Use this task to configure the LDAP staff plug-in provider that
Business Process Choreographer uses to determine who can start a process or
claim an activity or a task.
Why and when to perform this task
Each type of supported user directory service requires a corresponding
staff plug-in. The following staff plug-ins are supported:
Table 1. Supported
staff plug-in providersUser directory service |
Plug-in provider |
Lightweight Directory Access Protocol (LDAP) |
LDAP Staff Plug-in Provider |
Local operating system user registry |
System Staff Plug-in Provider |
WebSphere Application Server user registry |
User Registry Staff Plug-in Provider |
All of these plug-ins are already installed. You can use the user
registry and system plug-ins without any configuration.
The LDAP staff
plug-in is configured for an LDAP server with anonymous access; the LDAP server
is local to the installed application server. You can change the configuration
of the LDAP plug-in.
Steps for this task
- In the administrative console, click .
- If the scope is not set to Node, select Node and
click Apply.
- To create a new LDAP configuration:
- Click the name of the LDAP staff plug-in provider.
- Select Staff Plugin Configuration.
- Click , and select the sample Extensible Stylesheet Language (XSL)
transformation file to use. The
standard XSL transformation for LDAP is located:
- On Windows systems, in install_root\ProcessChoreographer\Staff\LDAPTransformation.xsl
- On Linux and UNIX systems in install_root/ProcessChoreographer/Staff/LDAPTransformation.xsl
Do not modify this transformation file.Depending on the queries that
you want to create and your directory structure, you might need to create
your own transformations to match the LDAP schema of your organization. If
so, modify a copy that has a different file name.
- Click Next.
- Enter an administrative name for the staff plug-in provider.
- Enter a description.
- Enter the Java Naming and Directory Interface (JNDI) name for
business processes to use in referencing this plug-in, for example, bpe/staff/ldapserver1
- Click Apply.
- Click Custom Properties.
- For each of the required properties and for any optional properties
that you want to set, click the name of the property, enter a value, and click OK.
- To apply the changes, click Save. This table describes each property for the LDAP plug-in.
LDAP plug-in property |
Required or optional |
Comments |
AuthenticationAlias |
Optional |
The authentication alias used to connect
to LDAP, for example, mycomputer/My LDAP Alias. You must define this
alias in the administrative console by clicking . If this alias
is not set, anonymous logon to the LDAP server is used. |
AuthenticationType |
Optional |
If the AuthenticationType property is not
set, the default logon is anonymous authentication. In all other cases, the
default is simple authentication. |
BaseDN |
Required |
The base distinguished name (DN) for all
LDAP search operations, for example, "o=mycompany, c=us" |
CasesentivenessForObjectclasses |
Optional |
Determines whether the names of LDAP object classes
are case-sensitive. |
ContextFactory |
Required |
Sets the Java Naming and Directory Interface
(JNDI) context factory, for example, com.sun.jndi.ldap.LdapCtxFactory |
ProviderURL |
Required |
This Web address must point to the LDAP
JNDI directory server and port. The format must be in normal JNDI syntax,
for example, ldap://localhost:389 |
SearchScope |
Required |
The default search scope for all search
operations. Determines how deep to search beneath the baseDN property. Specify
one of the following values: objectScope, onelevelScope,
or subtreeScope |
additionalParameterName1-5 and additionalParameterValue1-5 |
Optional |
Use these name-value pairs to set up to
five arbitrary JNDI properties for the connection to the LDAP server. |
- To activate the plug-in, stop and start the server.
- If you have
problems with any of these steps, refer to troubleshooting
the staff service and staff plug-ins.
Result
Processes can now use the staff support services to resolve staff
queries, and to determine which activities can be performed by certain people.
What to do next
Continue configuring in
the parent topic at step 4.