How To: Flowable and LDAP

A tutorial style post about Flowable, LDAP and the flowable/all-in-one Docker image.

Thanks to @filiphr for helping me to get this working :slight_smile:

Nice tutorial @Robinyo, I have one small remark. You don’t need to add the application.properties file to the docker image. You can just pass the LDAP properties in the same way you are passing them now and it’ll work properly.

You of course need to pass:

flowable.idm.app.admin.user-id=flowable
flowable.idm.app.admin.password=test
flowable.idm.app.admin.first-name=Flowable
flowable.idm.app.admin.last-name=Administrator
flowable.idm.app.admin.email=admin@flowable.org

If you want to have them set.

Same for

flowable.common.app.idm-admin.user=flowable
flowable.common.app.idm-admin.password=test

Cheers,
Filip

Hi @filiphr

I guess its an old school thing, but I am so use to declaring ENVRONMENT_VARIABLES using CAPS and ‘_’ as a word separator. As bash and other Bourne-style shells don’t allow - (dash/hyphen) in variable names.

Ref: Why can’t environment variables with dashes be accessed in bash?

Cheers
Rob

Hey Rob,

What I am trying to say is that Spring Boot has support for Relaxed Binding. Which means that the property flowable.idm.app.admin.user-id can also be passed as an environment property named FLOWABLE_IDM_APP_ADMIN_USER_ID or FLOWABLE_IDM_APP_ADMIN_USERID.

This feature from Spring Boot is one of the big benefits in using it, as it allows you to easily define properties and then define them as you see fit in different ways.

Cheers,
Filip

Ahh :slight_smile:

Thanks, I’ll give it a try.

@filiphr

All good :smile:

I have updated the post about Flowable, LDAP and the flowable/all-in-one Docker image.

ldap-env.txt:

#
# LDAP
#

FLOWABLE_IDM_LDAP_ENABLED=true
FLOWABLE_IDM_LDAP_SERVER=ldap://host.docker.internal
FLOWABLE_IDM_LDAP_PORT=10389
FLOWABLE_IDM_LDAP_USER=cn=admin,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_PASSWORD=secret
FLOWABLE_IDM_LDAP_BASE_DN=dc=flowable,dc=org
FLOWABLE_IDM_LDAP_USER_BASE_DN=ou=users,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_GROUP_BASE_DN=ou=groups,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_QUERY_USER_BY_ID=(&(objectClass=inetOrgPerson)(uid={0}))
FLOWABLE_IDM_LDAP_QUERY_USER_BY_FULL_NAME_LIKE=(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))
FLOWABLE_IDM_LDAP_QUERY_ALL_USERS=(objectClass=inetOrgPerson)
FLOWABLE_IDM_LDAP_QUERY_GROUPS_FOR_USER=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
FLOWABLE_IDM_LDAP_QUERY_ALL_GROUPS=(objectClass=groupOfUniqueNames)
FLOWABLE_IDM_LDAP_QUERY_GROUP_BY_ID=(&(objectClass=groupOfUniqueNames)(uniqueId={0}))
FLOWABLE_IDM_LDAP_ATTRIBUTE_USER_ID=uid
FLOWABLE_IDM_LDAP_ATTRIBUTE_FIRST_NAME=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_LAST_NAME=sn
FLOWABLE_IDM_LDAP_ATTRIBUTE_EMAIL=mail
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_ID=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_NAME=cn
FLOWABLE_IDM_LDAP_CACHE_GROUP_SIZE=10000
FLOWABLE_IDM_LDAP_CACHE_GROUP_EXPIRATION=180000

#
# DEFAULT ADMINISTRATOR ACCOUNTS
#

FLOWABLE_IDM_APP_ADMIN_USER_ID=flowable
FLOWABLE_IDM_APP_ADMIN_PASSWORD=test
FLOWABLE_IDM_APP_ADMIN_FIRST_NAME=Flowable
FLOWABLE_IDM_APP_ADMIN_LAST_NAME=Administrator
FLOWABLE_IDM_APP_ADMIN_EMAIL=admin@flowable.org

FLOWABLE_COMMON_APP_IDM_ADMIN_USER=flowable
FLOWABLE_COMMON_APP_IDM_ADMIN_PASSWORD=test

Hi Filip,

The docker-compose files in the flowable GitHub repo and the instructions on Docker Hub contain environment variable names with dashes in them. I don’t see how this can work, so I guess I am missing something. Any idea?

Example:

Required environment properties;
FLOWABLE_COMMON_APP_IDM-URL: full url of the IDM app; used for server to server communication

Hey @wasadigi,

Have you tried it out? Are the variables not picked up for you or do you have some other error?

Anyways, we are using Spring Boot for the properties. This means that the Spring Boot Relaxed Binding applies here as well. In short this means that you can also use FLOWABLE_COMMON_APP_IDMURL without the dash.

Cheers,
Filip

Hi Filip,

Thank you for your reply.

I understood why it’s working :-). The Dockerfile uses ENTRYPOINT, in its “exec” form (vs “shell” form).

That is what I usually use, but what I did not know is that in that case, the names and values of environment variables are passed directly to the process (not to a shell). So, in that case, it is ok to define an environment variable with a dash in its name (which is not possible in a linux shell).