BPM11g-LDAP Roles

Hi All,
I am stuck with the following issue.
I am using Jdeveloper 11.1.1.3.0 for BPM 11g implementation on Sales Application.
I have Weblogic Server 10.3.3 Installed and configured the domain. Also the server is up and running.
In Jdeveloper from BPM Project Navigator I am using my Sales.bpmn process with complete flow, simulation
and implementation. When I open the Organization from BPM Project Navigator. In Organization my created roles
are Approvers, Business Practices, Contracts and Sales Rep. from the IDE connections I created my weblogic
application server connection and tested showing all the 9 connections successful.
In the Identity lookup I select the newly created My weblogic application server connection, which displays
the next Realm field as jazn.com which in the search pattern of lookup displays only weblogic and system user.
At this point I need the pre-seeded LDAP roles as (jcooper, cdickens, jstein, wfaulk and others) to be displayed
in the users list.
My query is how we use the pre-seeded roles in the LDAP of the Oracle Weblogic Server installed.
How do I add the pre-seeded roles in the LDAP of Oracle Weblogic Server ?
Awaiting quick response.
Regards
Ajaz Ahmed

Hi Ravi,
Thanks a lot for your suggestion. I was able to create the LDAP users as roles and could see them in jazn.com lookup.
I have another issue now. I successfully deployed my process, without any errors and warnings, Build was successful. Deployment was finished as
[05:08:56 PM] /workflow/EnterQuotUILab
[05:08:56 PM] /workflow/BusinessPracticesReviewUILab
[05:08:56 PM] /workflow/ApproveTermsUILab
[05:08:56 PM] /workflow/ApproveDealUILab
[05:08:56 PM] /workflow/FinalizeContractsUILab
[05:08:56 PM] Elapsed time for deployment: 1 minute, 56 seconds
[05:08:56 PM] ---- Deployment finished. ----
When I am logging in BPM workspace with URL as
http://localhost:7001/bpm/workspace
On the Upper left of the Applications Area, I can see the link as [QuoteProcessLab] RequestQuoteLab v1.0
when clicked on the just completed application I get the following error popped up as
Cannot create instance in process
'default/QuoteProcessLab!1.1*soa_80....b/RequestQuoteLab'.
Please correct me where I am wrong. How the Instance Process is created after successful deployment of application.
Please Advice.
Regards
Ajaz Ahmed

Similar Messages

Provisioning LDAP roles from SIM

SIM Experts:
I am trying to provision LDAP roles from SIM into our local IPlanet/Sun DS LDAP instance.
When I created the resource in SIM, I noticed it didnt rope in the built in roles from our LDAP instance, just as it did LDAP groups.
I tried to circumvent this by :
1. Creating individual Role_<> attribute entries in the LDAP resource schema which in turn get mapped to 'nsRoleDN' from LDAP.
2. Create 'Roles' in SIM mapped to the LDAP resource and set attribute values for the 'Role_<>' attributes (added earlier to the schema mapping) like -
Role_auditor : cn=Auditor,dc=example,dc=com
The hitch with this approach is if I add multiple roles to the account (during creation), only the last role gets added .. in other words, I see only 1 'nsroleDN'' entry.
I do not know if this the right approach, but could someone suggest a better alternative, if there is one.
Thanks in advance,
apn.

Answered here: http://forum.java.sun.com/thread.jspa?threadID=5247269&tstart=30
... although, as indicated getRoles should return a list of Role names as well... If you create a variable in the workflow and populate it with this call... it should be a List. [item1,item2,item3] may just be the trace representation of a list.

External LDAP + Roles in portal

Folks,
I use weblogic 8.1 portal.
Can we use an external LDAP for storing portal roles? If so, what is supported,
recommended, etc. Does BEA have a recommendation/document on how to support an
environment with multiple domains that share a common LDAP so that we don’t have
to keep them all sync.
Thanks
- Lara

