2

I am running JBPM in JBoss Wildfly 8 and this is configured to use Active Directory Authentication. The configuration is as follows:

<security-domain name="jbpm_ldap_domain">
    <authentication>
        <login-module code="LdapExtended" flag="required">
            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
            <module-option name="java.naming.provider.url" value="ldap://serverIP"/>
            <module-option name="java.naming.security.authentication" value="simple" />
            <module-option name="bindDN" value="CN=Administrator,CN=Users,DC=domain,DC=com"/>
            <module-option name="bindCredential" value="secretpass"/>
            <module-option name="baseCtxDN" value="OU=MYOU,DC=domain,DC=com"/>
            <module-option name="baseFilter" value="(sAMAccountName={0})"/>
            <module-option name="rolesCtxDN" value="ou=MYOU,dc=domain,dc=com"/>
            <module-option name="roleFilter" value="(member={1})"/>
            <module-option name="roleAttributeID" value="memberOf"/>
            <module-option name="roleAttributeIsDN" value="true"/>
            <module-option name="roleNameAttributeID" value="cn"/>
            <module-option name="allowEmptyPasswords" value="false"/>
            <module-option name="throwValidateError" value="true"/>
        </login-module>
        <login-module code="RoleMapping" flag="optional">
            <module-option name="rolesProperties" value="file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties"/>
            <module-option name="replaceRole" value="true"/>
        </login-module>
    </authentication>
</security-domain>

jbpm-roles.properties:

BPM_ADMIN=admin
BPM_ANALYST=analyst
BPM_DEVELOPER=developer
BPM_USER=user
BPM_MANAGER=manager

So as of now I am scanning a specific OU for roles and user scanning.

I want to do it the following way:

  1. Scan complete domain for users.
  2. scan role group in an OU.
  3. user with specific group membership should get admin rights (BPM_ADMIN=admin)
  4. rest all users should have 'user' role.

I do not want to add all users to a group to give them the user role in JBPM. Instead I want to set the default role as user and if I need to grant admin role I will add the user to the group I have defined for admin users in Active Directory (BPM_ADMIN=admin)

How can this be achieved?

Neeraj Pandey
  • 121
  • 1
  • 6
  • Little close to achieve this. I am using `Domain Users` group to grant `user` role but in configuration file it seems I can not have spaces in role name as in `Domain Users = user` – Neeraj Pandey Jan 21 '16 at 13:04

0 Answers0