1 Reply Latest reply on Dec 18, 2013 4:31 AM by swiderski.maciej

    JBPM 6.0.0 + LDAP (Active Directory)

    ezequielsantana
    ezequielsantana Dec 17, 2013 2:47 PM

      I hope that this post can help someone.

      We spent a couple of hours trying to make it work.

       

      ldap.bind.user=user distinguished name

      ldap.bind.pwd=<password>

      ldap.user.ctx=<>

      ldap.role.ctx=<>

      ldap.user.roles.ctx=<>

      ldap.user.filter=(sAMAccountName={0})                 

      ldap.role.filter=(&(ObjectClass=group)(sAMAccountName={0}))   

      ldap.user.roles.filter=(member:1.2.840.113556.1.4.1941:={0})  *

      ldap.user.id.dn=false

      ldap.user.attr.id=sAMAccountName

      java.naming.provider.url=ldap://<url>:3268

       

      *From http://stackoverflow.com/questions/9945518/can-ldap-matching-rule-in-chain-return-subtree-search-results-with-attributes

       

      We had also to customize LDAPUserGroupCallbackImpl to set the search scope to SubTree.

      jbpm/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java a…

       

      //SUBTREE_SCOPE=2

      SearchControls constraints = new SearchControls(2, 0,0,null,false,false);

       

      Regards,

        • 1. Re: JBPM 6.0.0 + LDAP (Active Directory)
          swiderski.maciej
          swiderski.maciej Dec 18, 2013 4:31 AM (in response to ezequielsantana)

          thanks for sharing this!

           

          would be great if you could provide pull request for that extansion as it might be useful for others and thus including that in code base sounds reasonable. What do you think about making the search controls configurable as well? Not sure if making the subtree will be applicable for all the cases...

            • Actions