Lara,
The WLS SSPI (plug-in provider architecture) allows you to add additional
role mappers, however the WLS out-of-the-box authorizer and role mapper are
still required for WLP. Also, in a WLS domain/cluster each managed server
has a copy of the LDAP which is automatically kept in sync by the admin
server.
-Phil
"Lara Man" <[email protected]> wrote in message
news:3f78852c$[email protected]..
>
Folks,
I use weblogic 8.1 portal.
Can we use an external LDAP for storing portal roles? If so, what issupported,
recommended, etc. Does BEA have a recommendation/document on how tosupport an
environment with multiple domains that share a common LDAP so that wedon't have
to keep them all sync.
Thanks
- Lara

Mapping Roles to LDAP Roles

Hi all I come with a new problem!!
I have installed the following
Oracle Database XE
Weblogic
RCU
JDeveloper
SOA Suite
Everything is working fine however Im trying to map the roles I seeded to my SOA server into my application in Jdeveloper but it is not possible. Am I missing something? Do I have to install Webcenter and UCM?
I can perfectly see I have the groups and roles uploaded in the console however I cannot seem to map them to the lane roles in Jdeveloper.
Can any body give me some Ideas??
Regards!!
Edited by: 887976 on Oct 11, 2011 7:51 PM

Hi Yasmena,
Basically you can use the same configuration for an LDAP authentication server as an LDAP lookup servr - the differences are that one is used for authentication (which you are already doing by using AD SSO) and one is for mapping purposes. So, if you're having problems with the mapping portion, you can duplicate the LDAP server and mappings as an authentication server, and then use the Auth Test to see what you're being mapped to.
Thanks,
Lauren

Changing LDAP roles programmatically

Does anyone know if it´s possible to change a LDAP user role programmatically? I´ve searched for hours, but I didn´t find any information about it. I Only found classes on weblogic api to change user attributes.
Is there any api on weblogic to do that? Or any documentation that talks about it?
Thanks in advance.
Hevert Brito
Edited by: user12966611 on 09/04/2010 15:16
Edited by: user12966611 on 09/04/2010 15:16
Edited by: user12966611 on 09/04/2010 15:17

Faisal,
I´m trying to use the method createRole the same way you´re doing in you example but i´m getting this error:
Caused by: java.lang.NoSuchMethodException: createRole(java.lang.String,java.lan
g.String,java.lang.String,) for Security:Name=myrealmDefaultAuthenticator
... 117 more
When I use the method createUser as you did in your example it works perfectly.
Do you have any idea why is that happening?
This is my code:
try{
     System.out.println("Creating role : testrole");
     wls.invoke(roleEditor,"createRole",new Object[] {null,"testrole",null},new String[] {"java.lang.String", "java.lang.String","java.lang.String"});
     System.out.println("Created role : testrole");
catch(Exception e){
     e.printStackTrace();
}

LDAP Roles and WAR

This might be a simple problem, but I'm new to this and want to verify this
concept. We are looking at using IPlanet Directory Server 5.0 (which has
Roles) as our LDAP server and Weblogic 6.0 as our Web/Application Server.
Our project consists of manuals (Web Applications consisting of JSPs and
HTMLs), some of which are restricted to a specific roles/groups. So if a
user tries to access a restricted manual, they are prompted for their
username/password, which will be authenticated and if that user is a member
of the proper role/group then they are granted access to the manual.
We are maintaining user accounts and roles/groups in LDAP. In the web.xml
file of the Web Application I can specify our LDAP Realm to authenticate the
user and I can restrict web-resources (manuals) to a specific roles.
Can I configure the web.xml/weblogic.xml files to validate that the user is
a member of the proper role/group? If so, how do I do it? It looks like I
can map a role name in the web.xml file to user names in the weblogic.xml
file, but there are alot of users in each group so I don't want to have to
do this for all the web applications.
This seems pretty common problem but I can't seem to find examples of this.
Thanks,
Jon

You have to write your own Custom Security Realm. Take a look at the
example RDBMSrealm and tailor it to use your LDAP Server.
[att1.html]

LDAP Roles

Hi,
My requirement is to retrive all roles defined in LDAP Server to achieve
this i want to use
Class RolePolicyManager following method:
listRolesForResource
public static String[] listRolesForResource(String anEntAppName,
String aWebAppName,
String aResourceId)Finds all available
role policies given a resourceId. Returns role policies associated at the resource
Id node, only (i.e. the leaf role scope).
I created a XYZ domain for my portal application, i treid to retrive roles using
this method as follows:
String str[] = RolePolicyManager.listRolesForResource( ApplicationHelper.getApplicationName(),
ApplicationHelper.getWebAppName(getRequest()), EntitlementConstants.P13N_ROLE_POLICY_POOL
but the string array its returning is empty.So please send me some sample code
with detailed description of all these three input parameter.
Thanks

