Help

Authentication Failure after LDAP Configuration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
srikanth94
Active Member
‎12 Jan 2021 5:21 PM

Authentication Failure after LDAP Configuration

Hi All,

How are you. Hope you are doing good and safe.

We have configured required properties in activity-ldap.properties file to integrate LDAP with APS as suggested in the alfresco portal. After LDAP configuration, we are unable to login activity-app with default admin credential (admin@app.activiti.com). Also, we are getting below error message in the log.

"ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app"

Valid License is applied and it is valid until 31st of Jan’21. We were able to integrate LDAP with ACS without any issues.

I have attached the activity-ldap.properties file for ref. Kindly advise, if I am missing any configuration. Your input would be a great help for us to proceed further.

Env Detail:

APS 1.11, ACS 6.2.2

Error Log:

01:40:27 [pool-4-thread-2] INFO  com.activiti.service.license.LicenseService  - Note! License is about to expire in the near future 20210131
01:40:49 [pool-5-thread-1] ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app
01:46:50 [pool-5-thread-1] ERROR com.activiti.service.ActivitiEndpointLicenseService  - Unexpected license response (401) from Activiti endpoint: Activiti app
org.springframework.boot.web.support.ErrorPageFilter  - Forwarding to error page from request [/app/rest/activiti/groups] due to exception [An error occured while calling Activiti: HTTP/1.1 401 ]
com.activiti.service.activiti.exception.ActivitiServiceException: An error occured while calling Activiti: HTTP/1.1 401
        at com.activiti.service.activiti.ActivitiClientService.executeRequest(ActivitiClientService.java:169)
        at com.activiti.service.activiti.ActivitiClientService.executeRequest(ActivitiClientService.java:131)
        at com.activiti.service.activiti.AppVersionClientService.getEndpointType(AppVersionClientService.java:35)
        at com.activiti.service.activiti.AppVersionClientService.getEndpointTypeUsingEncryptedPassword(AppVersionClientService.java:26)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:104)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:64)
        at com.activiti.web.rest.client.AbstractClientResource.retrieveServerConfig(AbstractClientResource.java:56)
        at com.activiti.web.rest.client.GroupsClientResource.getGroups(GroupsClientResource.java:36)
        at com.activiti.web.rest.client.GroupsClientResource$$FastClassBySpringCGLIB$$63832a72.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)

 

LDAP Configurations in activiti-ldap.properties

ldap.authentication.enabled=true
ldap.synchronization.timestampFormat=yyyyMMddHHmmss

ldap.authentication.java.naming.provider.url=ldap://<Server>:389
ldap.authentication.userNameFormat=%s@Domain.com

ldap.allow.database.authenticaion.fallback=true
ldap.synchronization.java.naming.referral=follow

ldap.authentication.active-directory.enabled=true
ldap.authentication.active-directory.domain=Domain.com
ldap.authentication.active-directory.rootDn=DC=Domain,DC=com
ldap.authentication.active-directory.searchFilter=(&(objectClass\=user)(userPrincipalName={0}))


ldap.synchronization.userSearchBase=ou\=USERS,ou\=Global,dc\=Domain,dc\=com
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf\=ou\=USERS,ou\=US,ou\=Global,dc\=Domain,dc\=com)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)(userAccountControl:1.2.840.113556.1.4.803:=512)
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userType=user

#Group Config

ldap.synchronization.groupSearchBase=ou\=USERS,ou\=Global,dc\=Domain,dc\=com

ldap.synchronization.groupQuery=(objectclass\=group)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(memberOf\=ou\=USERS,ou\=Global,dc\=Domain,dc\=com)
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.groupType=group

0 Kudos
Alfresco Process Services Forum

Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.