In a previous post I wrote about how to build Flowable ('build from source') and then create a Docker image.

In this post, we'll configure Flowable to use OpenLDAP.

OpenLDAP

Getting Started

The easiest way to get started with OpenLDAP is to use a Docker image, for example:

docker run --name openldap \
  -p 10389:389 -p 10636:636 \
  -v ~/workspace/Robinyo/serendipity:/serendipity \
  --env LDAP_ORGANISATION="flowable" \
  --env LDAP_DOMAIN="flowable.org" \
  --env LDAP_ADMIN_PASSWORD="secret" \
  osixia/openldap:1.2.3

When you run the image it will create the organisation (flowable), create the domain (flowable.org) and set the LDAP administrator's password (secret).

Let's check and see:

docker exec openldap ldapsearch -x -H ldap://localhost -b dc=flowable,dc=org -D "cn=admin,dc=flowable,dc=org" -w secret

You should see ouput like:

# extended LDIF
#
# LDAPv3
# base <dc=flowable,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# flowable.org
dn: dc=flowable,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: flowable
dc: flowable

# admin, flowable.org
dn: cn=admin,dc=flowable,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9QXhWK0MvL1JEK2xsU1g2dG1CemRybGFwRW9OdzVwbTI=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Flowable.ldif

I created an ldif (LDAP Data Interchange Format) file with two containers (users and groups) and one user (flowable):

# Users root

dn: ou=users, dc=flowable,dc=org
ou: users
description: All users in the organisation
objectclass: organizationalUnit
objectClass: extensibleObject
objectClass: top

# Groups root

dn: ou=groups, dc=flowable,dc=org
ou: groups
description: All groups in the organisation
objectclass: organizationalUnit
objectClass: extensibleObject
objectClass: top

# Actual users

dn: cn=Flowable, ou=users,dc=flowable,dc=org
objectclass: inetOrgPerson
cn: Flowable
sn: Administrator
uid: flowable
userPassword:: test

Then I used ldapadd to update OpenLDAP:

docker exec openldap ldapadd \
  -x -H ldap://localhost \
  -D "cn=admin,dc=flowable,dc=org" \
  -w secret \
  -f ./serendipity/flowable/flowable.ldif

If we search the directory again:

docker exec openldap ldapsearch -x -H ldap://localhost -b dc=flowable,dc=org -D "cn=admin,dc=flowable,dc=org" -w secret

You should see ouput like:

# extended LDIF
#
# LDAPv3
# base <dc=flowable,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# flowable.org
dn: dc=flowable,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: flowable
dc: flowable

# admin, flowable.org
dn: cn=admin,dc=flowable,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9TFFqN05uYzcydWVpcUREUHdxQ0xoMlNwRHB5V2FzaDY=

# users, flowable.org
dn: ou=users,dc=flowable,dc=org
ou: users
description: All users in the organisation
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top

# groups, flowable.org
dn: ou=groups,dc=flowable,dc=org
ou: groups
description: All groups in the organisation
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top

# Flowable, users, flowable.org
dn: cn=Flowable,ou=users,dc=flowable,dc=org
objectClass: inetOrgPerson
cn: Flowable
sn: Administrator
uid: flowable
userPassword:: dGVzdA==

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

You can also use an LDAP Browser to manage your directory:

ldap-browser

Network settings:

Authentication settings:

Flowable

Build Flowable (6.5.0)

Clone Flowable's GitHub repository:

git clone -b master https://github.com/flowable/flowable-engine.git

Now follow the steps in my previous post to build Flowable and create a flowable/all-in-one (SNAPSHOT) image.

Configuration Properties

We can use an environment file to pass properties to the Docker container:

#
# LDAP
#

FLOWABLE_IDM_LDAP_ENABLED=true
FLOWABLE_IDM_LDAP_SERVER=ldap://host.docker.internal
FLOWABLE_IDM_LDAP_PORT=10389
FLOWABLE_IDM_LDAP_USER=cn=admin,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_PASSWORD=secret
FLOWABLE_IDM_LDAP_BASE_DN=dc=flowable,dc=org
FLOWABLE_IDM_LDAP_USER_BASE_DN=ou=users,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_GROUP_BASE_DN=ou=groups,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_QUERY_USER_BY_ID=(&(objectClass=inetOrgPerson)(uid={0}))
FLOWABLE_IDM_LDAP_QUERY_USER_BY_FULL_NAME_LIKE=(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))
FLOWABLE_IDM_LDAP_QUERY_ALL_USERS=(objectClass=inetOrgPerson)
FLOWABLE_IDM_LDAP_QUERY_GROUPS_FOR_USER=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
FLOWABLE_IDM_LDAP_QUERY_ALL_GROUPS=(objectClass=groupOfUniqueNames)
FLOWABLE_IDM_LDAP_QUERY_GROUP_BY_ID=(&(objectClass=groupOfUniqueNames)(uniqueId={0}))
FLOWABLE_IDM_LDAP_ATTRIBUTE_USER_ID=uid
FLOWABLE_IDM_LDAP_ATTRIBUTE_FIRST_NAME=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_LAST_NAME=sn
FLOWABLE_IDM_LDAP_ATTRIBUTE_EMAIL=mail
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_ID=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_NAME=cn
FLOWABLE_IDM_LDAP_CACHE_GROUP_SIZE=10000
FLOWABLE_IDM_LDAP_CACHE_GROUP_EXPIRATION=180000

#
# DEFAULT ADMINISTRATOR ACCOUNTS
#

FLOWABLE_IDM_APP_ADMIN_USER_ID=flowable
FLOWABLE_IDM_APP_ADMIN_PASSWORD=test
FLOWABLE_IDM_APP_ADMIN_FIRST_NAME=Flowable
FLOWABLE_IDM_APP_ADMIN_LAST_NAME=Administrator
FLOWABLE_IDM_APP_ADMIN_EMAIL=admin@flowable.org

FLOWABLE_COMMON_APP_IDM_ADMIN_USER=flowable
FLOWABLE_COMMON_APP_IDM_ADMIN_PASSWORD=test

Note: I'm using Docker Desktop for Mac hence the need to use the special DNS name: host.docker.internal

Launch Flowable

To launch the flowable/all-in-one (SNAPSHOT) image:

docker run -p 8080:8080 \
  --env-file ldap-env.txt \
  flowable/all-in-one:6.5.0-SNAPSHOT

Navigate to http://localhost:8080/flowable-task and sign in using the default user id: flowable and password: test

You will then be redirected to the Flowable Task's dashboard:

dashboard

Note: You can use Chrome's Developer Tools to check the request URL, headers and form data:

developer-tools

Source Code:
References: