[jboss-user] [jBPM] - JBPM + LDAP - can login, but HumanTask error appears in the jboss log

aemdtuc do-not-reply at jboss.com
Thu May 23 11:25:10 EDT 2013 

aemdtuc [https://community.jboss.org/people/aemdtuc] created the discussion

"JBPM + LDAP - can login, but HumanTask error appears in the jboss log"

To view the discussion, visit: https://community.jboss.org/message/819124#819124

--------------------------------------------------------------
Hi.

I've setup the jbpm-installer to work with LDAP, and I could manage to authenticate and get the roles. I can perfectly walk through the jBPM-Console. But looking at JBoss log, I see an error that I think that comes from the Human Task.
Here is how I configured the LDAP:

Jboss standalone.xml
<authentication>
 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                <module-option name="bindDN" value="LDAP_USER_DN"/>
                <module-option name="bindCredential" value="LDAP_USER_PASSWD "/>
                 <module-option name="baseCtxDN" value=""/>
                <module-option name="baseFilter" value="(&amp;(objectClass=user)(userPrincipalName={0}))"/>
                <module-option name="rolesCtxDN" value=""/>
                 <module-option name="roleFilter" value="(&amp;(objectClass=group)(member:1.2.840.113556.1.4.1941:={1}))"/>
                <module-option name="roleAttributeID" value="cn"/>
                <module-option name="java.naming.provider.url" value="ldap://domain:port"/>
                <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                <module-option name="allowEmptyPasswords" value="true"/>
                <module-option name="throwValidateError" value="true"/>
 </login-module>
</authentication>




jbpm-gwt-console-server.war web.xml
<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/login_failed.html</form-error-page>
    </form-login-config>
  </login-config>

  <security-role>
    <role-name>Write</role-name>
  </security-role>
  <security-role>
    <role-name>Read</role-name>
</security-role>




jbpm-human-task-war.war jbpm.usergroup.callback.properties
ldap.bind.user=CN\=User,OU\=Users,OU\=Company Users,OU\=Company,DC\=company-1234,DC\=com
ldap.bind.pwd=Passwd
ldap.user.ctx=
ldap.role.ctx=
#ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(&(objectClass=user)(userPrincipalName\={0}))
ldap.role.filter=
ldap.user.roles.filter=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:\={0}))
#ldap.user.attr.id=
#ldap.roles.attr.id=
java.naming.provider.url=ldap://domain:port


jbpm-human-task-war.war web.xml
   <init-param>
     <param-name>user.group.callback.class</param-name>      <param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value>    </init-param>







The jbpm.usergroup.callback.properties is located under jbpm-human-task-war.war/WEB-INF/classes.

The error message is the following:
ERROR [stderr] (Thread-68) javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name ''
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at javax.naming.directory.InitialDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:128)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104)
ERROR [stderr] (Thread-68) at java.lang.Thread.run(Unknown Source)



As you can see in the error message, when trying to create the LDAP context, it doesn't bind a user and password. So when it tries to make the search it fails.
I'm not sure if it doesn't bind correctly because my properties file is wrong, or because the human task has a bug.
Any help I'll appreciate. 

Thanks.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/819124#819124]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130523/23ee6513/attachment.html

More information about the jboss-user mailing list