Chapter 13. LDAP connection
Business Central provides a dedicated UserGroupCallback
implementation for LDAP servers with Red Hat Decision Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.
You can configure the following LDAP UserGroupCallback
implementation properties:
Property | Description |
---|---|
| User name for connecting to the LDAP server. This property is optional if it is not specified and the LDAP server accepts anonymous access. |
| Password for connecting to the LDAP server. This property is optional if it is not specified and the LDAP server accepts anonymous access. |
| Context in LDAP with user information. |
| Context in LDAP with group and role. |
| Context in LDAP with user group and role membership information.
This property is optional if it is not specified and the |
| Filter for searching user information. This property usually contains substitution keys {0} that are replaced with parameters. |
| Filter for searching group and role information. This property usually contains substitution keys {0} that are replaced with parameters. |
| Filter for searching user group and role membership information. This property usually contains substitution keys {0} that are replaced with parameters. |
| Attribute name of the user ID in LDAP.
This property is optional if it is not specified and the |
| Attribute name of the group and role ID in LDAP.
This property is optional if it is not specified and the |
|
User ID in a DN, instructs the callback to query for user DN before searching for roles. This is optional and is |
|
Initial context factory class name; is |
|
Authentication type where the possible values are |
|
Security protocol to be used, for example, |
|
LDAP url (by default |
13.1. LDAP UserGroupCallback implementation
You can use the LDAP UserGroupCallback
implementation by configuring the respective LDAP properties in one of the following ways:
Programatically: Build a properties object with the respective
LDAPUserGroupCallbackImpl
properties and createLDAPUserGroupCallbackImpl
with the properties object as its parameter.For example:
import org.kie.api.PropertiesConfiguration; import org.kie.api.task.UserGroupCallback; ... Properties properties = new Properties(); properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})"); UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties); UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);
Declaratively: Create the
jbpm.usergroup.callback.properties
file in the root of your application or specify the file location as a system property.For example:
-Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH
Ensure that you register the LDAP callback when starting the user task server.
For example:
#ldap.bind.user= #ldap.bind.pwd= ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.filter=(uid\={0}) ldap.role.filter=(cn\={0}) ldap.user.roles.filter=(member\={0}) #ldap.user.attr.id= #ldap.roles.attr.id=