LDAP

    In order to setup LDAP for the Tomcat distribution, you have to perform the following steps:

    Make sure the is present in the$TOMCAT_DISTRIBUTION/lib/ folder.

    Adjust the Process Engine Configuration

    Edit the file bpm-platform.xml located inside the folder $TOMCAT_HOME/conf and add the LDAP Identity Provider Plugin and the .

    The administratorUserName property should contain the user id of the LDAP user you want to grant administrator authorizations to. You can then use this user to log in to the web application and grant authorizations to additional users.

    HAL Resource Caching

    If you use LDAP as Indentity Provider, you should consider activating caching ofUsers and Groups in the Camunda webapplication. In order to activate this, add the followingconfiguration to the web.xml file of Camunda webapplication(camunda-webapp-tomcat-$PLATFORM_VERSION.war/WEB-INF/web.xml):

    1. <?xml version="1.0" encoding="UTF-8"?>
    2. <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    3.   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    4.   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    6.   <!-- ... -->
    8.     <listener-class>org.camunda.bpm.engine.rest.hal.cache.HalRelationCacheBootstrap</listener-class>
    9.   </listener>
    11.   <context-param>
    12.     <param-name>org.camunda.bpm.engine.rest.hal.cache.config</param-name>
    13.     <param-value>
    14.       {
    15.         "cacheImplementation": "org.camunda.bpm.engine.rest.hal.cache.DefaultHalResourceCache",
    16.         "caches": {
    17.           "org.camunda.bpm.engine.rest.hal.user.HalUser": {
    18.             "capacity": 100,
    19.           },
    20.           "org.camunda.bpm.engine.rest.hal.group.HalGroup": {
    21.             "capacity": 100,
    22.             "secondsToLive": 900
    23.           }
    24.         }
    25.       }
    26.     </param-value>
    27.   </context-param>
    29.   <!-- ... -->