João Guerra [
https://community.jboss.org/people/ciberg] created the discussion
"Using LDAP in 5.4 - How to avoid creating users in organizationalentity table"
To view the discussion, visit:
https://community.jboss.org/message/796487#796487
--------------------------------------------------------------
Hi,
I'm new to jBPM and I hope you can help me on this.
I have jBPM 5.4 deployed in my own JBOSS AS 7.1.1 and persisting in postgres.
I also have connected to LDAP and I can use the console logging with a LDAP and manage
processes.
I have a workflow with Human Tasks deployed in Guvnor.
The problem is that I'm developing an ESB for a web application to manage the
processes and tasks and I can't do anything without creating the users in the
organizationalentity table.
I don't understand why the console works well with LDAP and my ESB doesn't work.
I have made the following to connect to LDAP:
- In standalone.xml:
<security-domain name="jbpm-console" cache-type="default">
<authentication>
<login-module
code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option name="bindDN"
value="cn=Manager,dc=develop,dc=com"/>
<module-option name="bindCredential"
value="ldapadmin"/>
<module-option name="java.naming.provider.url"
value="ldap://192.168.1.2"/>
<module-option name="baseCtxDN"
value="ou=Person,dc=develop,dc=com"/>
<module-option name="baseFilter"
value="(uid={0})"/>
<module-option name="rolesCtxDN"
value="ou=Groups,dc=develop,dc=com"/>
<module-option name="roleFilter"
value="(member={1})"/>
<module-option name="roleAttributeID"
value="member"/>
<module-option name="roleAttributeIsDN"
value="true"/>
<module-option name="roleNameAttributeID"
value="CN"/>
<module-option name="searchScope"
value="SUBTREE_SCOPE"/>
<module-option name="allowEmptyPasswords"
value="true"/>
</login-module>
<login-module
code="org.jboss.security.auth.spi.RoleMappingLoginModule"
flag="optional">
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/rolemapping.properties"/>
</login-module>
</authentication>
</security-domain>
- File called rolemapping.properties in jboss standalone/configuration folder to map users
group to the corresponding role:
Group1=user
- File called jbpm.usergroup.callback.properties in WEB-INF/lib of jbpm-human-task.war
with:
ldap.bind.user=cn\=Manager,dc\=develop,dc\=com
ldap.bind.pwd=ldapadmin
ldap.user.ctx=ou\=Person,dc\=develop,dc\=com
ldap.role.ctx=ou\=Group1,dc\=develop,dc\=com
#ldap.user.roles.ctx=ou\=Group1,dc\=develop,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
- web.xml in jbpm-human-task.war replacing with:
<init-param>
<param-name>user.group.callback.class</param-name>
<param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value>
</init-param>
Thank you for any help you can give me.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/796487#796487]
Start a new discussion in jBPM Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]