We are trying to enable LDAP using ActiveDirectory. We are successfully authenticating to the LDAP server and the token is being written to the database.
After returning the flowable app, we are immediately redirected to the login screen again and unable to proceed.
We were able to debug the code and found the class FlowableCookieFilter is failing to lookup the cookie due to the cache being out of sync.
Line 172: RemoteToken token = tokenCache.get(tokens[0]);
This throws the error
com.google.common.util.concurrent.UncheckedExecutionException: org.flowable.engine.common.api.FlowableException: token not found gr73S+nMWzS2wdg7cazrnQ==
The next line null’s out the token and the code returns to the function doFilterInternal which checks for the null token and redirects.
I checked the DB and the record is there.
The same code executes when DB authentication is set and works correctly. I am not clear why it doesn’t work when it is set to LDAP authentication. Any help to resolve this would be appreciated.
ldap.enabled=true
ldap.server=ldap://
ldap.port=389
ldap.user=CN=flowable,OU=New York Users,OU=Users,OU=MyBusiness,DC=company,DC=com
ldap.password=
ldap.basedn=OU=MyBusiness,DC=company,DC=com
ldap.query.userbyid=(&(objectClass=user)(sAMAccountName={0}))
ldap.query.userbyname=(&(objectClass=user)(|({0}={1})({2}={3})))
ldap.query.userall=(objectClass=user)
ldap.query.groupsforuser=(&(objectClass=group)(member={0}))
ldap.query.groupall=(objectClass=group)
ldap.attribute.userid=sAMAccountName
ldap.attribute.firstname=cn
ldap.attribute.lastname=sn
ldap.attribute.email=mail
ldap.attribute.groupid=cn
ldap.attribute.groupname=cn
ldap.cache.groupsize=10000
ldap.cache.groupexpiration=180000