEmailAttribute) {
this.userEmailAttribute = userEmailAttribute;
}
public String getGroupSearchBase() {
return groupSearchBase;
}
public void setGroupSearchBase(String groupSearchBase) {
this.groupSearchBase = groupSearchBase;
}
public String getGroupSearchFilter() {
return groupSearchFilter;
}
public void setGroupSearchFilter(String groupSearchFilter) {
this.groupSearchFilter = groupSearchFilter;
}
public String getGroupIdAttribute() {
return groupIdAttribute;
}
public void setGroupIdAttribute(String groupIdAttribute) {
this.groupIdAttribute = groupIdAttribute;
}
public String getGroupNameAttribute() {
return groupNameAttribute;
}
public void setGroupNameAttribute(String groupNameAttribute) {
this.groupNameAttribute = groupNameAttribute;
}
public String getGroupMemberAttribute() {
return groupMemberAttribute;
}
public void setGroupMemberAttribute(String groupMemberAttribute) {
this.groupMemberAttribute = groupMemberAttribute;
}
public String getAdminUserName() {
return adminUserName;
}
public void setAdminUserName(String adminUserName) {
this.adminUserName = adminUserName;
}
public String getAdminGroupName() {
return adminGroupName;
}
public void setAdminGroupName(String adminGroupName) {
this.adminGroupName = adminGroupName;
}
}
application.yaml:
ldap:
serverUrl: ldaps://*********************
acceptUntrustedCertificates: true
allowAnonymousLogin: false
useSsl: true
securityAuthentication: simple
baseDn: DC=intern,DC=,DC=local
managerDn: CN=,OU=,DC=intern,DC=,DC=local
managerPassword: ***********
userSearchBase: OU=USERS,OU=
userSearchFilter: (&(|(objectClass=userProxyFull)(objectClass=user))(mail=?))
userIdAttribute: mail
userFirstnameAttribute: givenName
userLastnameAttribute: sn
userEmailAttribute: mail
groupSearchBase: OU=GROUPS,OU=*****
groupSearchFilter: (&(objectClass=group)(cn=?))
groupIdAttribute: cn
groupNameAttribute: cn
groupMemberAttribute: member
adminGroupName: ******
adminUserName: *@
All Loggers are DEBUG and that is the only response i get:
15:05:11.211 [http-nio-18080-exec-2] WARN org.glassfish.jersey.servlet.WebComponent - A servlet request to the URI http://localhost:18080/api/admin/auth/user/default/login/welcome contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
15:05:11.214 [http-nio-18080-exec-2] DEBUG org.camunda.bpm.engine.cmd - ENGINE-13005 Starting command -------------------- CheckPassword ----------------------
15:05:11.215 [http-nio-18080-exec-2] DEBUG org.camunda.bpm.engine.cmd - ENGINE-13009 opening new command context
15:05:11.445 [http-nio-18080-exec-2] DEBUG org.camunda.bpm.engine.cmd - ENGINE-13011 closing existing command context
15:05:11.446 [http-nio-18080-exec-2] DEBUG org.camunda.bpm.engine.cmd - ENGINE-13006 Finishing command -------------------- CheckPassword ----------------------
The Project is a spring boot starter.
I always get 401 Http Response if i try to login. I tried to do different passwords but that did not work either.
Would be nice if anyone has a explanation why camunda cant retrieve the UserData
EDIT:
I get the same error if i type in the wrong password.