You have your users and groups defined in an Active Directory or a LDAP server and you want to use them in Bonita Open Solution in order to assign tasks.
Solution:
To do that, you have to use the LDAP group resolver or the Active Directory group resolver to do a one-to-one group mapping in Bonita Open Solution.
This article explains how to do that step by step.
Prerequisite
You need to know how your directory is structured. Generally, when you create users and groups in a directory, you are invited to create one container for users and another one for groups. So the first thing you need to know is the paths to these 2 containers.For this article I suggest the next structure (adapt this guide with your own structure):
DC=ad,DC=bonitasoft,DC=comrodrigue, miguel are in bos5test1 and rodrigue is in bos5test2.
|
+– OU=BOSGroups,DC=ad,DC=bonitasoft,DC=com
| |
| +– CN=bos5test1,OU=BOSGroups,DC=ad,DC=bonitasoft,DC=com
| +– CN=bos5test2,OU=BOSGroups,DC=ad,DC=bonitasoft,DC=com
|
+– OU=BOSUsers,DC=ad,DC=bonitasoft,DC=com
|
+– CN=rodrigue,OU=BOSUsers,DC=ad,DC=bonitasoft,DC=com
+– CN=miguel,OU=BOSUsers,DC=ad,DC=bonitasoft,DC=com
What are we going to do?
The goal here is to create 2 groups in Bonita Open Solution according to this mapping:| BOS Group | LDAP/AD Group |
|---|---|
| Group Test 1 | CN=bos5test1 |
| Group Test 2 | CN=bos5test1 |
How to do that?
You have to use a group resolver which is a specific connector to create a group. In Bonita Open Solution, a group is a way to represent a list of candidates. You have to translate the group in a list of users with a group resolver. In our case, you will use either the LDAP group resolver (if you reach a LDAP server) or the ADGroupResolver group resolver (if you reach an AD server - note that you need to install this connector from the community contributions). These 2 connectors work in the same way. So you need to configure:- the server access
- the query to find your list of usersT
- To write your query you need to provide:
- the path to where your groups are stored. In the given example: OU=BOSGroups,DC=ad,DC=bonitasoft,DC=com
- the path to where your users are stored. In the given example: OU=BOSUsers,DC=ad,DC=bonitasoft,DC=com
- the filter to find the group: example: CN=bos5test1
Warning, the filter is applied on the groups not on the users.
Configuration and test of a group mapped with Active Directory: step by step
- Open menu Connectors > Test a Connector
- Select Group and click on Next
- Select the ADGroupResolver connector and click on Next
- Select configure from blank and click on Next
- Fill the form to connect to the Active Directory server (note the port is 389) and click on Next
- Fill the request with the group base path, the user base path and the filter (here CN=bos5test1)
- Click on Evaluate and check that your configuration is ok
- Save your configuration: click on save connector configuration, enter the name of your configuration and click on Finish
- Click on Close
- Create a new process, select Step1 and select Actors tab
- Click on Create
- Select the ADGroupResolver connector and click on Next
- Enter the name of the group in Bonita Open Solution: Group Test 1, and click on Next
- Select Configure connector starting from an existing configuration and select the saved configuration: Configuration for Group Test 1 and click on Next
- Click on Finish
- Select your process and select the Dependencies tab
- Add the ldap connector in the dependencies
What have you learned?
You’ve learned how to map a Bonita Group with an AD or LDAP groupWhat haven’t you learned?
You haven’t learned to do an authentication against LDAP or AD server. This is not done with Bonita Open Solution but it will depend on your deployment server (Tomcat, JBoss, JOnAS, Glassfish, …). You can configure the authentication with LDAP or AD server by configuring the JAAS layer of your server. Please refer to your Application Server Documentation to know how to do that.Your comments are welcome in order to improve this article.
No hay comentarios:
Publicar un comentario