Bonita 5.10.2 community LDAP
Hi,
i want to use ldap authentification in user xp, i have used this article http://priyankacool10.wordpress.com/2012/07/25/how-to-configure-ldap-with-bonita-user-xp/
but : -when i extract data from active directory using ldap connector, there is not "uid" atribute , so i have used "cn" instead
authIdentity="cn={USERNAME},ou=......." userFilter="(&(cn={USERNAME}))"
-how can i edit this method :
public boolean isUserAdmin(String username) throws UserNotFoundException { if (username.equals("106160")) { return true; } else { return false; } }
106160 must be replaced by the admin ?
anyone have an idea ?
thank you
1 answer
For reference, here is a sum up of issues and solutions:
- JAAS syntax file was incorrect (missing semicolon). You can refer to examples provide in v6 documentation (syntax as not changed).
- Authentication Service JAAS implementation was not properly include. The Bonita Engine need to be able to load the
com.sun.security.auth.SimpleLdapAuth
class. So you should either put the jar file that include the class in your Application Server library folder or include the file in Bonita web application.
Comments
106160 is the username of the user that have administrator privilege. You should replace it with the username of one of your LDAP user.
If you have trouble to successfully configure LDAP authentication, please share the full content of your log files. Also, if you need help for JAAS configuration file creation, please provide information as listed in Before you start section of official documentation (it's for version 6, but information needed are pretty much the same).
Thank you antoine,
1-the ldap is like this :
for exemple : john smith
*sAMAccountName = jonhs
*distinguishedName = cn = smith\, john,ou = users, ou = sites, ou = xxx, dc = xxx, dc =xxx, dc= com
*to connect to others applications : johns
2-jaas standard file :
BonitaAuth {
com.sun.security.auth.module.LdapLoginModule REQUIRED userProvider="ldap://hote:389/ou=users,ou=sites,ou=xxx,dc=xxx,dc=xxx,dc=com" authIdentity="{USERNAME}" userFilter="(samAccountName={USERNAME})" useSSL=false debug=true };
3-i test this in devlopement environment : with h2 database
In order to help you to get a correct JAAS file it would be really helpful if you can get information as listed here: http://documentation.bonitasoft.com/active-directoryldap-authentication-...
From here, my best guess would be that you should replace:
authIdentity="{USERNAME}"
withauthIdentity="{USERNAME}@mydomain.com"
(replace mydomain.com with your actual domain name)Also, if you want to test your JAAS file outside Bonita you can use this small LDAP testing tool. To run the tool, open a command window and type
java -jar ldap-tool.jar
. Note that just when you run this tool, the JAAS login context need to be namedBonitaAuthentication-1
instead ofBonitaAuth
(because the tool is designed for Bonita 6).Thank you Antoine , i will test it
Hi antoine,
i have downloaded the ldap-tool.jar, and i read "before you start", in my case : It is not possible to build the DN , the username to authenticate is like this : smithj and the DN = cn smith, john, ...,
when i run the ldap-tool i get these exceptions :
Exception in thread "main" java.lang.SecurityException: Erreur de configuration : Ligne 10 : attendu [option key] at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:110)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
orAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC onstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.lang.Class.newInstance(Class.java:374) at javax.security.auth.login.Configuration$3.run(Configuration.java:264)
n.java:259) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.init(LoginContext.java:251) at javax.security.auth.login.LoginContext.(LoginContext.java:418)
at com.bonitaSoft.toolLdap.Main.scenario(Main.java:121)
at com.bonitaSoft.toolLdap.Main.main(Main.java:50)
Caused by: java.io.IOException: Erreur de configuration :
Ligne 10 : attendu [option key]
at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:550)
at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.jav
a:439)
at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383
)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:108)
... 16 more
I should have catch this earlier: error is due to a missing semicolon after the last option of your JAAS context configuration (e.g. after
debug=true
).So you should have a configuration similar to the following one (note the semicolon after the last option and semicolon after the last curly brace):
com.sun.security.auth.module.LdapLoginModule sufficient
userProvider="ldap://localhost:389/CN=Users,DC=MyDomain,DC=com"
userFilter="(&(objectClass=user)(userPrincipalName={USERNAME}@mydomain.com))"
authIdentity="{USERNAME}@mydomain.com"
debug=true
useSSL=false;
};
Remember to change the login context name from
BonitaAuthentication-1
toBonitaAuth
for Bonita 5.10.2.Thank you Antoine,
It works whith the ldap-tool ! , but not with bonita portal, i get org.ow2.bonita.util.BonitaRuntimeException
for information i have configured bonita with mysql , and ldap doesn't contain bonita users , how bonita will reconize ldap users ?
log
oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.AccessorUtil discoverContext Infos: Property: org.ow2.bonita.api-type has not been specified for api-type. Trying to autodetect it. oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.AccessorUtil discoverContext Infos: org.ow2.bonita.util.AccessorUtil called from server side. Using Standard context. oct. 17, 2014 11:50:12 AM org.ow2.bonita.env.BonitaEnvironmentParser getInstance Infos: parsing bindings from resource url: jar:file:/C:/bos/BOS-5.10.2-Tomcat-6.0.35/lib/bonita/bonita-server-5.10.2.jar!/bonita.wire.bindings.xml oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.Misc showProblems Grave: error : couldn't interpret the dom model : org.ow2.bonita.env.WireException: couldn't get type of 'authentication-service': Bonita Error: bp_RU_2 couldn't load class com.sun.security.auth.SimpleLdapAuth
. Cause: org.ow2.bonita.env.WireException: couldn't get type of 'authentication-service': Bonita Error: bp_RU_2 couldn't load class com.sun.security.auth.SimpleLdapAuth
oct. 17, 2014 11:50:12 AM org.apache.catalina.core.StandardWrapperValve invoke Grave: "Servlet.service()" pour la servlet org.bonitasoft.console.security.server.CredentialsEncryptionServlet/security/credentialsencryption a généré une exception org.ow2.bonita.util.BonitaRuntimeException: Bonita Error: bp_Pa_1 errors during parsing of environment: error : couldn't interpret the dom model : org.ow2.bonita.env.WireException: couldn't get type of 'authentication-service': Bonita Error: bp_RU_2 couldn't load class com.sun.security.auth.SimpleLdapAuth
I find in the log that the class SimpleLdapAuth is not loaded because i have copied the jar , and when i
copied the class it works ,
Thank you for your help