AnsweredAssumed Answered

LDAP Authentication Issue

Question asked by sarkar92 on Feb 28, 2014
Latest reply on Mar 11, 2014 by sarkar92
I am using activiti 5.14.
Following is my activiti ldap integration configuration …


  <bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
                <property name="dataSource" ref="dataSource" />
                <property name="transactionManager" ref="transactionManager" />
                <property name="databaseSchemaUpdate" value="true" />
                <property name="mailServerHost" value="127.0.0.1" />
                <property name="mailServerPort" value="25" />
                <property name="jobExecutorActivate" value="false" />
                <property name="configurators">
                  <list>
              <bean class="org.activiti.ldap.LDAPConfigurator">

                <!– Server connection params –>
                <property name="server" value="ldaps://10.0.48.10" />
                <property name="port" value="636" />
                <property name="user" value="cn=admin,ou=services,o=system" />
                <property name="password" value="*******" />

                <!– Query params –>
                <property name="baseDn" value="" />
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(cn={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfNames)(member={0}))" />

                <!– Attribute config –>
                <property name="userIdAttribute" value="cn" />
                <property name="userFirstNameAttribute" value="givenName" />
                <property name="userLastNameAttribute" value="sn" />

                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />

              </bean>
          </list>
        </property>

        </bean>


The integration working fine .

But the issue is while existing ldap user try to login with their "cn" and without "password" user authenticated successfully, which is not good. This thing happen both rest and explorer.
if an existing user try to login with their correct "cn" and without password they are authenticated successfully.
Is it a bug of activiti 5.14 or am i missing some config parameter?

please let me know , its urgent as it is a big security issue.

Outcomes