Discussion:
[jboss-user] [jBPM] - Re: LDAP UserGroupCallback with bind credentials
Maciej Swiderski
2013-01-22 15:52:32 UTC
Permalink
Maciej Swiderski [https://community.jboss.org/people/swiderski.maciej] created the discussion

"Re: LDAP UserGroupCallback with bind credentials"

To view the discussion, visit: https://community.jboss.org/message/793556#793556

--------------------------------------------------------------
This is certainly a bug, could you please file a jira for this, if you would like to contribute you could submit a patch by doing pull request :)

Thanks for bringing this up!

Cheers
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/793556#793556]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Hung Phan
2013-01-30 13:03:03 UTC
Permalink
Hung Phan [https://community.jboss.org/people/phan] created the discussion

"Re: LDAP UserGroupCallback with bind credentials"

To view the discussion, visit: https://community.jboss.org/message/795126#795126

--------------------------------------------------------------
Have you tried using the 'java.naming.security.principal' and 'java.naming.security.credentials' in your properties file?  They worked for me (thank you for the hints). 

Also, what is the correct configurations to get just the CN for a user's groups (e.g. just 'user', or 'admin') into the task.OrganizationalEntity table?  Below is a section of my current configuration, which results ininserting the entire string 'CN=admin,CN=Users,DC=...' as the 'Group' id.  Thanks in advance.
-------------
# Filter that will be used to search for user information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.user.filter=(sAMAccountName\={0})

# Attribute name of the user id in Active Directory
ldap.user.attr.id=sAMAccountName

# Filter that will be used to search for group/role information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.role.filter=(sAMAccountName\={0})

# Filter that will be used to search for user group/role membership information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.user.roles.filter=(sAMAccountName\={0})

# Attribute name of the group/role id in Active Directory
# (optional, if not given 'cn' will be used)
ldap.roles.attr.id=memberOf

# User id a DN, instructs the callback to query for user DN
# before searching for roles (optional, default false)
ldap.user.id.dn=true
-------------------
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/795126#795126]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Loading...