[jboss-jira] [JBoss JIRA] (DROOLS-5528) Drools buisness central ldap authentication
prabhat kumar (Jira)
issues at jboss.org
Thu Jul 23 11:10:01 EDT 2020
[ https://issues.redhat.com/browse/DROOLS-5528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287476#comment-14287476 ]
prabhat kumar commented on DROOLS-5528:
---------------------------------------
Hi Team,
I have configured the kie buisness central and kie server on the wildfly and its working fine. But we need to implement LDAP security authentication and have configured the same in wildfly standalone-full.xml . I am able to login to workbench and performed the rules related action.
But My issue is that Buisness central workbench is unable to registered with kieserver at time of startup,even I have created users on the LDAP server with below roles:-
User:- prabhatA
password:-password
role:- rest-all,admin
User:- prabhatServer
password:-password
role:- kie-server,admin
And mentioned the credentionl in system properties tag of standalone-full.xml:-
<property name="org.kie.server.controller.user" value="prabhatA"/>
<property name="org.kie.server.controller.password" value="password"/>
<property name="org.kie.server.user" value="prabhatServer"/>
<property name="org.kie.server.pwd" value="password"/>
<property name="org.kie.server.controller" value="[http://localhost:8080/business-central/rest/controller]"/>
<property name="org.kie.server.location" value="[http://localhost:8080/kie-server/services/rest/server]"/>
<property name="[org.kie.server.id|http://org.kie.server.id/]" value="wildfly-kieserver"/>
Also add ldap configuration for the login module as below:-
<security-domain name="ldap" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="ou=pepoleTest,dc=example,dc=com"/>
<module-option name="baseFilter" value="(uid=\{0})"/>
<module-option name="rolesCtxDN" value="ou=ruleTest,dc=example,dc=com"/>
<module-option name="roleFilter" value="(member=\{1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="2"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
</login-module>
</authentication>
</security-domain>
I have also updated the security doman value in jboss-web.xml of business central and kie server wars.
<security-domain>ldap</security-domain>
Note:----
If I create user on LDAP server with below details:-
username =kieserver
password = kieserver1!
role= kie-server
Then both business central and kie server are able to register themselves successfully.But this approcah forcing us to create user on LDAP server with above details(kieserver).
Could you please suggest the way so that I don't need to create user with details (userName=kieserver and password=kieserver1!).
> Drools buisness central ldap authentication
> -------------------------------------------
>
> Key: DROOLS-5528
> URL: https://issues.redhat.com/browse/DROOLS-5528
> Project: Drools
> Issue Type: Feature Request
> Reporter: prabhat kumar
> Assignee: Mario Fusco
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list