JBoss Community

JBPM + LDAP - can login, but HumanTask error appears in the jboss log

created by aemdtuc in jBPM - View the full discussion

Hi.

 

I've setup the jbpm-installer to work with LDAP, and I could manage to authenticate and get the roles. I can perfectly walk through the jBPM-Console. But looking at JBoss log, I see an error that I think that comes from the Human Task.

Here is how I configured the LDAP:

 

Jboss standalone.xml

<authentication>
 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                <module-option name="bindDN" value="LDAP_USER_DN"/>
                <module-option name="bindCredential" value="LDAP_USER_PASSWD "/>
                 <module-option name="baseCtxDN" value=""/>
                <module-option name="baseFilter" value="(&amp;(objectClass=user)(userPrincipalName={0}))"/>
                <module-option name="rolesCtxDN" value=""/>
                 <module-option name="roleFilter" value="(&amp;(objectClass=group)(member:1.2.840.113556.1.4.1941:={1}))"/>
                <module-option name="roleAttributeID" value="cn"/>
                <module-option name="java.naming.provider.url" value="ldap://domain:port"/>
                <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                <module-option name="allowEmptyPasswords" value="true"/>
                <module-option name="throwValidateError" value="true"/>
 </login-module>
</authentication>

 

jbpm-gwt-console-server.war web.xml

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/login_failed.html</form-error-page>
    </form-login-config>
  </login-config>

  <security-role>
    <role-name>Write</role-name>
  </security-role>
  <security-role>
    <role-name>Read</role-name>
</security-role>

 

jbpm-human-task-war.war jbpm.usergroup.callback.properties

ldap.bind.user=CN\=User,OU\=Users,OU\=Company Users,OU\=Company,DC\=company-1234,DC\=com
ldap.bind.pwd=Passwd
ldap.user.ctx=
ldap.role.ctx=
#ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(&(objectClass=user)(userPrincipalName\={0}))
ldap.role.filter=
ldap.user.roles.filter=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:\={0}))
#ldap.user.attr.id=
#ldap.roles.attr.id=
java.naming.provider.url=ldap://domain:port

 

jbpm-human-task-war.war web.xml

   <init-param>
     <param-name>user.group.callback.class</param-name>      <param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value>    </init-param>

 


The jbpm.usergroup.callback.properties is located under jbpm-human-task-war.war/WEB-INF/classes.

 

The error message is the following:

ERROR [stderr] (Thread-68) javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name ''
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at javax.naming.directory.InitialDirContext.search(Unknown Source)
ERROR [stderr] (Thread-68) at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:128)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43)
ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104)
ERROR [stderr] (Thread-68) at java.lang.Thread.run(Unknown Source)

 

 

As you can see in the error message, when trying to create the LDAP context, it doesn't bind a user and password. So when it tries to make the search it fails.

I'm not sure if it doesn't bind correctly because my properties file is wrong, or because the human task has a bug.

Any help I'll appreciate.

 

Thanks.

Reply to this message by going to Community

Start a new discussion in jBPM at Community