Hi,
Faced problem after upgrading to version 1.2.9 from 1.1.9 (also same problem with fresh installation 1.2.9 or 1.3.0)
We’re getting “Instances could not be fetched” error, also no user name showing in the right top corner. In the configuration we have set
camunda.operate.ldap.url
camunda.operate.ldap.domain
camunda.operate.ldap.baseDn
camunda.operate.ldap.userSearchFilter
and
- name: SPRING_PROFILES_ACTIVE
value: ldap-auth
Everything works if we disable LDAP and use demo/demo auth.
Hello @cukriniaisausainiai ,
Thank you for the message. In the screenshot, it looks like you were able to login. Also I can see that process definitions could be fetched.
Could you please give me the log messages, maybe there is a hint what is going wrong.
Thanks and best regards,
Ralf
There are no error messages in log, but when debug logging is enabled there are some 404 messages
2022-01-17 13:32:25.848 DEBUG 7 --- [nio-8080-exec-2] o.s.w.s.DispatcherServlet : Completed 200 OK
2022-01-17 13:32:25.848 DEBUG 7 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-01-17 13:32:25.948 DEBUG 7 --- [io-8080-exec-10] .w.s.m.a.ResponseStatusExceptionResolver : Resolved [io.camunda.operate.webapp.rest.exception.UserNotFoundException: Couldn't find user for CN=[MYUSER]
2022-01-17 13:32:25.949 DEBUG 7 --- [io-8080-exec-10] o.s.w.s.DispatcherServlet : Completed 404 NOT_FOUND
2022-01-17 13:32:25.949 DEBUG 7 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-01-17 13:32:25.950 DEBUG 7 --- [io-8080-exec-10] o.s.s.w.FilterChainProxy : Securing POST /error
2022-01-17 13:32:25.950 DEBUG 7 --- [io-8080-exec-10] o.s.s.w.FilterChainProxy : Secured POST /error
2022-01-17 13:32:25.950 DEBUG 7 --- [io-8080-exec-10] o.s.w.s.DispatcherServlet : "ERROR" dispatch for POST "/error", parameters={}
2022-01-17 13:32:25.950 DEBUG 7 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to io.camunda.operate.webapp.ForwardErrorController#handleError(HttpServletRequest, HttpServletResponse)
2022-01-17 13:32:25.951 DEBUG 7 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Selected '*/*' given [*/*]
2022-01-17 13:32:25.951 DEBUG 7 --- [io-8080-exec-10] o.s.w.s.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
2022-01-17 13:32:25.951 DEBUG 7 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-01-17 13:32:28.060 DEBUG 7 --- [/O dispatcher 2] o.a.h.wire : http-outgoing-5 << "{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index [zeebe-record-variable-document]","resource.type":"index_or_alias","resource.id":"zeebe-record-variable-document","index_uuid":"_na_","index":"zeebe-record-variable-document"}],"type":"index_not_found_exception","reason":"no such index [zeebe-record-variable-document]","resource.type":"index_or_alias","resource.id":"zeebe-record-variable-document","index_uuid":"_na_","index":"zeebe-record-variable-document"},"status":404}"
2022-01-17 13:32:28.060 DEBUG 7 --- [/O dispatcher 2] o.a.h.headers : http-outgoing-5 << HTTP/1.1 404 Not Found
Hello @cukriniaisausainiai ,
I see in the logs that the ldap lookup fails:
Can you check whether the configuration is correct?
Did you use the same configuration in previous versions, where Operate worked?
I’m using same configuration which was working on 1.1.9 and I can login to operate, not sure why this error is there.
Thanks, I’ll investigate the changes between 1.1.9 and 1.2.x / 1.3.x to get a hint of what could be the issue.
Hello @cukriniaisausainiai ,
I couldn’t find any major changes between the versions. I’m afraid I can’t help for now, so I need more information.
Can you give me your configuration (except the sensitive parts)?
Here is how we test it:
First, we start an LDAP test server via docker:
[...]
ldap-test-server:
container_name: ldap-test-server
image: rroemhild/test-openldap
ports:
- 10389:10389
restart: always
[...]
