LDAP authentication malfunctioning with valid credentials

Hey, sorry, I didn’t notice your messages.

Make sure you have “flowLdap” user in the actual LDAP instance. Also make sure other entries in that list are equal to the configuration from the LDAP user. Everything must match. If the problem persists, I will pass you the complete configuration with AD.

@fiki574

Thanks for response. I already tried that and problem still exist. This will be helpful if you provide complete configuration with LDAP.

Okay so, this is part of my docker-compose.yml in charge of the Flowable All in One image and LDAP stuff. This works perfectly. However, I’m unable to give you any specific LDAP/AD info as I don’t administrate it nor have direct access to it. That part you have to preconfigure yourself.

container_name: flowable-bpm
image: flowable/all-in-one:latest
restart: unless-stopped
environment:
  FLOWABLE_CONTENT_STORAGE_ROOT-FOLDER: /data
  FLOWABLE_COMMON_APP_IDM-REDIRECT-URL: http://flowable.int.domain.net/flowable-idm
  FLOWABLE_COMMON_APP_IDM-URL: http://flowable.int.domain.net/flowable-idm
  SPRING_DATASOURCE_DRIVER-CLASS-NAME: org.postgresql.Driver
  SPRING_DATASOURCE_URL: jdbc:postgresql://flowable-postgres:5432/flowable
  SPRING_DATASOURCE_USERNAME: flowable
  SPRING_DATASOURCE_PASSWORD: flowable
  FLOWABLE_IDM_LDAP_ENABLED: "true"
  FLOWABLE_IDM_LDAP_SERVER: ldap://192.168.0.1
  FLOWABLE_IDM_LDAP_PORT: 389
  FLOWABLE_IDM_LDAP_USER: cn=${LDAPUSER},ou=APP,dc=int,dc=company,dc=net
  FLOWABLE_IDM_LDAP_PASSWORD: ${LDAPPASS}
  FLOWABLE_IDM_LDAP_BASE_DN: dc=int,dc=company,dc=net
  FLOWABLE_IDM_LDAP_USER_BASE_DN: ou=company,dc=int,dc=company,dc=net
  FLOWABLE_IDM_LDAP_GROUP_BASE_DN: cn=Users,dc=int,dc=company,dc=net
  FLOWABLE_IDM_LDAP_QUERY_USER_BY_ID: (&(objectClass=user)(sAMAccountName={0}))
  FLOWABLE_IDM_LDAP_QUERY_ALL_USERS: (objectClass=user)
  FLOWABLE_IDM_LDAP_QUERY_USER_BY_FULL_NAME_LIKE: (&(objectClass=user)(|({0}=*{1}*)({2}=*{3}*)))
  FLOWABLE_IDM_LDAP_QUERY_GROUPS_FOR_USER: (&(objectClass=group)(member={0}))
  FLOWABLE_IDM_LDAP_QUERY_ALL_GROUPS: (objectClass=group)
  FLOWABLE_IDM_LDAP_QUERY_GROUP_BY_ID: (&(objectClass=group)(cn={0}))
  FLOWABLE_IDM_LDAP_ATTRIBUTE_USER_ID: sAMAccountName
  FLOWABLE_IDM_LDAP_ATTRIBUTE_FIRST_NAME: givenName
  FLOWABLE_IDM_LDAP_ATTRIBUTE_LAST_NAME: sn
  FLOWABLE_IDM_LDAP_ATTRIBUTE_EMAIL: mail
  FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_ID: cn
  FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_NAME: cn
  FLOWABLE_IDM_LDAP_CACHE_GROUP_SIZE: 10000
  FLOWABLE_IDM_LDAP_CACHE_GROUP_EXPIRATION: 180000
  FLOWABLE_IDM_APP_ADMIN_USER_ID: svgbf01
  FLOWABLE_IDM_APP_ADMIN_PASSWORD: ${REDACTED}
  FLOWABLE_IDM_APP_ADMIN_FIRST_NAME: Bruno
  FLOWABLE_IDM_APP_ADMIN_LAST_NAME: Fištrek
  FLOWABLE_IDM_APP_ADMIN_EMAIL: bruno.fistrek@company.hr
  FLOWABLE_COMMON_APP_IDM_ADMIN_USER: svgbf01
  FLOWABLE_COMMON_APP_IDM_ADMIN_PASSWORD: ${REDACTED}

Thanks @fiki574. member attribute not define. Can you please tell me that what is member?

Is this sAMAccountName or cn?

Sorry for late response.

It should literally be “member” in the configuration. You have to check your AD/LDAP instance to find some of this info out.