Configuring the LDAP staff plug-in provider

Use this task to configure the LDAP staff plug-in provider that Business Process Choreographer uses to determine who can start a process or claim an activity or a task.

Why and when to perform this task

Each type of supported user directory service requires a corresponding staff plug-in. The following staff plug-ins are supported:
Table 1. Supported staff plug-in providers
User directory service Plug-in provider
Lightweight Directory Access Protocol (LDAP) LDAP Staff Plugin Provider
Local operating system user registry System Staff Plugin Provider
WebSphere Application Server user registry User Registry Staff Plugin Provider

All of these plug-ins are already installed. You can use the user registry and system plug-ins without any configuration.

The LDAP staff plug-in is configured for an LDAP server with anonymous access; the LDAP server is local to the installed application server. You can change the configuration of the LDAP plug-in.

Steps for this task

  1. In the administrative console, click Resources > Staff Plugin Provider.
  2. If the scope is not set to Node, select Node and click Apply.
  3. To create a new LDAP configuration:
    1. Click the name of the LDAP staff plug-in provider.
    2. Select Staff Plugin Configuration.
    3. Click New > Browse, and select the sample Extensible Stylesheet Language (XSL) transformation file to use. The standard XSL transformation for LDAP is located:
      • On Windows systems, in install_root\ProcessChoreographer\Staff\LDAPTransformation.xsl
      • On Linux and UNIX systems in install_root/ProcessChoreographer/Staff/LDAPTransformation.xsl
      Do not modify this transformation file.

      Depending on the queries that you want to create and your directory structure, you might need to create your own transformations to match the LDAP schema of your organization. If so, modify a copy that has a different file name.

    4. Click Next.
    5. Enter an administrative name for the staff plug-in provider.
    6. Enter a description.
    7. Enter the Java Naming and Directory Interface (JNDI) name for business processes to use in referencing this plug-in, for example, bpe/staff/ldapserver1
    8. Click Apply.
    9. Click Custom Properties.
    10. For each of the required properties and for any optional properties that you want to set, click the name of the property, enter a value, and click OK.
    11. To apply the changes, click Save. This table describes each property for the LDAP plug-in.
      LDAP plug-in property Required or optional Comments
      AuthenticationAlias Optional The authentication alias used to connect to LDAP, for example, mycomputer/My LDAP Alias. You must define this alias in the administrative console by clicking Security > JAAS > Configuration JAAS Configuration > J2C Authentication Data. If this alias is not set, anonymous logon to the LDAP server is used.
      AuthenticationType Optional If the AuthenticationType property is not set, the default logon is anonymous authentication. In all other cases, the default is simple authentication.
      BaseDN Required The base distinguished name (DN) for all LDAP search operations, for example, "o=mycompany, c=us"
      CasesentivenessForObjectclasses Optional Determines whether the names of LDAP object classes are case-sensitive.
      ContextFactory Required Sets the Java Naming and Directory Interface (JNDI) context factory, for example, com.sun.jndi.ldap.LdapCtxFactory
      ProviderURL Required This Web address must point to the LDAP JNDI directory server and port. The format must be in normal JNDI syntax, for example, ldap://localhost:389
      SearchScope Required The default search scope for all search operations. Determines how deep to search beneath the baseDN property. Specify one of the following values: objectScope, onelevelScope, or subtreeScope
      additionalParameterName1-5 and additionalParameterValue1-5 Optional Use these name-value pairs to set up to five arbitrary JNDI properties for the connection to the LDAP server.
  4. To activate the plug-in, stop and start the server.
  5. If you have problems with any of these steps, refer to troubleshooting the staff service and staff plug-ins.

Result

Processes can now use the staff support services to resolve staff queries, and to determine which activities can be performed by certain people.

What to do next

Continue configuring in the parent topic at step 4.
Related concepts
About the staff service
Related tasks
Troubleshooting the staff service and the staff plug-ins
Related information
Staff service settings
Staff plugin provider collection

Terms of use |

Last updated: Thu Apr 27 14:54:57 2006

(c) Copyright IBM Corporation 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)