1 Reply Latest reply on Mar 26, 2013 6:05 AM by ciberg

    Using LDAP in 5.4 - How to avoid creating users in organizationalentity table




      I'm new to jBPM and I hope you can help me on this.


      I have jBPM 5.4 deployed in my own JBOSS AS 7.1.1 and persisting in postgres.

      I also have connected to LDAP and I can use the console logging with a LDAP and manage processes.


      I have a workflow with Human Tasks deployed in Guvnor.


      The problem is that I'm developing an ESB for a web application to manage the processes and tasks and I can't do anything without creating the users in the organizationalentity table.


      I don't understand why the console works well with LDAP and my ESB doesn't work.


      I have made the following to connect to LDAP:

      - In standalone.xml:

          <security-domain name="jbpm-console" cache-type="default">


                  <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                      <module-option name="bindDN" value="cn=Manager,dc=develop,dc=com"/>

                      <module-option name="bindCredential" value="ldapadmin"/>

                      <module-option name="java.naming.provider.url" value="ldap://"/>

                      <module-option name="baseCtxDN" value="ou=Person,dc=develop,dc=com"/>

                      <module-option name="baseFilter" value="(uid={0})"/>

                      <module-option name="rolesCtxDN" value="ou=Groups,dc=develop,dc=com"/>

                      <module-option name="roleFilter" value="(member={1})"/>

                      <module-option name="roleAttributeID" value="member"/>

                      <module-option name="roleAttributeIsDN" value="true"/>

                      <module-option name="roleNameAttributeID" value="CN"/>

                      <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                      <module-option name="allowEmptyPasswords" value="true"/>


                  <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                      <module-option name="rolesProperties" value="${jboss.server.config.dir}/rolemapping.properties"/>





      - File called rolemapping.properties in jboss standalone/configuration folder to map users group to the corresponding role:



      - File called jbpm.usergroup.callback.properties in WEB-INF/lib of jbpm-human-task.war with:









      - web.xml in jbpm-human-task.war replacing with:






      Thank you for any help you can give me.