Then start Operate with this LDAP configuration:
camunda.operate.ldap.url=ldap://localhost:10389/
camunda.operate.ldap.baseDn=dc=planetexpress,dc=com
camunda.operate.ldap.managerDn=cn=admin,dc=planetexpress,dc=com
camunda.operate.ldap.managerPassword=GoodNewsEveryone
camunda.operate.ldap.userSearchFilter=uid={0}
Now you can log in as fry/fry for example.
Maybe this helps.
Regards
FYI, I’m going to try another LDAP test server to reproduce your issue.
Hello @cukriniaisausainiai ,
I couldn’t reproduce the error in our tests. But, I think I found the cause for the issue you experienced. Before Operate version 1.3.0 a failing LDAP lookup for an LDAP user resulted in a warn log message. From 1.3.0 on it will be handled as an UserNotFoundException. That is the reason you can log in, but process instances would not be shown.
Unfortunately, there are too many LDAP requests, which are not necessary.
We are working right now on a fix.
Do you have log messages from Operate 1.1.x? Maybe there we can see the warn messages I mentioned above.
Kind regards
Thank you for your answer. I tested 1.1.10 again, and yes, I can login and see intances but there is WARN message in logs.
2022-01-24 11:28:12.670 DEBUG 8 --- [nio-8080-exec-5] o.s.l.c.s.AbstractContextSource : Got Ldap context on server 'ldaps://[ldapserver]'
2022-01-24 11:28:12.776 WARN 8 --- [nio-8080-exec-5] i.c.o.w.s.l.LDAPUserService : Exception occurred when loading current user data: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839 ]; remaining name 'CN=[MY_CN]'
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839 ]; remaining name 'CN=[MY_CN]'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:870) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
at io.camunda.operate.webapp.security.ldap.LDAPUserService.getCurrentUser(LDAPUserService.java:47) [classes!/:?]
at io.camunda.operate.webapp.rest.AuthenticationRestService.getCurrentAuthentication(AuthenticationRestService.java:31) [classes!/:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.3.13.jar!/:5.3.13]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) [spring-webmvc-5.3.13.jar!/:5.3.13]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) [tomcat-embed-core-9.0.48.jar!/:4.0.1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.3.13.jar!/:5.3.13]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) [tomcat-embed-core-9.0.48.jar!/:4.0.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-embed-websocket-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at io.camunda.operate.webapp.security.CSRFProtectable$1.doFilterInternal(CSRFProtectable.java:51) [classes!/:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) [spring-security-web-5.5.1.jar!/:5.5.1]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.3.13.jar!/:5.3.13]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) [spring-boot-actuator-2.5.2.jar!/:2.5.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.3.13.jar!/:5.3.13]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.13.jar!/:5.3.13]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723) [tomcat-embed-core-9.0.48.jar!/:?]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.48.jar!/:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.48.jar!/:?]
at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) ~[?:?]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[?:?]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[?:?]
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source) ~[?:?]
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
at org.springframework.ldap.core.LdapTemplate$12.executeWithContext(LdapTemplate.java:872) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817) ~[spring-ldap-core-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
... 103 more
Hello @cukriniaisausainiai ,
Thanks for the log messages. They confirm my assumption about the connection errors.
We currently working on a fix and will provide patch releases for Operate 1.2 and Operate 1.3 next week (01/31/2022 - 02/04/2022).
Regards,
Hello @cukriniaisausainiai
In case your issue isn’t solved yet with the new version of Operate. We could reproduce the issue on an Active Directory server and have solved it by using the configuration:
CAMUNDA_OPERATE_LDAP_BASEDN=dc=dev,dc=camunda-it,dc=rocks
CAMUNDA_OPERATE_LDAP_URL=ldaps://ldap.dev.camunda-it.rocks/
CAMUNDA_OPERATE_LDAP_MANAGERDN=CN=Älice Wönderläß,OU=AADDCUsers,DC=dev,DC=camunda-it,DC=rocks
CAMUNDA_OPERATE_LDAP_MANAGERPASSWORD=<PASSWORD>
CAMUNDA_OPERATE_LDAP_USERSEARCHFILTER=
CAMUNDA_OPERATE_LDAP_DOMAIN=dev.camunda-it.rocks
CAMUNDA_OPERATE_LDAP_USERIDATTRNAME=userPrincipalName
Note: userSearchFilter is empty, but AD default implementation would get (&(objectClass=user)(userPrincipalName={0}))
Can you double-check your managerDn and credentials? Also, please, make sure to set domain param.
Best regards,