See http://edocs.bea.com/wlp/docs81/javadoc/index.html
RolePolicyManager.createRolePolicy() to create a visitor role.
Or, use the Portal Admin Tools for a graphical tool to create
visitor roles.
-Phil
"vindhyachal" <[email protected]> wrote in message
news:[email protected]..
>
Hi phil,
I just want to display all the exisiting roles available inLDAP server,i
didnt create any visitor roles can you please tell how to create thevisitor
roles at the same scope.Please send me some sample code.
Thanks
"Phil Griffin" <BEA> wrote:
Your code looks right for returning visitor roles created for
a given entapp/webapp. Did you create visitor roles at the
same scope in the admin tools?
"Vindhyachal" <[email protected]> wrote in message
news:407cf16b$[email protected]..
Hi,
My requirement is to retrive all roles defined in LDAP
Server
to achieve
this i want to use
Class RolePolicyManager following method:
listRolesForResource
public static String[] listRolesForResource(String anEntAppName,
String aWebAppName,
String aResourceId)Findsall
available
role policies given a resourceId. Returns role policies associatedat the
resource
Id node, only (i.e. the leaf role scope).
I created a XYZ domain for my portal application, i treid to retriveroles
using
this method as follows:
String str[] = RolePolicyManager.listRolesForResource(ApplicationHelper.getApplicationName(),
ApplicationHelper.getWebAppName(getRequest()),EntitlementConstants.P13N_ROLE_POLICY_POOL
but the string array its returning is empty.So please send me somesample
code
with detailed description of all these three input parameter.
Thanks

Add LDAP role to user from java

This is what I have which get's called when the LDAP account is created, but for some reason this gives me the error:
try {
tcLookupOperationsIntf lookup = (tcLookupOperationsIntf) tcUtilityFactory.getUtility(provider, "Thor.API.Operations.tcLookupOperationsIntf");
tcFormInstanceOperationsIntf f = (tcFormInstanceOperationsIntf) tcUtilityFactory.getUtility(provider, "Thor.API.Operations.tcFormInstanceOperationsIntf");
tcResultSet result = lookup.getLookupValues("Lookup.iPlanet.TitleGroups");
String groupDN = null;
for (int i = 0; i < result.getRowCount(); i++) {
result.goToRow(i);
if (result.getStringValue("Lookup Definition.Lookup Code Information.Code Key").equalsIgnoreCase(title)) {
groupDN = result.getStringValue("Lookup Definition.Lookup Code Information.Decode");
break;
if (groupDN != null) {
Map attrChildData = new HashMap();
attrChildData.put("UD_IPNT_GRP_GROUP_NAME", groupDN);
f.addProcessFormChildData(Long.valueOf(childKey), Long.parseLong(pKey), attrChildData);
} catch (Exception e) {
e.printStackTrace();
I think I have the child key messed up. What is the correct way to get the child key of the IPNT group form?

You'll want to get it from the process instance key. Here is an old post of mine that should help you out: Re: Create Access Policy with OIM API: can't fill child form
-Kevin

Mapping LDAP Role in Building Your First Process with Oracle BPM 11g

I'm working on "Building Your First Process with Oracle BPM 11g" I'm at the end of step where assigns user for the requester. The problem is in identity lookup, "Realm" is empty for Remote_WLServer.
Servers are up and running. Demo user community has been loaded - I can see the list of users and groups in the administration server under myrealm. We haven't done much since SOA suite 11g installation. I'm probably the first one who uses this. I wonder we have a missing set up? Can you me what's missing? Appreciate your help in advance.

