0 Replies Latest reply on Jan 21, 2016 1:35 AM by np97190

    jboss ldap search.

    np97190

      Hi All,

       

      Can anyone help me to resolve a use case:

       

      I am running jbpm in jboss wildfly 8 and this is configured to use active directory authentication:

       

           following is the configuration :

       

      <security-domain name="jbpm_ldap_domain">

                  <authentication>

                      <login-module code="LdapExtended" flag="required">

                          <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                          <module-option name="java.naming.provider.url" value="ldap://serverIP"/>

                          <module-option name="java.naming.security.authentication" value="simple" />

                          <module-option name="bindDN" value="CN=Administrator,CN=Users,DC=domain,DC=com"/>

                          <module-option name="bindCredential" value="secretpass"/>

                          <module-option name="baseCtxDN" value="OU=MYOU,DC=domain,DC=com"/>

                          <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                          <module-option name="rolesCtxDN" value="ou=MYOU,dc=,dc=com"/>

                          <module-option name="roleFilter" value="(member={1})"/>

                          <module-option name="roleAttributeID" value="memberOf"/>

                          <module-option name="roleAttributeIsDN" value="true"/>

                          <module-option name="roleNameAttributeID" value="cn"/>

                          <module-option name="allowEmptyPasswords" value="false"/>

                          <module-option name="throwValidateError" value="true"/>

                      </login-module>

                      <login-module code="RoleMapping" flag="optional">

                          <module-option name="rolesProperties" value="file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties"/>

                          <module-option name="replaceRole" value="true"/>

                      </login-module>

                  </authentication>

              </security-domain>


      jbpm-roles.properties:

      BPM_ADMIN=admin

      BPM_ANALYST=analyst

      BPM_DEVELOPER=developer

      BPM_USER=user

      BPM_MANAGER=manager

       

      So as of now I am scanning a specific OU for roles and user scanning.

       

      I want to do it the following way:

           1. Scan complete domain for users.

           2. scan role group in an OU.

           3. user with specific group membership should get admin rights (BPM_ADMIN=admin)

           4. rest all users should have 'user' role.

       

      I do not want to add all users to a group to get them 'user' role in jbpm instead I want to set the default role as 'user' and if I need to grant 'admin' role I will add the user to the group i have defined for admin users in AD (BPM_ADMIN=admin)

       

      How can this be achieved.