Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 12. LDAP connection

Decision Central provides a dedicated UserGroupCallback implementation for LDAP servers with Red Hat Decision Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.

You can configure the following LDAP UserGroupCallback implementation properties:

Expand
Table 12.1. LDAP UserGroupCallback properties
PropertyDescription

ldap.bind.user

User name for connecting to the LDAP server (optional if the LDAP server accepts anonymous access).

ldap.bind.pwd

Password for connecting to the LDAP server (optional if the LDAP server accepts anonymous access).

ldap.user.ctx

Context in LDAP with user information (mandatory).

ldap.role.ctx

Context in LDAP with group and role information (mandatory).

ldap.user.roles.ctx

Context in LDAP with user group and role membership information (optional if not specified and ldap.role.ctx property is used instead).

ldap.user.filter

Filter for searching user information; usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.role.filter

Filter for searching group and role information, usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.user.roles.filter

Filter for searching user group and role membership information, usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.user.attr.id

Attribute name of the user ID in LDAP (optional; if not specified, uid property is used instead).

ldap.roles.attr.id

Attribute name of the group and role ID in LDAP (optional; if not specified, cn property is used instead).

ldap.user.id.dn

User ID in a DN, instructs the callback to query for user DN before searching for roles (optional; is false by default).

java.naming.factory.initial

Initial context factory class name; is com.sun.jndi.ldap.LdapCtxFactory by default.

java.naming.security.authentication

Authentication type (possible values are none, simple, and strong; is simple by default).

java.naming.security.protocol

Security protocol to be used, for example, ssl.

java.naming.provider.url

LDAP url (by default ldap://localhost:389; if the protocol is set to ssl then ldap://localhost:636)

12.1. LDAP UserGroupCallback implementation
Copiar o link

You can use the LDAP UserGroupCallback implementation by configuring the respective LDAP properties in one of the following ways:

  • Programatically: Build a properties object with the respective LDAPUserGroupCallbackImpl properties and create LDAPUserGroupCallbackImpl with the properties object as its parameter. 

    import org.kie.api.PropertiesConfiguration;
import org.kie.api.task.UserGroupCallback;
...
Properties properties = new Properties();
properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})");

UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties);

UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);
    Copy to Clipboard Toggle word wrap

  • Declaratively: Create the jbpm.usergroup.callback.properties file in the root of your application or specify the file location as a system property: -Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH

    Ensure that you register the LDAP callback when starting the user task server. 

    #ldap.bind.user=
#ldap.bind.pwd=
ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com
ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
#ldap.user.attr.id=
#ldap.roles.attr.id=
    Copy to Clipboard Toggle word wrap
Additional resources
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat