-
15. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
aemdtuc Jun 3, 2013 6:56 AM (in response to swiderski.maciej)Sorry I didn't get your comment.
You mean when I declare ldap.role.ctx I should comment the ldap.user.roles.ctx ?!
If this is what you mean, I already did it.
And also I'm not declaring any of the ldap.role.ctx or ldap.user.roles.ctx empty anymore. But still if I declare both empty, it works.
The problem is only declaring the ldap.role.ctx and not having the ldap.user.roles.ctx, which leads me that the problem is realy in the line I pointed out, the right way for me would be something like this:
String roleContext = this.config.getProperty(USER_ROLES_CTX, Context.ROLE_CTX);
-
16. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
swiderski.maciej Jun 3, 2013 12:19 PM (in response to aemdtuc)not sure what class you have in mind by Context but in general what you want to do is already done in the code. Could you upload complete configuration file you use so I can check that as unit test?
Cheers
-
17. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
aemdtuc Jun 4, 2013 2:51 AM (in response to swiderski.maciej)Sure, here it is:
#ldap.bind.user= bug, doesn't work, workaround java.naming.security.principal #ldap.bind.pwd= bug, doesn't work, workaround java.naming.security.credentials ldap.role.ctx=OU\=Security,OU\=Groups,OU\=_company,DC\=company,DC\=com java.naming.security.principal=CN\=User,OU\=Accounts,OU\=_company,DC\=company,DC\=com java.naming.security.credentials=passwd ldap.user.ctx=OU\=Accounts,OU\=_company,DC\=company,DC\=com #ldap.user.roles.ctx= ldap.user.filter=(&(objectClass\=user)(userPrincipalName\={0})) ldap.role.filter=(cn\={0}) ldap.user.roles.filter=(&(objectClass\=group)(member\:1.2.840.113556.1.4.1941\:\={0})) #ldap.user.attr.id= #ldap.roles.attr.id= ldap.user.id.dn=true java.naming.provider.url=ldap://domain\:port
-
18. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
swiderski.maciej Jun 4, 2013 4:48 AM (in response to aemdtuc)and you're saying this configuration does not work?
-
19. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
aemdtuc Jun 4, 2013 4:58 AM (in response to swiderski.maciej)Exactly, I get the error message already mentioned:
ERROR [stderr] (Thread-131) javax.naming.InvalidNameException: ldap.role.ctx: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of: ERROR [stderr] (Thread-131) 'ldap.role.ctx' ERROR [stderr] (Thread-131) ]; remaining name 'ldap.role.ctx'
The only way to make this error goes away was uncommenting the ldap.user.roles.ctx and defining it's value the same as the one defined in ldap.role.ctx
ldap.user.roles.ctx=OU\=Security,OU\=Groups,OU\=_company,DC\=company,DC\=com
And from the error message we can clearly see that the program is getting ldap.role.ctx="ldap.role.ctx".
That's why I'm poiting the line 236
String roleContext = this.config.getProperty(USER_ROLES_CTX, ROLE_CTX);
Because in this line seems to be where the problem rises, as we are passing the ROLE_CTX (which contains the string "ldap.role.ctx") as the default value in case the USER_ROLES_CTX is not defined in the properties file.
-
20. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
swiderski.maciej Jun 4, 2013 5:04 AM (in response to aemdtuc)alright, now I got it, you're right this is a bug and that line should be change to be this:
String roleContext = this.config.getProperty(USER_ROLES_CTX, this.config.getProperty(ROLE_CTX));
so it should get the default value from the config properties instead of submitting the key there. I got confused when you passed the line with Context.ROLE_CTX.
I'll fix this as part of the issue already opened for it.
Thanks for detailed investigation
-
21. Re: JBPM + LDAP - can login, but HumanTask error appears in the jboss log
aemdtuc Jun 4, 2013 5:27 AM (in response to swiderski.maciej)You're welcome.
Sorry about the confusion done.
Thanks.