Hi,
I’m using LDAP plugin (7.9.0) to authorize Camunda users in Active Directory.
Everything was fine until I’m tried to implement the task listener (on create event) for getting candidate users e-mails. When it trying to call:
List<User> userList = identityService.createUserQuery().memberOfGroup(groupID).list();
I’m getting an error:
There was an exception while invoking the TaskListener. Message: 'Exception while invoking TaskListener: Could not query for users'
Exception stack trace:
12-Dec-2018 22:14:12.911 SEVERE [http-nio-8080-exec-5] org.camunda.commons.logging.BaseLogger.logError ENGINE-16004 Exception while closing command context: ENGINE-
03051 There was an exception while invoking the TaskListener. Message: 'Exception while invoking TaskListener: Could not query for users'
org.camunda.bpm.engine.ProcessEngineException: ENGINE-03051 There was an exception while invoking the TaskListener. Message: 'Exception while invoking TaskListener
: Could not query for users' at org.camunda.bpm.engine.impl.db.EnginePersistenceLogger.invokeTaskListenerException(EnginePersistenceLogger.java:446)
<…>
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310021B, problem 2001 (NO_OBJECT), data 0, best match of:
''
.]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3179)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.camunda.bpm.identity.impl.ldap.LdapIdentityProviderSession.findUsersByGroupId(LdapIdentityProviderSession.java:180)
... 143 more
What’s the cause of the error? As I mentioned above, LDAP plugin works fine. Authorization is OK. I can see groups and group members in Admin app.
Plugin properties:
<plugin>
<class>org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin</class>
<properties>
<property name="serverUrl">ldap://10.0.7.200:389/</property>
<property name="acceptUntrustedCertificates">true</property>
<property name="managerDn">cn=robot,cn=Users,dc=std</property>
<property name="managerPassword">*</property>
<property name="baseDn">dc=std </property>
<property name="userSearchBase">ou=MOS</property>
<property name="userSearchFilter">(&(objectCategory=user)(objectClass=user))</property>
<property name="userIdAttribute">sAMAccountName</property>
<property name="userFirstnameAttribute">givenName</property>
<property name="userLastnameAttribute">sn</property>
<property name="userEmailAttribute">mail</property>
<property name="userPasswordAttribute">userPassword</property>
<property name="groupSearchBase">ou=Camunda</property>
<property name="groupSearchFilter">(objectClass=group)</property>
<property name="groupIdAttribute">cn</property>
<property name="groupNameAttribute">name</property>
<property name="groupMemberAttribute">member</property>
<property name="sortControlSupported">false</property>
<property name="usePosixGroups">false</property>
</properties>
</plugin>