Discussion:
[jboss-user] [jBPM] - Integration of jbpm5.4 with LDAP
Jeyalakshmi Ramachandran
2013-04-02 09:33:53 UTC
Permalink
Jeyalakshmi Ramachandran [https://community.jboss.org/people/jeyalakshmi.r] created the discussion

"Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/805941#805941

--------------------------------------------------------------
| |
I am trying to connect jbpm5.4 with LDAP server and i am using JBOSS AS7.
1. I setup LDAP server with user and role details.
2. In jBPM i set all the properties as mentioned in this link http://mswiderski.blogspot.in/2012/05/jbpm-53-brings-ldap-into-picture.html http://mswiderski.blogspot.in/2012/05/jbpm-53-brings-ldap-into-picture.html.
3. But when i try to login through jbpm console i am getting message as "You are not authorized to use this application".
4. I have attached the server log for reference and LDAP user screen.
5. Please help me in this regard.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/805941#805941]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Jeyalakshmi Ramachandran
2013-04-03 11:33:45 UTC
Permalink
Jeyalakshmi Ramachandran [https://community.jboss.org/people/jeyalakshmi.r] created the discussion

"Re: Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/806184#806184

--------------------------------------------------------------
Found the answer myself
------------------------------------

I modified the stanalone.xml file with roleFilter and it should be like:

<security-domain name="jbpm-console" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                            <module-option name="bindDN" value="uid=admin,ou=system"/>
                            <module-option name="bindCredential" value="secret"/>
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
                            <module-option name="baseCtxDN" value="ou=People,dc=jbpm,dc=org"/>
                            <module-option name="baseFilter" value="(uid={0})"/>
                            <module-option name="rolesCtxDN" value="ou=Roles,dc=jbpm,dc=org"/>
                            <module-option name="roleFilter" value="(member={1})"/>
                            <module-option name="roleAttributeID" value="cn"/>
                            <module-option name="roleAttributeIsDN" value="true"/>
                            <module-option name="roleNameAttributeID" value="CN"/>
                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                            <module-option name="allowEmptyPasswords" value="true"/>
                            <module-option name="throwValidateError" value="true"/>
                            <module-option name="roleRecursion" value="-1"/>
                        </login-module>                      
                    </authentication>
                </security-domain>
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/806184#806184]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Maciej Swiderski
2013-04-03 14:45:41 UTC
Permalink
Maciej Swiderski [https://community.jboss.org/people/swiderski.maciej] created the discussion

"Re: Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/806235#806235

--------------------------------------------------------------
as you can see in the comments on that blog you need to assign one or more of following roles to users in your ldap server:
'user', 'manager', 'administrator'

once you add these you will be able to logon to console.

HTH
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/806235#806235]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Maciej Swiderski
2013-04-10 06:10:15 UTC
Permalink
Maciej Swiderski [https://community.jboss.org/people/swiderski.maciej] created the discussion

"Re: Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/807336#807336

--------------------------------------------------------------
Looks like this is the root problem why task is not created:

10:26:51,222 ERROR [stderr] (Thread-70) java.lang.NullPointerException

10:26:51,223 ERROR [stderr] (Thread-70)     at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:134)

10:26:51,224 ERROR [stderr] (Thread-70)     at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225)

10:26:51,225 ERROR [stderr] (Thread-70)     at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763)

10:26:51,225 ERROR [stderr] (Thread-70)     at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309)

10:26:51,226 ERROR [stderr] (Thread-70)     at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43)

10:26:51,226 ERROR [stderr] (Thread-70)     at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104)

10:26:51,227 ERROR [stderr] (Thread-70)     at java.lang.Thread.run(Unknown Source)


I believe LDAP query does not return expected results, please make sure the filter you defined for it in the config file is valid and returns results as expected.

HTH
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/807336#807336]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Maciej Swiderski
2013-04-10 06:10:48 UTC
Permalink
Maciej Swiderski [https://community.jboss.org/people/swiderski.maciej] created the discussion

"Re: Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/807337#807337

--------------------------------------------------------------
And please attach server log instead of adding it inline with the message.

Cheers
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/807337#807337]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Jeyalakshmi Ramachandran
2013-04-10 09:30:37 UTC
Permalink
Jeyalakshmi Ramachandran [https://community.jboss.org/people/jeyalakshmi.r] created the discussion

"Re: Integration of jbpm5.4 with LDAP"

To view the discussion, visit: https://community.jboss.org/message/807383#807383

--------------------------------------------------------------
Hi Maciej,

Thanks for ur response. I checked all config files and i was not able to find where i made mistake. I have attached the LDAP screenshot ,server.log, jbpm.usergroup.callback.properties file for reference.

I think this is the cause of the complete problem. The following line is the error trace from server.log.

" Error when creating task on task server for work item id 52. Error reported by task server: *There are no known Business Administrators*, task cannot be created according to WS-HT specification: org.jbpm.task.service.CannotAddTaskException: There are no known Business Administrators, task cannot be created according to WS-HT specification" .

Please check and give me a solution.

Thanks,
Jeyalakshmi
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/807383#807383]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]
Loading...