LDAP - JBPM 7.73.0 Integration
38 views
Skip to first unread message
Ashish Kumar
Jan 4, 2023, 5:48:28 AM1/4/23
to jBPM Development
Hi All,
We are upgrading our
JBPM from 7.14 to 7.73.0.
The below ldap configuration is working fine with JBPM 7.14 but it is not working with
JBPM 7.73.0.
Please suggest if any further changes required for it.
1-Changed Standalone.xml for LDAP setup as below..
Added following property inside system-properties
<property name="org.uberfire.domain" value="ldap"/>
<property name="org.jbpm.ht.callback" value="ldap"/>
<property name="org.jbpm.ht.userinfo" value="ldap"/>
</system-properties>
2- As this security-domains tag in not present in jbpm-7.73.0 standalone.xml, i added it explicitly.
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:389"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=Manager,dc=dolphin,dc=com"/>
<module-option name="bindCredential" value="root"/>
<module-option name="baseCtxDN" value="ou=users,ou=portal,dc=dolphin,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=groups,ou=portal,dc=dolphin,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="member"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="0"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
</login-module>
<login-module code="org.kie.security.jaas.KieLoginModule" flag="optional" module="deployment.jbpm-console.war"/>
</authentication>
</security-domain>
</security-domains>
</subsystem>
3- Following lines added in these two files which kept inside kie-server.war/WEB-INF/classses/ directory.
jbpm.usergroup.callback.properties
jbpm.user.info.properties
java.naming.provider.url=ldap://localhost:389
java.naming.factory.initializer=com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.authentication=simple
java.naming.security.principal=cn\=Manager,dc\=dolphin,dc\=com
java.naming.security.credentials=root
ldap.user.ctx=ou\=users,ou\=portal,dc\= dolphin,dc\=com
ldap.role.ctx=ou\=groups,ou\=portal,dc\= dolphin,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
ldap.user.id.dn=false
ldap.roles.attr.id=cn
java.naming.referral=follow
ldap.search.scope=SUBTREE_SCOPE
1-Changed Standalone.xml for LDAP setup as below..
Added following property inside system-properties
<property name="org.uberfire.domain" value="ldap"/>
<property name="org.jbpm.ht.callback" value="ldap"/>
<property name="org.jbpm.ht.userinfo" value="ldap"/>
</system-properties>
2- As this security-domains tag in not present in jbpm-7.73.0 standalone.xml, i added it explicitly.
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:389"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=Manager,dc=dolphin,dc=com"/>
<module-option name="bindCredential" value="root"/>
<module-option name="baseCtxDN" value="ou=users,ou=portal,dc=dolphin,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=groups,ou=portal,dc=dolphin,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="member"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="0"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
</login-module>
<login-module code="org.kie.security.jaas.KieLoginModule" flag="optional" module="deployment.jbpm-console.war"/>
</authentication>
</security-domain>
</security-domains>
</subsystem>
3- Following lines added in these two files which kept inside kie-server.war/WEB-INF/classses/ directory.
jbpm.usergroup.callback.properties
jbpm.user.info.properties
java.naming.provider.url=ldap://localhost:389
java.naming.factory.initializer=com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.authentication=simple
java.naming.security.principal=cn\=Manager,dc\=dolphin,dc\=com
java.naming.security.credentials=root
ldap.user.ctx=ou\=users,ou\=portal,dc\= dolphin,dc\=com
ldap.role.ctx=ou\=groups,ou\=portal,dc\= dolphin,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
ldap.user.id.dn=false
ldap.roles.attr.id=cn
java.naming.referral=follow
ldap.search.scope=SUBTREE_SCOPE
Reply all
Reply to author
Forward
0 new messages