2 Replies Latest reply on Sep 27, 2016 4:09 AM by floraluo

    jbpm6 and LDAP

    menjivar88

      Hello,

       

      I'm trying to configure jbpm6.2 with openLdap on linux, i've been looking diferent sites and blogs but most of them are using version 5 of jbpm and the steps are very diferent.

       

      I have installed openLdap and i have a realm on it.

       

      I have modified standalone.xml and added the following new security domain:

       

      <security-domain name="jbpm_ldap_domain">
                          <authentication>
                                  <login-module code="LdapExtended" flag="required">
                                      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                                      <module-option name="java.naming.provider.url" value="ldap://localhost:389"/>
                                      <module-option name="java.naming.security.authentication" value="simple" />
                                      <module-option name="bindDN" value="cn=Manager,dc=jbpm,dc=org"/>
                                      <module-option name="bindCredential" value="secret"/>
                                      <module-option name="baseCtxDN" value="ou=People,dc=jbpm,dc=org"/>
                                      <module-option name="baseFilter" value="(uid={0})"/>
                                      <module-option name="rolesCtxDN" value="ou=Roles,dc=jbpm,dc=org"/>
                                      <module-option name="roleFilter" value="(member={1})"/>
                                      <module-option name="roleAttributeID" value="cn"/>
                                      <module-option name="roleAttributeIsDN" value="true"/>
                                      <module-option name="roleNameAttributeID" value="cn"/>
                                      <module-option name="allowEmptyPasswords" value="false"/>
                                      <module-option name="throwValidateError" value="true"/>
                                      <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                                  </login-module>
                          </authentication>
      </security-domain>
      

       

      Also from the deployments folder i have modified jbpm-console.war's jboss-web.xml file to point to the new security domain.eb>

       

      <jboss-web>
        <security-domain>jbpm ldap domain</security-domain>
      </jboss-web>
      

       

      What else should i modify ??

       

      Regards

      Carlos

        • 1. Re: jbpm6 and LDAP
          swiderski.maciej

          this is all that is needed. Make sure that you have users in that LDAP which have at least one of following roles:

          • admin
          • analyst
          • user
          • manager
          • developer

          then workbench should properly authenticate and authorize you when login in.

           

          HTH

          • 2. Re: jbpm6 and LDAP
            floraluo

            Thank u for your anwser.

             

            But ist there any way to create a new role "myAdmin" and replace the old "admin" with it?

             

            "myAdmin" should get access to the administration submenu.