Flowable集成LDAP
本文重点讲解Flowable框架如何集成LDAP。在这篇文章中,我们将配置Flowable以使用OpenLDAP。OpenLDAP开始使用OpenLDAP的最简单方法是使用Docker镜像,下面的例子基于Docker镜像进行演示:docker run --name openldap \-p 10389:389 -p 10636:636 \-v ~/workspac...
·
本文重点讲解 Flowable框架如何集成LDAP。在这篇文章中,我们将配置Flowable以使用OpenLDAP。
OpenLDAP
开始使用OpenLDAP的最简单方法是使用Docker镜像,下面的例子基于Docker镜像进行演示:
docker run --name openldap \
-p 10389:389 -p 10636:636 \
-v ~/workspace/Shareniu/serendipity:/serendipity \
--env LDAP_ORGANISATION="flowable" \
--env LDAP_DOMAIN="shareniu.com" \
--env LDAP_ADMIN_PASSWORD="secret" \
osixia/openldap:1.2.3
运行映像时,它将创建flowable,创建域(shareniu.com)并设置LDAP管理员的密码。
为了确保zh我们再次看看配置。
docker exec openldap ldapsearch -x -H ldap://localhost -b dc=shareniu,dc=com -D "cn=admin,dc=shareniu,dc=com" -w secret
运行之后,您应该看到如下输出:
# extended LDIF
#
# LDAPv3
# base <dc=flowable,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# shareniu.com
dn: dc=shareniu,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: flowable
dc: flowable
# admin, flowable.org
dn: cn=admin,dc=shareniu,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9QXhWK0MvL1JEK2xsU1g2dG1CemRybGFwRW9OdzVwbTI=
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Flowable.ldif
我创建了一个ldif(LDAP数据交换格式)文件,其中包含两个容器(用户和组)和一个shareniu用户:
# Users root
dn: ou=users, dc=shareniu,dc=com
ou: users
description: All users in the organisation
objectclass: organizationalUnit
objectClass: extensibleObject
objectClass: top
# Groups root
dn: ou=groups, dc=shareniu,dc=com
ou: groups
description: All groups in the organisation
objectclass: organizationalUnit
objectClass: extensibleObject
objectClass: top
# Actual users
dn: cn=shareniu, ou=users,dc=shareniu,dc=com
objectclass: inetOrgPerson
cn: shareniu
sn: Administrator
uid: flowable
userPassword:: test
然后我使用ldapadd命令更新OpenLDAP:
docker exec openldap ldapadd \
-x -H ldap://localhost \
-D "cn=admin,dc=flowable,dc=org" \
-w secret \
-f ./serendipity/flowable/flowable.ldif
您应该看到输出如下:
# extended LDIF
#
# LDAPv3
# base <dc=flowable,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# flowable.org
dn: dc=flowable,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: flowable
dc: flowable
# admin, flowable.org
dn: cn=admin,dc=flowable,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9TFFqN05uYzcydWVpcUREUHdxQ0xoMlNwRHB5V2FzaDY=
# users, flowable.org
dn: ou=users,dc=flowable,dc=org
ou: users
description: All users in the organisation
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top
# groups, flowable.org
dn: ou=groups,dc=flowable,dc=org
ou: groups
description: All groups in the organisation
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top
# Flowable, users, flowable.org
dn: cn=Flowable,ou=users,dc=flowable,dc=org
objectClass: inetOrgPerson
cn: Flowable
sn: Administrator
uid: flowable
userPassword:: dGVzdA==
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5
当然了,您还可以使用LDAP浏览器来管理目录:
Network设置
Authentication设置
Flowable
git clone -b master https://github.com/flowable/flowable-engine.git
现在按照我上一篇文章中的步骤来构建flowable,并创建一个flowable(快照)映像。
配置属性
我们可以使用环境文件将属性传递到Docker容器:
#
# LDAP
#
FLOWABLE_IDM_LDAP_ENABLED=true
FLOWABLE_IDM_LDAP_SERVER=ldap://host.docker.internal
FLOWABLE_IDM_LDAP_PORT=10389
FLOWABLE_IDM_LDAP_USER=cn=admin,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_PASSWORD=secret
FLOWABLE_IDM_LDAP_BASE_DN=dc=flowable,dc=org
FLOWABLE_IDM_LDAP_USER_BASE_DN=ou=users,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_GROUP_BASE_DN=ou=groups,dc=flowable,dc=org
FLOWABLE_IDM_LDAP_QUERY_USER_BY_ID=(&(objectClass=inetOrgPerson)(uid={0}))
FLOWABLE_IDM_LDAP_QUERY_USER_BY_FULL_NAME_LIKE=(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))
FLOWABLE_IDM_LDAP_QUERY_ALL_USERS=(objectClass=inetOrgPerson)
FLOWABLE_IDM_LDAP_QUERY_GROUPS_FOR_USER=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
FLOWABLE_IDM_LDAP_QUERY_ALL_GROUPS=(objectClass=groupOfUniqueNames)
FLOWABLE_IDM_LDAP_QUERY_GROUP_BY_ID=(&(objectClass=groupOfUniqueNames)(uniqueId={0}))
FLOWABLE_IDM_LDAP_ATTRIBUTE_USER_ID=uid
FLOWABLE_IDM_LDAP_ATTRIBUTE_FIRST_NAME=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_LAST_NAME=sn
FLOWABLE_IDM_LDAP_ATTRIBUTE_EMAIL=mail
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_ID=cn
FLOWABLE_IDM_LDAP_ATTRIBUTE_GROUP_NAME=cn
FLOWABLE_IDM_LDAP_CACHE_GROUP_SIZE=10000
FLOWABLE_IDM_LDAP_CACHE_GROUP_EXPIRATION=180000
#
# DEFAULT ADMINISTRATOR ACCOUNTS
#
FLOWABLE_IDM_APP_ADMIN_USER_ID=flowable
FLOWABLE_IDM_APP_ADMIN_PASSWORD=test
FLOWABLE_IDM_APP_ADMIN_FIRST_NAME=Flowable
FLOWABLE_IDM_APP_ADMIN_LAST_NAME=Administrator
FLOWABLE_IDM_APP_ADMIN_EMAIL=admin@flowable.org
FLOWABLE_COMMON_APP_IDM_ADMIN_USER=flowable
FLOWABLE_COMMON_APP_IDM_ADMIN_PASSWORD=test
启动Flowable
docker run -p 8080:8080 \
--env-file ldap-env.txt \
flowable/all-in-one:6.5.0-SNAPSHOT
访问
http://localhost:8080/flowable task并使用默认用户id:flowable和密码:test登录
注意:您可以使用chrome的开发人员工具检查请求URL、头和表单数据:
更多推荐
已为社区贡献13条内容
所有评论(0)