I get this error message when I clicked gear icon.
"Server exception is : Connection refused from server"
Here is the result of testing Remove_WLServer connection. Does this cause the issue?
Testing JSR-160 Runtime ... failed.
Cannot establish connection.
Testing JSR-160 DomainRuntime ... skipped.
Testing JSR-88 ... skipped.
Testing JSR-88-LOCAL ... skipped.
Testing JNDI ... skipped.
Testing JSR-160 Edit ... skipped.
Testing HTTP ... success.
Testing Server MBeans Model ... skipped.
Testing HTTP Authentication ... success.
2 of 9 tests successful.
I have installed JDeveloper 9i, 10g, and 11g in my laptop. SOA is installed on linux.

Role creation in OIM 11.1.1.5.0 fails with LDAP Sync Enabled

I am in the process of configuring LDAP sync for OIM 11.1.1.5.0 with ODSEE.
At this time, when I add a user in OIM, I can see that the user gets created in LDAP under the LDAP dn that I supplied when configuring OIM (Configuration process screen name = "LDAP Server Continued", field name = "LDAP User Container")
However when I try to add a role in OIM, the call fails. OIM server logs have the following exception message:
<Jul 14, 2011 1:21:52 PM EDT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Jul 14, 2011 1:21:53 PM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042002> <An error occurred while creating the entity in LDAP, and the corresponding error is - {0}
javax.naming.NameNotFoundException: Error: NO_SUCH_OBJECT
null [Root exception is oracle.ods.virtualization.service.VirtualizationException]
at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:151)
at oracle.ods.virtualization.jndi.OVDContext.createSubcontext(OVDContext.java:512)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:239)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.create(RoleCreateLDAPHandler.java:128)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.execute(RoleCreateLDAPHandler.java:46)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.create(RoleManagerImpl.java:188)
at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
Any idea whats going on?
When configuring OIM, I provided a value for the "LDAP Role Container" as "ou=Groups,dc=mycompany,dc=com". The docs shown an example of "cn=groups, dc=mycountry, dc=com" (see http://download.oracle.com/docs/cd/E21764_01/install.1111/e12002/oidonly.htm#CDDDIAIC, step 18). Could this difference in container type be causing this problem?
Any idea where OIM stores this container information if I wanted to test ldap sync with the different roles container?
Thanks
Aspi Engineer
Putnam Investments

Aspi,
OIM keeps its ldap config under "$IDM_HOME/server/ldap_config_util" as "ldapconfig.props"
Thanks,
Sandeep Gupta

LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

Hi.
I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
Denied".
In my project we want add AD group in sharepoin Groups not a individual AD users.
Can anyone help me with this please its urgant?

I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.
<add name="ADMembers"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="company.com"
port="389"
useSSL="false"
userNameAttribute="sAMAccountName"
userContainer="DC=company,DC=com"
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
userDNAttribute="distinguishedName"
scope="Subtree"
enableSearchMethods="true"
otherRequiredUserAttributes="sn,givenname,cn"
/>
<add name="ADRoles"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Company.com"
port="389"
useSSL="false"
groupContainer="DC=Company,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />

Managing LDAP groups and roles through SUN IDM

Hi Guys,
We have a requirement to build the following functionality in our Sun IDM tool.
1.     Ability to create/manage Static LDAP group.
2.     Ability to create/manage filtered LDAP group.
3.     Ability to create/manage Static LDAP roles.
4.     Ability to create/manage filtered LDAP roles.
Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
Any reply will be appreciated.

http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html

Add UME Role to LDAP User

Hi,
i'm having a problem with portal user management. We have a LDAP user called charlie81 in an Active Directory Server, which has a set of LDAP groups. We have also a UME Role (a role created in the portal) called "Manutenzione". Our target is to assign "Manutenzione" to charlie81 through the portal. I made it but when charlie81 is logged in, he can see only LDAP Roles; "Manutenzione" is not visible!!!! How can i resolve this problems? Do you help me, please? Thank you in advance, Carlo Paglia

Hi,
What kind of role did you assign to the user? A portal role (source = portal role) or a "UME role" (source = UME database)?
If it's a portal role, is it a standard or a custom role? If it is a custom portal role, make sure an entry point is defined or your role won't be visible. Here's a link to the documentation : [Defining Entry Points|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4e/3e703e632c7937e10000000a114084/frameset.htm].
Regards,
Pierre

