Red Hat Training
A Red Hat training course is available for Red Hat Process Automation Manager
Chapter 12. LDAP connection
Business Central provides a dedicated UserGroupCallback
implementation for LDAP servers with Red Hat Process Automation Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.
You can configure the following LDAP UserGroupCallback
implementation properties:
Table 12.1. LDAP UserGroupCallback properties
Property | Description |
---|---|
| User name for connecting to the LDAP server (optional if the LDAP server accepts anonymous access). |
| Password for connecting to the LDAP server (optional if the LDAP server accepts anonymous access). |
| Context in LDAP with user information (mandatory). |
| Context in LDAP with group and role information (mandatory). |
|
Context in LDAP with user group and role membership information (optional if not specified and |
| Filter for searching user information; usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
| Filter for searching group and role information, usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
| Filter for searching user group and role membership information, usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
|
Attribute name of the user ID in LDAP (optional; if not specified, |
|
Attribute name of the group and role ID in LDAP (optional; if not specified, |
|
User ID in a DN, instructs the callback to query for user DN before searching for roles (optional; is |
|
Initial context factory class name; is |
|
Authentication type (possible values are |
|
Security protocol to be used, for example, |
|
LDAP url (by default |
12.1. LDAP UserGroupCallback implementation
You can use the LDAP UserGroupCallback
implementation by configuring the respective LDAP properties in one of the following ways:
Programatically: Build a properties object with the respective
LDAPUserGroupCallbackImpl
properties and createLDAPUserGroupCallbackImpl
with the properties object as its parameter.import org.kie.api.PropertiesConfiguration; import org.kie.api.task.UserGroupCallback; ... Properties properties = new Properties(); properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})"); UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties); UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);
Declaratively: Create the
jbpm.usergroup.callback.properties
file in the root of your application or specify the file location as a system property:-Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH
Ensure that you register the LDAP callback when starting the user task server.
#ldap.bind.user= #ldap.bind.pwd= ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.filter=(uid\={0}) ldap.role.filter=(cn\={0}) ldap.user.roles.filter=(member\={0}) #ldap.user.attr.id= #ldap.roles.attr.id=