LDAP Authentication Problem

Hello camunda team,
I am very newbie on camunda.
I have configured already installed JBoss EAP 7.1 and camunda. Everythng works fine and server start finished successfully. I see that all applications (rest-engine, examples, webapp) is deployed successfully.
Now I want to configure our Exchange for authenticating users (LDAP Configuration).

My LDAP Config :

org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin ldap://111.222.33.44:123/ true uid=adminUser,ou=COMPANY STRUCTURE,dc=ourcomp,dc=ge adminPassword
<property name="baseDn">ou=COMPANY STRUCTURE,dc=ourcomp,dc=ge</property>

<property name="userSearchBase"></property>
<property name="userSearchFilter">(&amp;(objectCategory=user)(objectClass=user))</property>

<property name="userIdAttribute">sAMAccountName</property>
<property name="userFirstnameAttribute">givenName</property>
<property name="userLastnameAttribute">sn</property>
<property name="userEmailAttribute">mail</property>
<property name="userPasswordAttribute">userpassword</property>

<property name="groupSearchBase">ou=groups</property>
<property name="groupSearchFilter">(objectCategory=group)</property>
<property name="groupIdAttribute">distinguishedName</property>
<property name="groupNameAttribute">sAMAccountName</property>

<property name="groupMemberAttribute">member</property>
<property name="sortControlSupported">false</property>
org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin name.surname

when I tried to enter user credentials int admin application I got an error :

21:45:32,465 ERROR [org.camunda.bpm.engine.context] (default task-23) ENGINE-16004 Exception while closing command context: Could not authenticate with LDAP server: org.camunda.bpm.identity.impl.ldap.LdapAuthenticationException: Could not authenticate with LDAP server

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]

this error means incorrect credentials , but I am absolutely sure that i have entered correct credentials.
I have forget 2 days for this problem :frowning: and cant resolve.

Any hint will be appreciated. I don’t know what is problem here. I have wrote simple java ldap client and it works fine. also I have configured multiple other platforms (like gitlab, jira) and all of them works perfectly.

Also I can’t find any doc how to change log level for camunda into jboss configuration file.

Thanks in advance.
Paata.

I have make 1 step forward:
I look inside camunda source code and found that the problem is intpo managerDn property. Documentation says that property must be looks like :

uid=jonny,ou=office-berlin,o=camunda,c=org

but it works only this way :

madmin@camunda.org

after changing this property all server errors disappear , but now I got a client side error on screen :

Login Failed :
Wrong credentials or missing access rights to application

now i don’t have any idea why it is not working …
I don’t have any errors on server side …

Regards,
Paata.

Hi Paata,

Initially, the process engine database contains no authorization permissions, so your user is probably not authorized to access the web applications. Check for example https://docs.camunda.org/manual/7.9/user-guide/process-engine/authorization-service/#the-administrator-authorization-plugin for how to initially create administrator privileges.

Cheers,
Thorben

Hi Paata, I have same issue with MS Active Directoy Intergration with Tomcat 9.0.36. Did you fixed it already?
Or Is there anyone help me.

Thanks in Advance.

Cheers,
EMS IT