<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
JBPM + LDAP - can login, but HumanTask error appears in the jboss log
</h3>
<span style="margin-bottom: 10px;">
created by <a href="https://community.jboss.org/people/aemdtuc">aemdtuc</a> in <i>jBPM</i> - <a href="https://community.jboss.org/message/819124#819124">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Hi.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I've setup the jbpm-installer to work with LDAP, and I could manage to authenticate and get the roles. I can perfectly walk through the jBPM-Console. But looking at JBoss log, I see an error that I think that comes from the Human Task.</p><p>Here is how I configured the LDAP:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Jboss standalone.xml</p><pre class="jive-pre"><code class="jive-code"><authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                <module-option name="bindDN" value="LDAP_USER_DN"/>
                <module-option name="bindCredential" value="LDAP_USER_PASSWD "/>
                 <module-option name="baseCtxDN" value=""/>
                <module-option name="baseFilter" value="(&amp;(objectClass=user)(userPrincipalName={0}))"/>
                <module-option name="rolesCtxDN" value=""/>
                 <module-option name="roleFilter" value="(&amp;(objectClass=group)(member:1.2.840.113556.1.4.1941:={1}))"/>
                <module-option name="roleAttributeID" value="cn"/>
                <module-option name="java.naming.provider.url" value="ldap://domain:port"/>
                <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                <module-option name="allowEmptyPasswords" value="true"/>
                <module-option name="throwValidateError" value="true"/>
</login-module>
</authentication>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>jbpm-gwt-console-server.war web.xml</p><pre class="jive-pre"><code class="jive-code"><login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/login_failed.html</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <role-name>Write</role-name>
  </security-role>
  <security-role>
    <role-name>Read</role-name>
</security-role>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">jbpm-human-task-war.war </span>jbpm.usergroup.callback.properties</p><pre class="jive-pre"><code class="jive-code">ldap.bind.user=CN\=User,OU\=Users,OU\=Company Users,OU\=Company,DC\=company-1234,DC\=com
ldap.bind.pwd=Passwd
ldap.user.ctx=
ldap.role.ctx=
#ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(&(objectClass=user)(userPrincipalName\={0}))
ldap.role.filter=
ldap.user.roles.filter=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:\={0}))
#ldap.user.attr.id=
#ldap.roles.attr.id=
java.naming.provider.url=ldap://domain:port
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">jbpm-human-task-war.war web.xml</span></p><pre class="jive-pre"><code class="jive-code">   <init-param>
     <param-name>user.group.callback.class</param-name>      <param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value>    </init-param>
</code></pre><div class="e"><div style="text-indent: -2em; margin-left: 1em;"><p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="m"><br/></span></p></p></div></div><p>The jbpm.usergroup.callback.properties is located under <span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">jbpm-human-task-war.war/</span>WEB-INF/classes.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The error message is the following:</p><pre class="jive-pre"><code class="jive-code">ERROR [stderr] (Thread-68) javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name ''
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at javax.naming.directory.InitialDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:128)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104)
ERROR [stderr] (Thread-68) at java.lang.Thread.run(Unknown Source)
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>As you can see in the error message, when trying to create the LDAP context, it doesn't bind a user and password. So when it tries to make the search it fails.</p><p>I'm not sure if it doesn't bind correctly because my properties file is wrong, or because the human task has a bug.</p><p>Any help I'll appreciate. </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thanks.</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="https://community.jboss.org/message/819124#819124">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in jBPM at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>