JBPM + LDAP - can login, but HumanTask error appears in the jboss log
aemdtuc May 23, 2013 11:25 AMHi.
I've setup the jbpm-installer to work with LDAP, and I could manage to authenticate and get the roles. I can perfectly walk through the jBPM-Console. But looking at JBoss log, I see an error that I think that comes from the Human Task.
Here is how I configured the LDAP:
Jboss standalone.xml
<authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="bindDN" value="LDAP_USER_DN"/> <module-option name="bindCredential" value="LDAP_USER_PASSWD "/> <module-option name="baseCtxDN" value=""/> <module-option name="baseFilter" value="(&(objectClass=user)(userPrincipalName={0}))"/> <module-option name="rolesCtxDN" value=""/> <module-option name="roleFilter" value="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={1}))"/> <module-option name="roleAttributeID" value="cn"/> <module-option name="java.naming.provider.url" value="ldap://domain:port"/> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <module-option name="allowEmptyPasswords" value="true"/> <module-option name="throwValidateError" value="true"/> </login-module> </authentication>
jbpm-gwt-console-server.war web.xml
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login_failed.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Write</role-name> </security-role> <security-role> <role-name>Read</role-name> </security-role>
jbpm-human-task-war.war jbpm.usergroup.callback.properties
ldap.bind.user=CN\=User,OU\=Users,OU\=Company Users,OU\=Company,DC\=company-1234,DC\=com ldap.bind.pwd=Passwd ldap.user.ctx= ldap.role.ctx= #ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.filter=(&(objectClass=user)(userPrincipalName\={0})) ldap.role.filter= ldap.user.roles.filter=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:\={0})) #ldap.user.attr.id= #ldap.roles.attr.id= java.naming.provider.url=ldap://domain:port
jbpm-human-task-war.war web.xml
<init-param> <param-name>user.group.callback.class</param-name> <param-value>org.jbpm.task.identity.LDAPUserGroupCallbackImpl</param-value> </init-param>
The jbpm.usergroup.callback.properties is located under jbpm-human-task-war.war/WEB-INF/classes.
The error message is the following:
ERROR [stderr] (Thread-68) javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name '' ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ERROR [stderr] (Thread-68) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ERROR [stderr] (Thread-68) at javax.naming.directory.InitialDirContext.search(Unknown Source) ERROR [stderr] (Thread-68) at org.jbpm.task.identity.LDAPUserGroupCallbackImpl.existsUser(LDAPUserGroupCallbackImpl.java:128) ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.doCallbackUserOperation(TaskServiceSession.java:1225) ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServiceSession.getTasksOwned(TaskServiceSession.java:763) ERROR [stderr] (Thread-68) at org.jbpm.task.service.TaskServerHandler.messageReceived(TaskServerHandler.java:309) ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.HornetQTaskServerHandler.messageReceived(HornetQTaskServerHandler.java:43) ERROR [stderr] (Thread-68) at org.jbpm.task.service.hornetq.BaseHornetQTaskServer.run(BaseHornetQTaskServer.java:104) ERROR [stderr] (Thread-68) at java.lang.Thread.run(Unknown Source)
As you can see in the error message, when trying to create the LDAP context, it doesn't bind a user and password. So when it tries to make the search it fails.
I'm not sure if it doesn't bind correctly because my properties file is wrong, or because the human task has a bug.
Any help I'll appreciate.
Thanks.