Hi Zholaman, we meet again.
I also have this issue with openldap.
I documented this in the following thread: Clicking a specific group in flowable-idm does not return users - #7 by joram.
Hi Sebastian,
Thank you for information!
Best regards,
Zholaman
would like to share my actual Deployment working with Active Directory. This post helped me a lot in configuring my flowable 6.4.0 setup:
ldap.enabled=true
ldap.server=ldap://<SRVDC>
ldap.port=389
ldap.user=<USER>
ldap.password=<PASSWD>
ldap.base-dn=<BASEDN>
ldap.user-base-dn=<SPECIFIC DN for USERS>
ldap.group-base-dn=<SPECIFIC DN for GROUPS>
ldap.query.user-by-id=(&(objectClass=user)(|(distinguishedName={0})(sAMAccountName={0})(mail={0})))
ldap.query.user-by-full-name-like=(&(objectClass=user)(|(givenName={1})(sn={3})(sAmAccountName={3})))
ldap.query.all-users=(objectclass=user)
ldap.query.groups-for-user=(&(objectCategory=group)(member={0}))
ldap.query.all-groups=(objectClass=group)
ldap.attribute.user-id=distinguishedName
ldap.attribute.first-name=givenName
ldap.attribute.last-name=sn
ldap.attribute.email=mail
ldap.attribute.group-id=sAMAccountName
ldap.attribute.group-name=cn
ldap.groupIdAttribute=sAMAccountName
ldap.groupNameAttribute=cn
ldap.groupCacheSize=10000
ldap.groupCacheExpirationTime=180000
I had a lot of trouble with the ldap.user-base-dn and ldap.group-base-dn as i always got a REFERRAL Error from the IDM service, so i had to change the Base DN to a specific OU where our users are stored and not use the BASE DN.
Had to change the user-id attribute to distinguishedName to get the group membership working.
With the actual setup a user can login by sAMAccountname and EMail.
Hope it helps someone.
3 Likes
Many thanks for the sharing the detail. Much appreciated.
Cheers
Paul.
Indeed, the code is not done for that.
I have implemented this logic locally, and it is working.
I increased maxPageSize from the server size on AD server and its working.