Getting LDAP integration to work with prebuilt 6.3.0 artifacts with docker

johnsonru · May 17, 2018, 8:40pm

Hi all,
I’m attempting to use Flowable 6.3.0 with LDAP integration in using Docker containers with a focus on flowable-idm and looking for help/suggestions on how to address the error I’m encountering.

I’ve read through the LDAP chapter https://www.flowable.org/docs/userguide/index.html#chapter_ldap
and the Flowable IDM App section https://www.flowable.org/docs/userguide/index.html#flowableIDMApp ;
using a variety of environment variables patterned after those specified in the flowable IDM app section, I’ve ended up with the same errors using two different approaches:
1: flowable/flowable-idm docker image from https://hub.docker.com/r/flowable/flowable-idm/
2: using a tomcat 9.0.7 docker image with the Flowable 6.3.0 war files copied to the tomcat webapps folder and auto extracted. The war files are from The war files I’m using are from https://github.com/flowable/flowable-engine/releases/download/flowable-6.3.0/flowable-6.3.0.zip

With the two different approaches, I’m able to successfully get Flowable-IDM started and using the Flowable users and groups. However, for both, when I build a a new container using
flowable.idm.ldap.enabled=true the logs show a NullPointerException and the flowable-idm application does not start.

Using a LDAP client tool, I’m able to connect to the LDAP Server, which is using Apache DS as the user “uid=admin,ou=system” with the “secret” password.

On startup, the error is:
2018-05-17 16:34:18,525 [main] INFO org.flowable.ldap.LDAPTemplate - Could not create LDAP connection : null
java.lang.NullPointerException
at java.base/java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1022)
at java.base/java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1017)
at java.base/java.util.Properties.put(Properties.java:1225)
at org.flowable.ldap.LDAPConnectionUtil.createDirectoryContext(LDAPConnectionUtil.java:43)
at org.flowable.ldap.LDAPConnectionUtil.creatDirectoryContext(LDAPConnectionUtil.java:35)
at org.flowable.ldap.LDAPTemplate.execute(LDAPTemplate.java:38)
at org.flowable.ldap.impl.LDAPUserQueryImpl.findById(LDAPUserQueryImpl.java:92)
at org.flowable.ldap.impl.LDAPUserQueryImpl.executeQuery(LDAPUserQueryImpl.java:60)
at org.flowable.ldap.impl.LDAPUserQueryImpl.executeList(LDAPUserQueryImpl.java:54)
at org.flowable.engine.common.impl.AbstractQuery.executeSingleResult(AbstractQuery.java:161)
at org.flowable.engine.common.impl.AbstractQuery.singleResult(AbstractQuery.java:106)
at org.flowable.app.conf.Bootstrapper.createDefaultAdminUserAndPrivileges(Bootstrapper.java:81)
at org.flowable.app.conf.Bootstrapper.onApplicationEvent(Bootstrapper.java:61)
at org.flowable.app.conf.Bootstrapper.onApplicationEvent(Bootstrapper.java:41)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)

The environment variable settings I’m using are:
flowable.idm.ldap.enabled=true
flowable.idm.ldap.server=ldap://…ldap server…
flowable.idm.ldap.port=50389
flowable.idm.ldap.user=uid=admin,ou=system
flowable.idm.ldap.password=secret
flowable.idm.ldap.base-dn=dc=example,dc=com
flowable.idm.ldap.query.user-by-id=(&(objectClass=inetOrgPerson)(uid={0}))
flowable.idm.ldap.query.user-by-full-name-like=(&(objectClass=inetOrgPerson)(|({0}={1})({2}={3})))
flowable.idm.ldap.query.all-users=(objectClass=inetOrgPerson)
flowable.idm.ldap.query.groups-for-user=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
flowable.idm.ldap.query.all-groups=(objectClass=groupOfUniqueNames)
flowable.idm.ldap.attribute.user-id=uid
flowable.idm.ldap.attribute.first-name=cn
flowable.idm.ldap.attribute.last-name=sn
flowable.idm.ldap.attribute.email=mail
flowable.idm.ldap.attribute.group-id=cn
flowable.idm.ldap.attribute.group-name=cn
flowable.idm.ldap.cache.group-size=10000
flowable.idm.ldap.cache.group-expiration=180000

I’m not building my own project as specified in the Flowable Docs, section 17.1, but I’ve tried copying in the flowable-ldap-configurator jar file and restarted the containers, however that did not make any difference in the results.

Any help/suggestions is greatly appreciated!

yvo · May 18, 2018, 7:00am

Hi.

Were you able to get this working outside a docker container?
(On a ‘regular’ tomcat)

Regards,

Yvo

johnsonru · May 18, 2018, 12:52pm

Good idea - I’ll give that a try and let you know the results.

johnsonru · May 18, 2018, 5:04pm

I’m able to get Flowable-idm working on tomcat9 hosted “bare metal.”
When using the flowable-idm-app I am now getting these errors in the tomcat log:
org.flowable.engine.common.api.FlowableException: Query return 2 results instead of max 1
at org.flowable.engine.common.impl.AbstractQuery.executeSingleResult(AbstractQuery.java:165) ~[flowable-engine-common-6.3.0.jar:6.3.0]
at org.flowable.engine.common.impl.AbstractQuery.singleResult(AbstractQuery.java:106) ~[flowable-engine-common-6.3.0.jar:6.3.0]
at org.flowable.app.idm.service.GroupServiceImpl.getGroup(GroupServiceImpl.java:50) ~[flowable-ui-idm-logic-6.3.0.jar:6.3.0]

Which looks to be tied to this thread:
Clicking a specific group in flowable-idm does not return users

Topic		Replies	Views
Integrate LDAP with flowable Flowable Application	3	1361	October 25, 2017
Flowable-Ldap Integration Flowable Engine	3	1366	March 30, 2020
HTTP Error 500 Provided id is null, when accessing Flowable Applications Flowable Application	2	648	July 25, 2018
Flowable-idm module fails to start when providing LDAP configuration Flowable Engine	3	1015	October 15, 2018
Flowable all-in-one Docker image and LDAP Flowable Engine	10	2523	January 27, 2019

Getting LDAP integration to work with prebuilt 6.3.0 artifacts with docker

Related Topics