Bonita 5.10.2 community LDAP

Hi,

i want to use ldap authentification in user xp, i have used this article http://priyankacool10.wordpress.com/2012/07/25/how-to-configure-ldap-with-bonita-user-xp/

but :
-when i extract data from active directory using ldap connector, there is not “uid” atribute , so i have used “cn” instead

authIdentity=“cn={USERNAME},ou=…”
userFilter=“(&(cn={USERNAME}))”

-how can i edit this method :

public boolean isUserAdmin(String username) throws UserNotFoundException {
if (username.equals(“106160”)) {
return true;
} else {
return false;
}
}

106160 must be replaced by the admin ?

anyone have an idea ?

thank you

For reference, here is a sum up of issues and solutions:

• JAAS syntax file was incorrect (missing semicolon). You can refer to examples provide in v6 documentation (syntax as not changed).
• Authentication Service JAAS implementation was not properly include. The Bonita Engine need to be able to load the com.sun.security.auth.SimpleLdapAuth class. So you should either put the jar file that include the class in your Application Server library folder or include the file in Bonita web application.

106160 is the username of the user that have administrator privilege.
You should replace it with the username of one of your LDAP user.

If you have trouble to successfully configure LDAP authentication, please share the full content of your log files.
Also, if you need help for JAAS configuration file creation, please provide information as listed in Before you start section of official documentation (it’s for version 6, but information needed are pretty much the same).

Thank you antoine,

1-the ldap is like this :

for exemple : john smith

*sAMAccountName = jonhs

*distinguishedName = cn = smith, john,ou = users, ou = sites, ou = xxx, dc = xxx, dc =xxx, dc= com

*to connect to others applications : johns

2-jaas standard file :

BonitaAuth {

com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider=“ldap://hote:389/ou=users,ou=sites,ou=xxx,dc=xxx,dc=xxx,dc=com”
authIdentity=“{USERNAME}”
userFilter=“(samAccountName={USERNAME})”
useSSL=false
debug=true
};

3-i test this in devlopement environment : with h2 database

In order to help you to get a correct JAAS file it would be really helpful if you can get information as listed here: http://documentation.bonitasoft.com/active-directoryldap-authentication-0#before

From here, my best guess would be that you should replace:
authIdentity=“{USERNAME}”
with
authIdentity=“{USERNAME}@mydomain.com” (replace mydomain.com with your actual domain name)

Also, if you want to test your JAAS file outside Bonita you can use this small LDAP testing tool. To run the tool, open a command window and type java -jar ldap-tool.jar.
Note that just when you run this tool, the JAAS login context need to be named BonitaAuthentication-1 instead of BonitaAuth (because the tool is designed for Bonita 6).

Thank you Antoine , i will test it

Hi antoine,

i have downloaded the ldap-tool.jar, and i read “before you start”, in my case : It is not possible to build the DN , the username to authenticate is like this : smithj and the DN = cn smith, john, …,

when i run the ldap-tool i get these exceptions :

Exception in thread “main” java.lang.SecurityException: Erreur de configuration
:
Ligne 10 : attendu [option key]
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:110)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct

orAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
onstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.lang.Class.newInstance(Class.java:374)
at javax.security.auth.login.Configuration$3.run(Configuration.java:264)

    at javax.security.auth.login.Configuration$3.run(Configuration.java:260)

    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.Configuration.getConfiguration(Configuratio

n.java:259)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:251)
at javax.security.auth.login.LoginContext.(LoginContext.java:418)
at com.bonitaSoft.toolLdap.Main.scenario(Main.java:121)
at com.bonitaSoft.toolLdap.Main.main(Main.java:50)
Caused by: java.io.IOException: Erreur de configuration :
Ligne 10 : attendu [option key]
at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:550)
at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.jav
a:439)
at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383
)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:108)
… 16 more

I should have catch this earlier: error is due to a missing semicolon after the last option of your JAAS context configuration (e.g. after debug=true).