How to get security roles in a JSF portlet

I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
roleMaps.properties
cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.validateXml</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.verifyObjects</param-name>
    <param-value>false</param-value>
</context-param>
<filter>
    <filter-name>UploadFilter</filter-name>
    <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
    <init-param>
      <description>
          The maximum allowed upload size in bytes. If this is set
          to a negative value, there is no maximum. The default
          value is 1000000.
        </description>
      <param-name>maxSize</param-name>
      <param-value>1000000</param-value>
    </init-param>
    <init-param>
      <description>
          The size (in bytes) of an uploaded file which, if it is
          exceeded, will cause the file to be written directly to
          disk instead of stored in memory. Files smaller than or
          equal to this size will be stored in memory. The default
          value is 4096.
        </description>
      <param-name>sizeThreshold</param-name>
      <param-value>4096</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>UploadFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
    <init-param>
      <param-name>errorHost</param-name>
      <param-value>localhost</param-value>
    </init-param>
    <init-param>
      <param-name>errorPort</param-name>
      <param-value>25444</param-value>
    </init-param>
</servlet>
<servlet>
    <servlet-name>ThemeServlet</servlet-name>
    <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet>
    <description>Generated By Sun Java Studio Creator</description>
    <display-name>CreatorPortlet Wrapper</display-name>
    <servlet-name>VSMPortal</servlet-name>
    <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
    <init-param>
      <param-name>portlet-class</param-name>
      <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
    </init-param>
    <init-param>
      <param-name>portlet-guid</param-name>
      <param-value>VSMPortal.VSMPortal</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <url-pattern>/error/ExceptionHandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>ThemeServlet</servlet-name>
    <url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>VSMPortal</servlet-name>
    <url-pattern>/VSMPortal/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/null</welcome-file>
</welcome-file-list>
<error-page>
    <exception-type>javax.servlet.ServletException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>java.io.IOException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>javax.faces.FacesException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<jsp-config>
    <jsp-property-group>
      <url-pattern>*.jspf</url-pattern>
      <is-xml>true</is-xml>
    </jsp-property-group>
</jsp-config>
     <security-role>
          <role-name>Administrator</role-name>
     </security-role>
</web-app>
portlet.xml
<?xml version='1.0' encoding='UTF-8' ?>
<portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
     <portlet>
          <description>Created By Java Studio Creator</description>
          <portlet-name>VSMPortal</portlet-name>
          <display-name>VSMPortal Portlet</display-name>
          <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
          <init-param>
               <name>com.sun.faces.portlet.INIT_VIEW</name>
               <value>/Uctarna.jsp</value>
          </init-param>
          <expiration-cache>0</expiration-cache>
          <supports>
               <mime-type>text/html</mime-type>
               <portlet-mode>VIEW</portlet-mode>
          </supports>
          <supported-locale>en</supported-locale>
          <portlet-info>
               <title>VSMPortal</title>
               <short-title>VSMPortal</short-title>
               <keywords>Creator</keywords>
          </portlet-info>
          <security-role-ref>
               <role-name>Administrator</role-name>
               <role-link>Administrator</role-link>
          </security-role-ref>
     </portlet>
</portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

Problem with LDAP configuration in Enterprise Manager

Hi all,
I'm new at Java CAPS. After install some pieces of Java CAPS now I'm trying to install and configure a Sun Java System Directory Server 5.2 in our environment.
I've already configured the Repository and the Logical Host to work with the ldap, but I have some troubles to do it with the Enterprise Manager.
I followed the instructions of the Administrator guide about the changes to do in web.xml and ldap.properties of the sentinel app but when I do login the Enterprise Manager I can't see the options of the tree to manage servers or users.
It seems that the app don't recover the user roles. I think so becouse I tried to create one user without roles (in normal authentication, without ldap configured) and when I did login in the result was the same.
At the beginning of the process I created the roles 'all', 'administration' and 'management'. However I tried to copy de roles of the Tomcat authentication from 'tomcat-users.xml' to ldap roles, but it doesn't work.
Anyone could help me?
Thanks in advance, and sorry for my rudimentary English

Check that you have the correct Preferred Credentials with Logon as batch job if this is windows. Also check the correct configuration with regards LDAP integration for you platform.

BPM11g-LDAP Roles

Similar Messages

Maybe you are looking for