Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Activiti 6 LDAP Configuration

aggiepilot04
Champ in-the-making
Champ in-the-making

‎09-11-2015 04:08 PM

Anyone have any examples of how to configure LDAP auth on the activiti-app deployment for Activiti 6?  This was our previous implementation in Activiti 5's activiti-strandalone-context.xml:


  <bean id="ldapProperties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
      <property name="location" value="file:///path-to-ldap.properties" />
      <property name="ignoreUnresolvablePlaceholders" value="true" />
  </bean>
  <bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
   …
   <property name="configurators">
      <list>
         <bean class="org.activiti.ldap.LDAPConfigurator">
            <property name="server" value="${ldap.server}" />
            <property name="port" value="${ldap.port}" />
            <property name="user" value="${ldap.user}" />
            <property name="password" value="${ldap.password}" />

            <property name="baseDn" value="${ldap.baseDn}" />
            <property name="queryUserByUserId" value="${ldap.queryUserByUserId}" />
            <property name="queryUserByFullNameLike" value="${ldap.queryUserByFullNameLike}" />
            <property name="queryGroupsForUser" value="${ldap.queryGroupsForUser}" />

            <property name="userIdAttribute" value="${ldap.userIdAttribute}" />
            <property name="userFirstNameAttribute" value="${ldap.userFirstNameAttribute}" />
            <property name="userLastNameAttribute" value="${ldap.userLastNameAttribute}" />

            <property name="groupIdAttribute" value="${ldap.groupIdAttribute}" />
            <property name="groupNameAttribute" value="${ldap.groupNameAttribute}" />
            <property name="customConnectionParameters">
               <map>
                  <entry key="java.naming.referral" value="follow" />
               </map>
            </property>
         </bean>
      </list>
   </property>


We need to point to an external config file (as shown above) so that the activiti app deployment doesn't change between environments.  Thanks in advance.
Labels:
0 Kudos
4 REPLIES 4

jbarrez
Star Contributor
Star Contributor

‎09-15-2015 06:56 AM

The v6 UI is a demo UI (demonstrating what is possible with Activiti, not meant to be used as-is, similar to the v5 Activiti Explorer) and currently does not have LDAP support. Not sure yet if that will come, as it means not only authtentication but also in v6 UI the users need to be in the tables because of foreign key constraints between the models (which wasn't the case in v5) which makes the logic harder.
0 Kudos

aggiepilot04
Champ in-the-making
Champ in-the-making

‎09-15-2015 11:52 AM

With Activiti 5, we primarily used Activiti Explorer for administrative type activities in production (deploying new workflows, viewing/debugging in flight processes, etc).  End users interfaced with our web app, which leveraged activiti-rest.  However, in pre-prod environments, Activiti Explorer was handy for troubleshooting (i.e. I see my tasks in Activiti Explorer, but not in our app).  Even if this wasn't the way we were supposed to use it, it was a beneficial setup for us.

On our new project, we planned to use Activiti 6 and refactor our Grails plugin accordingly (we don't go live until late 2016).  I guess our options are to either wait for LDAP integration, build the things that we need directly into our app, or stick with Activiti 5.  For planning purposes, it would be helpful to know if and when LDAP support is coming.  If I'm missing something and there's a better way, I'd love to hear about any alternatives.  Thanks for the help.
0 Kudos

jmulieri
Champ in-the-making
Champ in-the-making

‎07-20-2016 05:19 PM

For anyone interested, I wrote a very simple LDAP integration for Activiti 6. The approach I used was to plug in the LDAP authentication via a custom PasswordEncoder. This approach relies on the user existing in Activiti also, which I believe covers the issues that jbarrez mentioned above. In order for that to happen, a one way user sync LDAP => Activiti is performed, currently configured via an annotation to run once after startup and then every hour thereafter. Here is a link to the commit: https://github.com/jmulieri/Activiti/commit/f273bffad24070f1823e62db174435d144672d18
0 Kudos

rnd
Champ in-the-making
Champ in-the-making

‎10-21-2016 03:23 AM

Guys, any update on this? Really need Activiti to connect to LDAP to make it a true Enterprise BPM.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC