1 2 Previous Next 21 Replies Latest reply on Jun 4, 2013 5:27 AM by aemdtuc Go to original post
      • 15. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
        aemdtuc
        aemdtuc Jun 3, 2013 6:56 AM (in response to swiderski.maciej)

        Sorry I didn't get your comment.

        You mean when I declare ldap.role.ctx I should comment the ldap.user.roles.ctx ?!

        If this is what you mean, I already did it.

        And also I'm not declaring any of the ldap.role.ctx or ldap.user.roles.ctx empty anymore. But still if I declare both empty, it works.

        The problem is only declaring the ldap.role.ctx and not having the ldap.user.roles.ctx, which leads me that the problem is realy in the line I pointed out, the right way for me would be something like this:

         

        String roleContext = this.config.getProperty(USER_ROLES_CTX, Context.ROLE_CTX);

          • Actions
        • 16. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
          swiderski.maciej
          swiderski.maciej Jun 3, 2013 12:19 PM (in response to aemdtuc)

          not sure what class you have in mind by Context but in general what you want to do is already done in the code. Could you upload complete configuration file you use so I can check that as unit test?

           

          Cheers

            • Actions
          • 17. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
            aemdtuc
            aemdtuc Jun 4, 2013 2:51 AM (in response to swiderski.maciej)

            Sure, here it is:

             

            #ldap.bind.user= bug, doesn't work, workaround java.naming.security.principal
#ldap.bind.pwd= bug, doesn't work, workaround java.naming.security.credentials
ldap.role.ctx=OU\=Security,OU\=Groups,OU\=_company,DC\=company,DC\=com
java.naming.security.principal=CN\=User,OU\=Accounts,OU\=_company,DC\=company,DC\=com
java.naming.security.credentials=passwd
ldap.user.ctx=OU\=Accounts,OU\=_company,DC\=company,DC\=com
#ldap.user.roles.ctx=
ldap.user.filter=(&(objectClass\=user)(userPrincipalName\={0}))
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(&(objectClass\=group)(member\:1.2.840.113556.1.4.1941\:\={0}))
#ldap.user.attr.id=
#ldap.roles.attr.id=
ldap.user.id.dn=true
java.naming.provider.url=ldap://domain\:port
              • Actions
            • 18. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
              swiderski.maciej
              swiderski.maciej Jun 4, 2013 4:48 AM (in response to aemdtuc)

              and you're saying this configuration does not work?

                • Actions
              • 19. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
                aemdtuc
                aemdtuc Jun 4, 2013 4:58 AM (in response to swiderski.maciej)

                Exactly, I get the error message already mentioned:

                 

                ERROR [stderr] (Thread-131) javax.naming.InvalidNameException: ldap.role.ctx: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of:
ERROR [stderr] (Thread-131)     'ldap.role.ctx'
ERROR [stderr] (Thread-131) ]; remaining name 'ldap.role.ctx'

                 

                The only way to make this error goes away was uncommenting the ldap.user.roles.ctx and defining it's value the same as the one defined in ldap.role.ctx

                 

                ldap.user.roles.ctx=OU\=Security,OU\=Groups,OU\=_company,DC\=company,DC\=com

                 

                And from the error message we can clearly see that the program is getting ldap.role.ctx="ldap.role.ctx".

                 

                That's why I'm poiting the line 236

                 

                String roleContext = this.config.getProperty(USER_ROLES_CTX, ROLE_CTX);

                 

                Because in this line seems to be where the problem rises, as we are passing the ROLE_CTX (which contains the string "ldap.role.ctx") as the default value in case the USER_ROLES_CTX is not defined in the properties file.

                  • Actions
                • 20. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
                  swiderski.maciej
                  swiderski.maciej Jun 4, 2013 5:04 AM (in response to aemdtuc)

                  alright, now I got it, you're right this is a bug and that line should be change to be this:

                   

                   

                  String roleContext = this.config.getProperty(USER_ROLES_CTX, this.config.getProperty(ROLE_CTX));

                  so it should get the default value from the config properties instead of submitting the key there. I got confused when you passed the line with Context.ROLE_CTX.

                   

                  I'll fix this as part of the issue already opened for it.

                   

                  Thanks for detailed investigation

                    • Actions
                  • 21. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
                    aemdtuc
                    aemdtuc Jun 4, 2013 5:27 AM (in response to swiderski.maciej)

                    You're welcome.

                     

                    Sorry about the confusion done.

                     

                    Thanks.

                      • Actions
                    1 2 Previous Next