User Group Configuration - redhat-consulting/jbpm-ee GitHub Wiki

Within Enterprise deployments, user & group configuration is most often setup to resolve from LDAP. During the development of your application, a file based configuration may be used to simplify development.

• LDAP Based Configuration
• File Based Configuration

###LDAP Based Configuration### To set jBPM to utilize LDAP, a system property called jbpm.ee.user.group.callback.ldap.properties must be set in the server configuration.

For more information on system properties please refer to the documentation. For the most basic configuration, please refer to the example below.

<system-properties>
        <property name="jbpm.ee.user.group.callback.ldap.properties" value="/path/to/jbpm.user.info.properties"/>
</system-properties>

Please note that the value of the jbpm.ee.user.group.callback.ldap.properties property must point to an existing properties file. A sample of the properties file is located in /jbpm-ee-services/resources/jbpm.user.info.properties.

The contents of this file should conform to the *Section 13.2.5.1.1. User information retrieved from LDAP server of the Human Tasks Documentation.

#ldap.bind.user=
#ldap.bind.pwd=


ldap.user.ctx=ou\=people,o\=ee,dc\=jbpm,dc\=org
ldap.role.ctx=ou\=groups,o\=ee,dc\=jbpm,dc\=org


ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
#ldap.role.meddbers.filter=
ldap.user.roles.filter = cn=*

#ldap.email.attr.id
#ldap.name.attr.id
#ldap.lang.attr.id
#ldap.member.attr.id
#ldap.user.attr.id
#ldap.role.attr.id

ldap.entity.id.dn=true

There is also a sample LDIF file included with the name of /jbpm-ee-services/resources/jbpm.ee.export.ldif to demonstrate the basic structure of your LDAP Directory Server DIT. Please note that there must be an LDAP group with name Administrators along with an Administrator user belonging to that group.

###File Based Configuration### In file based configuration, jBPM-EE uses a properties file to define users and their associated groups. This can be used during development to simplify testing, it is not meant for a production environment.

To set jBPM to utilize a properties file, a system property called jbpm.ee.user.group.callback.file.properties must be set in the server configuration.

For more information on system properties please refer to the documentation. For the most basic configuration, please refer to the example below.

<system-properties>
        <property name="jbpm.ee.user.group.callback.file.properties" value="/path/to/usergroup.properties"/>
</system-properties>

Please note that the value of the jbpm.ee.user.group.callback.file.properties property must point to an existing properties file. A sample of the properties file is located in /jbpm-ee-services/resources/usergroup.properties. The contents of the file are shown below.

abaxter=admin,user