Securing Camunda webapps and REST API via LDAP users .
This is based on Camunda 7.20 and Springboot 3.1.x
- Java 17
- Docker
- Docker Compose
Clone the repo and running below command will build and start both camunda containers and openldap. Also set en variables for openldap
docker compose --profile openldap --profile buildcamunda up -d
This will build and start both camunda containers and AD. Also set en variables for Active directory
docker compose --profile activedirectory up -d
Open your favorite browser and open the below URL to test
credentials are
usename:camunda
Password: camunda123!
I am using following springboot plugin introduced in version 3.1 to start the openldap docker container
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#features.docker-compose
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-docker-compose</artifactId>
</dependency>I have set default profile as openldap in application.yml. It will only start openldap container
spring:
docker:
compose:
enabled: true # Set false for production environments where you have LDAP already running
profiles:
active: "openldap" # Set default profileI am using springboot relaxed binding for overriding the configs from application.yml on runtime via springboot relaxed binding.
Springboot OS Environment Variable Relaxed Binding
SpringBoot Externalized Config
example :
ldap.server.uri: ldap://localhost:1389 is overriden by OS env variable
LDAP_SERVER_URI: "ldap://openldap:1389"