We are upgrading our
JBPM from 7.14 to 7.73.0.
The below ldap configuration is working fine with JBPM 7.14 but it is not working with
JBPM 7.73.0.
Please suggest if any further changes required for it.
1-Changed Standalone.xml for LDAP setup as below..
Added following property inside system-properties
<property name="org.uberfire.domain" value="ldap"/>
<property name="org.jbpm.ht.callback" value="ldap"/>
<property name="org.jbpm.ht.userinfo" value="ldap"/>
</system-properties>
2- As this
security-domains tag in not present in jbpm-7.73.0 standalone.xml, i added it explicitly.
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:389"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=Manager,dc=dolphin,dc=com"/>
<module-option name="bindCredential" value="root"/>
<module-option name="baseCtxDN" value="ou=users,ou=portal,dc=dolphin,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=groups,ou=portal,dc=dolphin,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="member"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="0"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
</login-module>
<login-module code="org.kie.security.jaas.KieLoginModule" flag="optional" module="deployment.jbpm-console.war"/>
</authentication>
</security-domain>
</security-domains>
</subsystem>
3- Following lines added in these two files which kept inside kie-server.war/WEB-INF/classses/ directory.
jbpm.usergroup.callback.properties
jbpm.user.info.properties
java.naming.provider.url=ldap://localhost:389
java.naming.factory.initializer=com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.authentication=simple
java.naming.security.principal=cn\=Manager,dc\=dolphin,dc\=com
java.naming.security.credentials=root
ldap.user.ctx=ou\=users,ou\=portal,dc\= dolphin,dc\=com
ldap.role.ctx=ou\=groups,ou\=portal,dc\= dolphin,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
ldap.user.id.dn=false
ldap.roles.attr.id=cn
java.naming.referral=follow
ldap.search.scope=SUBTREE_SCOPE