So you should have a configuration similar to the following one (note the semicolon after the last option and semicolon after the last curly brace):

BonitaAuthentication-1 {
com.sun.security.auth.module.LdapLoginModule sufficient
userProvider=“ldap://localhost:389/CN=Users,DC=MyDomain,DC=com”
userFilter=“(&(objectClass=user)(userPrincipalName={USERNAME}@mydomain.com))”
authIdentity=“{USERNAME}@mydomain.com”
debug=true
useSSL=false;
};


Remember to change the login context name from BonitaAuthentication-1 to BonitaAuth for Bonita 5.10.2.

Thank you Antoine,

It works whith the ldap-tool ! , but not with bonita portal, i get org.ow2.bonita.util.BonitaRuntimeException

for information i have configured bonita with mysql , and ldap doesn’t contain bonita users , how bonita will reconize ldap users ?

log

oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.AccessorUtil discoverContext
Infos: Property: org.ow2.bonita.api-type has not been specified for api-type. Trying to autodetect it.
oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.AccessorUtil discoverContext
Infos: org.ow2.bonita.util.AccessorUtil called from server side. Using Standard context.
oct. 17, 2014 11:50:12 AM org.ow2.bonita.env.BonitaEnvironmentParser getInstance
Infos: parsing bindings from resource url: jar:file:/C:/bos/BOS-5.10.2-Tomcat-6.0.35/lib/bonita/bonita-server-5.10.2.jar!/bonita.wire.bindings.xml
oct. 17, 2014 11:50:12 AM org.ow2.bonita.util.Misc showProblems
Grave: error : couldn’t interpret the dom model : org.ow2.bonita.env.WireException: couldn’t get type of ‘authentication-service’: Bonita Error: bp_RU_2
couldn’t load class com.sun.security.auth.SimpleLdapAuth

. Cause: org.ow2.bonita.env.WireException: couldn’t get type of ‘authentication-service’: Bonita Error: bp_RU_2
couldn’t load class com.sun.security.auth.SimpleLdapAuth

oct. 17, 2014 11:50:12 AM org.apache.catalina.core.StandardWrapperValve invoke
Grave: “Servlet.service()” pour la servlet org.bonitasoft.console.security.server.CredentialsEncryptionServlet/security/credentialsencryption a généré une exception
org.ow2.bonita.util.BonitaRuntimeException: Bonita Error: bp_Pa_1
errors during parsing of environment:
error : couldn’t interpret the dom model : org.ow2.bonita.env.WireException: couldn’t get type of ‘authentication-service’: Bonita Error: bp_RU_2
couldn’t load class com.sun.security.auth.SimpleLdapAuth

at org.ow2.bonita.util.Misc.showProblems(Misc.java:1975)
at org.ow2.bonita.env.BonitaEnvironmentParser.parseEnvironmentFactoryFromXmlString(BonitaEnvironmentParser.java:88)
at org.ow2.bonita.env.GlobalEnvironmentFactory.getEnvironmentFactory(GlobalEnvironmentFactory.java:112)
at org.ow2.bonita.facade.APIInterceptor.invoke(APIInterceptor.java:186)
at com.sun.proxy.$Proxy0.generateTemporaryToken(Unknown Source)
at org.bonitasoft.console.security.server.api.impl.CredentialsEncryptionAPIImpl.generateTemporaryToken(CredentialsEncryptionAPIImpl.java:157)
at org.bonitasoft.console.security.server.CredentialsEncryptionServlet.doPost(CredentialsEncryptionServlet.java:127)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.bonitasoft.forms.server.filter.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.bonitasoft.console.security.SessionFixationValve.invoke(SessionFixationValve.java:77)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:744)

I find in the log that the class SimpleLdapAuth is not loaded because i have copied the jar , and when i

copied the class it works ,

Thank you for your help

thank you Antoine