How to configure LDAP with Bonita User XP?

To use users on Ldap directory on server instead of making users in Bonita User Xp, follow the following steps:

1. Open BOS-5.6.3-Tomcat-6/external/security/jaas-standard.cfg file and type the following:

BonitaAuth {
 com.sun.security.auth.module.LdapLoginModule REQUIRED
 userProvider="ldap://host:port/ou=people,dc=example,dc=com"
 authIdentity="uid={USERNAME},ou=people,dc=example,dc=com"
 userFilter="(&(uid={USERNAME}))"
 useSSL=false
 debug=true;
};
BonitaStore {
 org.ow2.bonita.identity.auth.LocalStorageLoginModule required;
 };

2. Open BOS-5.6.3-Tomcat-6/bonita/server/conf/bonita-server.xml file.

Comment this portion:

<!--PRI comment <authentication-service name='authentication-service' class='org.ow2.bonita.services.impl.DbAuthentication'>
 <arg><string value='bonita-session:core' /></arg>
 </authentication-service> -->

Add the following lines in place of above.

 <!-- PRi added -->
 <authentication-service name='authentication-service' class='com.sun.security.auth.SimpleLdapAuth'>
 <arg><string value='bonita-session:core' /></arg>
 </authentication-service>
 <!-- PRi added upto this -->

Note that com.sun.security.auth.SimpleLdapAuth is same as name of package in SimpleLdapAuth.java file.

3. Now compile a java file and make a jar.

Here is SimpleLdapAuth.java file:

package com.sun.security.auth;
import org.ow2.bonita.facade.exception.UserNotFoundException;
import org.ow2.bonita.services.AuthenticationService;
public class SimpleLdapAuth implements AuthenticationService {

    private String persistenceServiceName;

    public SimpleLdapAuth(String persistenceServiceName) {
        super();
        this.setPersistenceServiceName(persistenceServiceName);
    }

    /**
     * Determines if the user should have amdin accesses to the bonita interface
     * Let's say that Domain Admins have that privilege
     */
    // It looks like by "admin" here, it means whether the user can administer
    // users, roles,
    // etc. in the UserXP.
    public boolean isUserAdmin(String username) throws UserNotFoundException {
        if (username.equals("106160")) {
            return true;
        } else {
            return false;
        }
    }

    /**
     * @return always true. If the LDAP request failed before, it doesn't matter
     *         (?) Necessary to implement interface
     */
    public boolean checkUserCredentials(String username, String password) {
        return true;
    }

    public boolean checkUserCredentialsWithPasswordHash(String arg0, String arg1) {
        // TODO Auto-generated method stub
        return false;
    }

    public void setPersistenceServiceName(String persistenceServiceName) {
        this.persistenceServiceName = persistenceServiceName;
    }

    public String getPersistenceServiceName() {
        return persistenceServiceName;
    }
}

Compile the file with the following command:

 javac -cp ~/BOS-5.6.3-Tomcat-6.0.33/lib/bonita/bonita-server-5.6.3.jar SimpleLdapAuth.java

It will produce SimpleLdapAuth.class file using bonita-server-5.6.3.jar. Now make a jar of it.

jar cvf SimpleLdapAuth.jar SimpleLdapAuth.class

Place the jar produced in BOS-5.6.3-Tomcat-6/lib. And create a directory sturcture in lib as:

–>com

–com>sun

–com/sun>security

–com/sun/security>auth

And place SimpleLdapAuth.class file in auth folder.

Add the following lines in BOS-5.6.3-Tomcat-6/conf/logging.properties file:

# For realm jaas debug info…
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
catalina.org.apache.juli.FileHandler.bufferSize = -1
org.ow2.level = ALL
org.ow2.handlers.useParentHandlers = true

Open Bonita User XP login and check , it will be working. 🙂

Advertisements

About Priyanka Kapoor

Simple, Hardworking & friendly.....
This entry was posted in Uncategorized. Bookmark the permalink.

5 Responses to How to configure LDAP with Bonita User XP?

  1. Marcos says:

    Have you tested this with MS Active Directory?

  2. Les Foster says:

    Thanks. Very helpful, even for BonitaSoft 5.7. I followed this, and only had to change the following: I eliminated the UserFilter attribute, and stacked BonitaAuth with the original (so far, we just plan to keep the original admin user) making both optional instead of required.

  3. Very Helpful Priyanka. I had been struggling with this for a while now. A couple of tips based on issues I ran into

    1. JDK for compiling the .java file should be 1.6
    2. One might be tempted to put in semi colons in jaas-standard.cfg after each line, but the config needs to be in such a way that semi colon is only after the debug=true;

    Thank you once again.

  4. I don’t think you need both the class file and the jar file. Either/or should suffice. Just copy the jar file to the TOMCAT_HOME/lib/com/sun/security/auth directory (and don’t mess with the class file or the jar file in the /lib directory).

    Thanks so much for the tutorial! It was very helpful.

    Andrew

  5. Geoff says:

    Worked like a charm, thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s