topic Activiti REST Webapp LDAP and Role Authorization in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/activiti-rest-webapp-ldap-and-role-authorization/m-p/204233#M157363 <HTML><HEAD></HEAD><BODY><SPAN>The User Guide shows how to set up LDAP integration for both the Explorer and REST web apps in Chapter 17.&nbsp; I've succeeded in configuring LDAP authentication for the REST web app against my local ActiveDirectory.&nbsp; Great.&nbsp; The User Guide shows how to map Explorer groups/roles to LDAP groups, to provide a multi-level authorization once authenticated.</SPAN><BR /><BR /><SPAN>But, I don't see how to do the same for the REST web app.</SPAN><BR /><BR /><SPAN>That is, once a user's Basic Auth credentials are authenticated via LDAP, any user in the LDAP directory can execute a REST request.&nbsp; Ideally, I'd like to specify an LDAP group which has privilege to the REST web app.&nbsp; It seems like that would be analogous to the Explorer "admin group".&nbsp; Any LDAP user which is not in that LDAP group would get some kind of "forbidden" or 401 error.</SPAN><BR /><BR /><SPAN>Is this possible?&nbsp; It sounds pretty basic, and not too fancy.</SPAN><BR /><BR /><SPAN>Creating an OU in the LDAP hierarchy specific to ActivitiAdmins and tweaking the baseDn in the Spring configs for the REST web app appropriately might work, but seems like a pretty heavy handed manipulation on the LDAP directory.&nbsp; That would be a step towards having a separate username/password for each application a person wanted to use, rather than a common username/password to identify the same client thing (a person or another application).</SPAN><BR /><BR /><SPAN>Thanks</SPAN></BODY></HTML> Fri, 29 Aug 2014 18:45:53 GMT gregdavisfromnj 2014-08-29T18:45:53Z Activiti REST Webapp LDAP and Role Authorization https://connect.hyland.com/t5/alfresco-archive/activiti-rest-webapp-ldap-and-role-authorization/m-p/204233#M157363 The User Guide shows how to set up LDAP integration for both the Explorer and REST web apps in Chapter 17.&nbsp; I've succeeded in configuring LDAP authentication for the REST web app against my local ActiveDirectory.&nbsp; Great.&nbsp; The User Guide shows how to map Explorer groups/roles to LDAP groups, to provi Fri, 29 Aug 2014 18:45:53 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-webapp-ldap-and-role-authorization/m-p/204233#M157363 gregdavisfromnj 2014-08-29T18:45:53Z Re: Activiti REST Webapp LDAP and Role Authorization https://connect.hyland.com/t5/alfresco-archive/activiti-rest-webapp-ldap-and-role-authorization/m-p/204234#M157364 <HTML><HEAD></HEAD><BODY><SPAN>You would need a combination of the LDAP + a custom RestAuthenticator (see </SPAN><A href="http://activiti.org/userguide/index.html#N13024" rel="nofollow noopener noreferrer">http://activiti.org/userguide/index.html#N13024</A><SPAN>)</SPAN></BODY></HTML> Sat, 30 Aug 2014 18:29:44 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-webapp-ldap-and-role-authorization/m-p/204234#M157364 jbarrez 2014-08-30T18:29:44Z