Help appreciated with setting up LDAP

Flowable Engine
1

I built the war files and deployed them. I have no problems using admin/test to access idm/admin/modeler/task with no addition configuration.

I tried to connect to AD with LDAP but that failed completely so I tested LDAP with Apache Directory Server.

I can access idm without any problem. The idm shows that all users are members of all groups which is curious. My admin user should have access to all apps but when I try to access admin, modeler or task I am redirected to the idm login.

In catalina.out is says:
2019-06-24 15:22:38.324 WARN 2393 — [nio-8080-exec-2] o.f.l.LDAPConnectionUtil : Could not create InitialDirContext for LDAP connection: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=myuser,dc=example,dc=com]

My application.properties:

flowable.idm.ldap.enabled=true
flowable.idm.ldap.server=ldap://localhost
flowable.idm.ldap.port=10389
flowable.idm.ldap.user=uid=admin,ou=system
flowable.idm.ldap.password=secret
flowable.idm.ldap.base-dn=dc=example,dc=com
#flowable.idm.ldap.user-base-dn=ou=users,dc=example,dc=com
#flowable.idm.ldap.group-base-dn=ou=groups,dc=example,dc=com
flowable.idm.ldap.query.user-by-id=(&(objectClass=inetOrgPerson)(uid={0}))
flowable.idm.ldap.query.user-by-full-name-like=(&(objectClass=inetOrgPerson)(|({0}={1})({2}={3})))
flowable.idm.ldap.query.all-users=(objectClass=inetOrgPerson)
flowable.idm.ldap.query.groups-for-user=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
flowable.idm.ldap.query.all-groups=(objectClass=groupOfUniqueNames)
flowable.idm.ldap.query.group-by-id=(&(objectClass=groupOfUniqueNames)(cn={0}))
flowable.idm.ldap.attribute.user-id=uid
flowable.idm.ldap.attribute.first-name=cn
flowable.idm.ldap.attribute.last-name=sn
flowable.idm.ldap.attribute.email=mail
flowable.idm.ldap.attribute.group-id=cn
flowable.idm.ldap.attribute.group-name=cn
flowable.idm.ldap.cache.group-size=10000
flowable.idm.ldap.cache.group-expiration=180000

DEFAULT ADMINISTRATOR ACCOUNT

flowable.idm.app.admin.user-id=myuser
flowable.common.app.idm-admin.user=myuser

Help would be greatly appreciated.

2

Update:

I changed my configuration to connect to my AD and I am able to login to idm with my admin user. I can see all the users and all the groups. But for some reason all the users are members of all groups which is not the case in AD.

Here is a part of my configuration:
flowable.idm.ldap.query.user-by-id=(&(|(sAMAccountName={0})(distinguishedName={0}))(objectClass=user))
flowable.idm.ldap.query.user-by-full-name-like=(&(objectClass=user)(|({0}={1})({2}={3})))
flowable.idm.ldap.query.all-users=(objectClass=user)
flowable.idm.ldap.query.groups-for-user=(&(objectCategory=group)(member={0}))
flowable.idm.ldap.query.all-groups=(objectCategory=group)
flowable.idm.ldap.query.group-by-id=(&(objectCategory=group)(distinguishedName={0}))
flowable.idm.ldap.attribute.user-id=distinguishedName
flowable.idm.ldap.attribute.first-name=givenName
flowable.idm.ldap.attribute.last-name=sn
flowable.idm.ldap.attribute.email=mail
flowable.idm.ldap.attribute.group-id=distinguishedName
flowable.idm.ldap.attribute.group-name=cn

3

is this problem fixed?