LDAP Group by identifier query

sweetjonnie · May 8, 2019, 11:19pm

i am new to Flowable and LDAP. apologies in advance.

i have observed the following query within flowable-default.properties:
flowable.idm.ldap.query.group-by-id=(&(objectClass=groupOfUniqueNames)(uniqueId={0}))

my understanding is that this implies the existence of a uniqueId attribute within an entry of type groupOfUniqueNames. i have searched online for some time but i am unable to find any mention of uniqueId within groupOfUniqueNames or extensibleObject. how does this work?

Sincerely,
jonnie savell

Robinyo · May 9, 2019, 5:30am

The filter searches for entries in the groupOfUniqueNames object class that contain a particular group as a member.

(&(objectClass=groupOfUniqueNames)(uniqueId={0}))

When the match occurs, the {0} placeholder is replaced by the member id.

Ref: Setting LDAP parameters for Oracle LDAP Server

sweetjonnie · May 9, 2019, 5:56pm

Rob,

apologies for the ambiguity in my question. let me try again.

context: the query shown implies the existence of the uniqueId attribute within the entry of type groupOfUniqueNames. i have tried OpenDJ and openldap and neither implementation (as evidenced by the new entry window within Apache Directory Studio) offers the uniqueId attribute.

my question is this: when you inspect your groups (either through exported LDIF or Apache Directory Studio), do you see the uniqueId attribute within any of your groupOfUniqueNames entries?

one observation: i can now click on a group and inspect its members after making the following change:
flowable.idm.ldap.query.group-by-id=(&(objectClass=groupOfUniqueNames)(cn={0}))

Sincerely,
jonnie savell

Robinyo · May 10, 2019, 1:01am

...

flowable.idm.ldap.query.group-by-id=(&(objectClass=groupOfUniqueNames)(uniqueId={0}))

...

In the LDAP chapter in the Flowable docs it states:

In this example configuration the server configuration + LDAP queries for the Apache Directory Server are provided. For other LDAP servers, like Active Directory, other configuration values are needed.

I also found the following users.ldif:

# Based on the example LDIF file at http://krams915.blogspot.be/2011/01/spring-security-mvc-using-embedded-ldap.html

# Root

dn: o=flowable
objectClass: organization
objectClass: extensibleObject
objectClass: top
o: flowable

# Users root

dn: ou=users,o=flowable
objectClass: extensibleObject
objectClass: organizationalUnit
objectClass: top
ou: users

# Groups root

dn: ou=groups,o=flowable
objectClass: extensibleObject
objectClass: organizationalUnit
objectClass: top
ou: groups

# Actual groups

dn: cn=User,ou=groups,o=flowable
objectClass: groupOfUniqueNames
objectClass: top
cn: User
uid: user
uniqueMember: uid=kermit, ou=users,o=flowable
uniqueMember: uid=pepe, ou=users,o=flowable
uniqueMember: uid=gonzo, ou=users,o=flowable
uniqueMember: uid=fozzie, ou=users,o=flowable
uniqueMember: cn=Dr\, Bunsen,ou=users,o=flowable

dn: cn=Admin,ou=groups,o=flowable
objectClass: groupOfUniqueNames
objectClass: top
cn: Admin
uid: admin
uniqueMember: uid=kermit, ou=users,o=flowable
uniqueMember: uid=fozzie, ou=users,o=flowable

dn: cn=Sales,ou=groups,o=flowable
objectClass: groupOfUniqueNames
objectClass: top
cn: Sales
uid: sales
uniqueMember: uid=pepe, ou=users,o=flowable
uniqueMember: uid=gonzo, ou=users,o=flowable
uniqueMember: cn=Dr\, Bunsen,ou=users,o=flowable

# Actual users

dn: uid=admin,ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: admin
sn: admin
uid: admin
userPassword:: cGFzcw==

dn: uid=pepe, ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Pepe
sn: The King Prawn
uid: pepe
userPassword:: cGFzcw==

dn: uid=fozzie,ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Fozzie
sn: Bear
uid: fozzie
userPassword:: cGFzcw==

dn: uid=kermit,ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Kermit
sn: The Frog
uid: kermit
userPassword:: cGFzcw==

dn: uid=gonzo,ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Gonzo
sn: The Great
uid: gonzo
userPassword:: cGFzcw==

dn: cn=Dr\, Bunsen,ou=users,o=flowable
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Dr\, Bunsen
sn: Honeydew
uid: bunsen
userPassword:: cGFzcw==

Topic		Replies	Views
Clicking a specific group in flowable-idm does not return users Flowable Application	22	4104	December 17, 2021
Integration with Microsoft Active Directory Flowable Engine	46	8517	May 16, 2022
LDAP/Flowable integration throws 401 Flowable Engine	3	1705	February 7, 2018
Flowable and LDAP configuration Flowable Engine	0	882	November 9, 2020
OpenLDAP Integration - Issues with IDM & user management Flowable Engine	1	601	December 13, 2019

LDAP Group by identifier query

Related topics