jboss - Active Directory scanning and role mapping -
i running jbpm in jboss wildfly 8 , configured use active directory authentication. configuration follows:
<security-domain name="jbpm_ldap_domain"> <authentication> <login-module code="ldapextended" flag="required"> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.ldapctxfactory"/> <module-option name="java.naming.provider.url" value="ldap://serverip"/> <module-option name="java.naming.security.authentication" value="simple" /> <module-option name="binddn" value="cn=administrator,cn=users,dc=domain,dc=com"/> <module-option name="bindcredential" value="secretpass"/> <module-option name="basectxdn" value="ou=myou,dc=domain,dc=com"/> <module-option name="basefilter" value="(samaccountname={0})"/> <module-option name="rolesctxdn" value="ou=myou,dc=domain,dc=com"/> <module-option name="rolefilter" value="(member={1})"/> <module-option name="roleattributeid" value="memberof"/> <module-option name="roleattributeisdn" value="true"/> <module-option name="rolenameattributeid" value="cn"/> <module-option name="allowemptypasswords" value="false"/> <module-option name="throwvalidateerror" value="true"/> </login-module> <login-module code="rolemapping" flag="optional"> <module-option name="rolesproperties" value="file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties"/> <module-option name="replacerole" value="true"/> </login-module> </authentication> </security-domain>
jbpm-roles.properties:
bpm_admin=admin bpm_analyst=analyst bpm_developer=developer bpm_user=user bpm_manager=manager
so of scanning specific ou roles , user scanning.
i want following way:
- scan complete domain users.
- scan role group in ou.
- user specific group membership should admin rights (bpm_admin=admin)
- rest users should have 'user' role.
i not want add users group give them user
role in jbpm. instead want set default role user
, if need grant admin
role add user group have defined admin users in active directory (bpm_admin=admin)
how can achieved?
Comments
Post a Comment