Authentication Failure after LDAP Configuration

cancel
Showing results for 
Search instead for 
Did you mean: 
Active Member

Authentication Failure after LDAP Configuration

Hi All,

How are you. Hope you are doing good and safe.

We have configured required properties in activity-ldap.properties file to integrate LDAP with APS as suggested in the alfresco portal. After LDAP configuration, we are unable to login activity-app with default admin credential (admin@app.activiti.com). Also, we are getting below error message in the log.

"ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app"

Valid License is applied and it is valid until 31st of Jan’21. We were able to integrate LDAP with ACS without any issues.

I have attached the activity-ldap.properties file for ref. Kindly advise, if I am missing any configuration. Your input would be a great help for us to proceed further.

Env Detail:

APS 1.11, ACS 6.2.2

Error Log:

01:40:27 [pool-4-thread-2] INFO  com.activiti.service.license.LicenseService  - Note! License is about to expire in the near future 20210131
01:40:49 [pool-5-thread-1] ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app
01:46:50 [pool-5-thread-1] ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app
org.springframework.boot.web.support.ErrorPageFilter  - Forwarding to error page from request [/app/rest/activiti/groups] due to exception [An error occured while calling Activiti: HTTP/1.1 401 ]
com.activiti.service.activiti.exception.ActivitiServiceException: An error occured while calling Activiti: HTTP/1.1 401
        at com.activiti.service.activiti.ActivitiClientService.executeRequest(ActivitiClientService.java:169)
        at com.activiti.service.activiti.ActivitiClientService.executeRequest(ActivitiClientService.java:131)
        at com.activiti.service.activiti.AppVersionClientService.getEndpointType(AppVersionClientService.java:35)
        at com.activiti.service.activiti.AppVersionClientService.getEndpointTypeUsingEncryptedPassword(AppVersionClientService.java:26)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:104)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:64)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:56)
        at com.activiti.web.rest.client.GroupsClientResource.getGroups(GroupsClientResource.java:36)
        at com.activiti.web.rest.client.GroupsClientResource$$FastClassBySpringCGLIB$$63832a72.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)

 

LDAP Configurations in activiti-ldap.properties

ldap.authentication.enabled=true
ldap.synchronization.timestampFormat=yyyyMMddHHmmss

ldap.authentication.java.naming.provider.url=ldap://<Server>:389
ldap.authentication.userNameFormat=%s@Domain.com

ldap.allow.database.authenticaion.fallback=true
ldap.synchronization.java.naming.referral=follow

ldap.authentication.active-directory.enabled=true
ldap.authentication.active-directory.domain=Domain.com
ldap.authentication.active-directory.rootDn=DC=Domain,DC=com
ldap.authentication.active-directory.searchFilter=(&(objectClass\=user)(userPrincipalName={0}))


ldap.synchronization.userSearchBase=ou\=USERS,ou\=Global,dc\=Domain,dc\=com
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf\=ou\=USERS,ou\=US,ou\=Global,dc\=Domain,dc\=com)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)(userAccountControl:1.2.840.113556.1.4.803:=512)
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userType=user

#Group Config

ldap.synchronization.groupSearchBase=ou\=USERS,ou\=Global,dc\=Domain,dc\=com

ldap.synchronization.groupQuery=(objectclass\=group)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.groupType=group