Hi,
Finally, I connect with ldap but when I log in, the environment is fully accessible regardless of the user who logs in.
For example, here in the image you can see that the full authorization is given only to the admin user, but with the one I am logging in that it is totally different, not only do you access it, but you can change it and it does not even appear in the authorizations.
Hi @bullCamunda,
in Spring boot the authorization is switched off by default.
You have to enable it with camunda.bpm.authorization.enabled in your yaml/properties/whereever settings.
Hope this helps, Ingo
I have the same problem, and i have the config of properties too.
Im not sure, but I set in different files the same but I have the same results. Log and acces to authorizations witch user is not admin.
For example I set the enabled in yaml file:
application.yaml
spring.datasource:
url: jdbc:sqlserver://********:1433;databaseName=camunda;
username: *******
password: *******
driverclassname: com.microsoft.sqlserver.jdbc.SQLServerDriver
server.port: 8080
logging.level.org.camunda.bpm.identity.impl.ldap: DEBUG
camunda.bpm.authorization.enabled: true <<
I set in the customConfiguration File to:
AnsesCustomConfiguration.java in processEngineConfiguration method
package Anses.Camunda.Wizard;
import org.apache.commons.dbcp.BasicDataSource;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.impl.cfg.ProcessEnginePlugin;
import org.camunda.bpm.engine.impl.cfg.StandaloneInMemProcessEngineConfiguration;
import org.camunda.bpm.engine.impl.history.HistoryLevel;
import org.camunda.bpm.engine.impl.persistence.StrongUuidGenerator;
import org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin;
import org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin;
import org.camunda.connect.plugin.impl.ConnectProcessEnginePlugin;
import org.camunda.spin.plugin.impl.SpinProcessEnginePlugin;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
@Primary
@Configuration
public class AnsesCustomConfiguration extends StandaloneInMemProcessEngineConfiguration {
@Bean
public void datasource() {
}
@Bean
public static ProcessEnginePlugin strongUUIDGenerator() {
return new ProcessEnginePlugin() {
@Override
public void preInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
processEngineConfiguration.setIdGenerator(new StrongUuidGenerator());
}
@Override
public void postInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
}
@Override
public void postProcessEngineBuild(ProcessEngine processEngine) {
}
};
}
@Bean
public StandaloneInMemProcessEngineConfiguration processEngineConfiguration() {
StandaloneInMemProcessEngineConfiguration processEngineConfigurationInstance = new StandaloneInMemProcessEngineConfiguration();
processEngineConfigurationInstance.setIdGenerator(new StrongUuidGenerator());
processEngineConfigurationInstance.setAuthorizationEnabled(true); <<
jdbcUrl = "jdbc:sqlserver://******:1433;databaseName=camunda";
BasicDataSource sqlDatasource = new BasicDataSource();
sqlDatasource.setDriverClassName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
sqlDatasource.setUsername("******");
sqlDatasource.setPassword("*****");
sqlDatasource.setUrl("jdbc:sqlserver://*****:1433;databaseName=camunda");
dataSource = sqlDatasource ;
processEngineName = "AnsesEngine";
databaseSchemaUpdate = DB_SCHEMA_UPDATE_FALSE;
historyLevel = HistoryLevel.HISTORY_LEVEL_FULL;
processEnginePlugins.add(ldapIdentityProviderPlugin());
processEnginePlugins.add(administratorAuthorizationPlugin());
processEnginePlugins.add(spinPlugin());
processEnginePlugins.add(connectPlugin());
return processEngineConfigurationInstance;
}
@Bean
public LdapIdentityProviderPlugin ldapIdentityProviderPlugin() {
LdapIdentityProviderPlugin ldapIdentityProviderPlugin = new LdapIdentityProviderPlugin();
ldapIdentityProviderPlugin.setServerUrl("ldaps://***:636");
ldapIdentityProviderPlugin.setAcceptUntrustedCertificates(true);
ldapIdentityProviderPlugin.setManagerDn("***");
ldapIdentityProviderPlugin.setManagerPassword("***");
ldapIdentityProviderPlugin.setBaseDn("***");
ldapIdentityProviderPlugin.setUserSearchBase("");
ldapIdentityProviderPlugin.setUserSearchFilter("(objectclass=person)");
ldapIdentityProviderPlugin.setUserIdAttribute("name");
ldapIdentityProviderPlugin.setUserFirstnameAttribute("givenName");
ldapIdentityProviderPlugin.setUserLastnameAttribute("sn");
ldapIdentityProviderPlugin.setUserEmailAttribute("mail");
ldapIdentityProviderPlugin.setUserPasswordAttribute("userpassword");
ldapIdentityProviderPlugin.setGroupSearchBase("OU=GruposAplicaciones,OU=GruposDeDominio");
ldapIdentityProviderPlugin.setGroupSearchFilter("(objectClass=*)");
ldapIdentityProviderPlugin.setGroupIdAttribute("CN");
ldapIdentityProviderPlugin.setGroupNameAttribute("cn");
ldapIdentityProviderPlugin.setGroupMemberAttribute("member");
ldapIdentityProviderPlugin.setSortControlSupported(false);
return ldapIdentityProviderPlugin;
}
@Bean
public AdministratorAuthorizationPlugin administratorAuthorizationPlugin() {
AdministratorAuthorizationPlugin administratorAuthorizationPlugin = new AdministratorAuthorizationPlugin();
administratorAuthorizationPlugin.setAdministratorUserName("A982272");
return administratorAuthorizationPlugin;
}
@Bean
public SpinProcessEnginePlugin spinPlugin() {
return new SpinProcessEnginePlugin();
}
@Bean
public ConnectProcessEnginePlugin connectPlugin() {
return new ConnectProcessEnginePlugin();
}
}
Hi everyone. I know this may not be the place to post this question, but I am very new to Camunda and am trying to get ldap setup in my environment. The directions are a bit too vague for me. What do I need to do to get it setup. Is there a file I need to edit and then restart the Camunda services? If so where is it and what do I need to edit these files. I have V7.14.0 on Tomcat 9.0.36. Thank you.