Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 38. LDAP connection

Business Central provides a dedicated UserGroupCallback implementation for LDAP servers with Red Hat Process Automation Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.

You can configure the following LDAP UserGroupCallback implementation properties:

Expand
Table 38.1. LDAP UserGroupCallback properties
PropertyDescription

ldap.bind.user

User name for connecting to the LDAP server.

This property is optional if it is not specified and the LDAP server accepts anonymous access.

ldap.bind.pwd

Password for connecting to the LDAP server.

This property is optional if it is not specified and the LDAP server accepts anonymous access.

ldap.user.ctx

Context in LDAP with user information.

ldap.role.ctx

Context in LDAP with group and role.

ldap.user.roles.ctx

Context in LDAP with user group and role membership information.

This property is optional if it is not specified and the ldap.role.ctx property is used instead.

ldap.user.filter

Filter for searching user information.

This property usually contains substitution keys {0} that are replaced with parameters.

ldap.role.filter

Filter for searching group and role information.

This property usually contains substitution keys {0} that are replaced with parameters.

ldap.user.roles.filter

Filter for searching user group and role membership information.

This property usually contains substitution keys {0} that are replaced with parameters.

ldap.user.attr.id

Attribute name of the user ID in LDAP.

This property is optional if it is not specified and the uid property is used instead.

ldap.roles.attr.id

Attribute name of the group and role ID in LDAP.

This property is optional if it is not specified and the cn property is used instead.

ldap.user.id.dn

User ID in a DN, instructs the callback to query for user DN before searching for roles. This is optional and is false by default.

java.naming.factory.initial

Initial context factory class name; is com.sun.jndi.ldap.LdapCtxFactory by default.

java.naming.security.authentication

Authentication type where the possible values are none, simple, and strong. This is simple by default.

java.naming.security.protocol

Security protocol to be used, for example, ssl.

java.naming.provider.url

LDAP url (by default ldap://localhost:389; if the protocol is set to ssl then ldap://localhost:636)

38.1. LDAP UserGroupCallback implementation
Copiar enlace

You can use the LDAP UserGroupCallback implementation by configuring the respective LDAP properties in one of the following ways:

  • Programmatically: Build a properties object with the respective LDAPUserGroupCallbackImpl properties and create LDAPUserGroupCallbackImpl using the same properties object as its parameter.

    For example: 

    import org.kie.api.PropertiesConfiguration;
import org.kie.api.task.UserGroupCallback;
...
Properties properties = new Properties();
properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})");

UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties);

UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);
    Copy to Clipboard Toggle word wrap

  • Declaratively: Create the jbpm.usergroup.callback.properties file in the root of your application or specify the file location as a system property.

    For example:

    -Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH

    Ensure that you register the LDAP callback when starting the user task server.

    For example: 

    #ldap.bind.user=
#ldap.bind.pwd=
ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com
ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
#ldap.user.attr.id=
#ldap.roles.attr.id=
    Copy to Clipboard Toggle word wrap

Additional resources

Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat