1 2 Previous Next 21 Replies Latest reply on Jun 4, 2013 5:27 AM by aemdtuc

    JBPM + LDAP - can login, but HumanTask error appears in the jboss log

    aemdtuc Newbie

      Hi.

       

      I've setup the jbpm-installer to work with LDAP, and I could manage to authenticate and get the roles. I can perfectly walk through the jBPM-Console. But looking at JBoss log, I see an error that I think that comes from the Human Task.

      Here is how I configured the LDAP:

       

      Jboss standalone.xml

      <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                      <module-option name="bindDN" value="LDAP_USER_DN"/>
                      <module-option name="bindCredential" value="LDAP_USER_PASSWD "/>
                       <module-option name="baseCtxDN" value=""/>
                      <module-option name="baseFilter" value="(&amp;(objectClass=user)(userPrincipalName={0}))"/>
                      <module-option name="rolesCtxDN" value=""/>
                       <module-option name="roleFilter" value="(&amp;(objectClass=group)(member:1.2.840.113556.1.4.1941:={1}))"/>
                      <module-option name="roleAttributeID" value="cn"/>
                      <module-option name="java.naming.provider.url" value="ldap://domain:port"/>
                      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                      <module-option name="allowEmptyPasswords" value="true"/>
                      <module-option name="throwValidateError" value="true"/>
       </login-module>
      </authentication>
      
      

       

      jbpm-gwt-console-server.war web.xml

      <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/login_failed.html</form-error-page>
          </form-login-config>
        </login-config>
      
        <security-role>
          <role-name>Write</role-name>
        </security-role>
        <security-role>
          <role-name>Read</role-name>
      </security-role>
      
      

       

      jbpm-human-task-war.war jbpm.usergroup.callback.properties

      ldap.bind.user=CN\=User,OU\=Users,OU\=Company Users,OU\=Company,DC\=company-1234,DC\=com
      ldap.bind.pwd=Passwd
      ldap.user.ctx=
      ldap.role.ctx=
      #ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
      ldap.user.filter=(&(objectClass=user)(userPrincipalName\={0}))
      ldap.role.filter=
      ldap.user.roles.filter=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:\={0}))
      #ldap.user.attr.id=
      #ldap.roles.attr.id=
      java.naming.provider.url=ldap://domain:port
      

       

      jbpm-human-task-war.war web.xml

         <init-param>
           <param-name>user.group.callback.class</param-name>      <param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value>    </init-param>
      
      
      
      

       


      The jbpm.usergroup.callback.properties is located under jbpm-human-task-war.war/WEB-INF/classes.

       

      The error message is the following:

      ERROR [stderr] (Thread-68) javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name ''
      ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      ERROR [stderr] (Thread-68) at javax.naming.directory.InitialDirContext.search(Unknown Source)
      ERROR [stderr] (Thread-68) at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:128)
      ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225)
      ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763)
      ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309)
      ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43)
      ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104)
      ERROR [stderr] (Thread-68) at java.lang.Thread.run(Unknown Source)
      

       

       

      As you can see in the error message, when trying to create the LDAP context, it doesn't bind a user and password. So when it tries to make the search it fails.

      I'm not sure if it doesn't bind correctly because my properties file is wrong, or because the human task has a bug.

      Any help I'll appreciate.

       

      Thanks.

        1 2 Previous Next