Hyland Connect

tontonflingueur · ‎02-22-2012

Hello,

I am currently implementing a Proof of Concept of an application integrating Activiti in a huge organization. Of course, LDAP integration is needed. I am aware that this topic has been discussed like thousand times on this forum and, in particular, I am aware of this link :

http://developer4life.blogspot.com/2012/02/activiti-authentication-and-identity.html

The problem is that all the integration samples I have seen between Activiti and LDAP involve at some point loading to memory the complete list of users and groups from the LDAP. From the above :

//TODO: get all users from your identity domain and convert them to List<User>

This does not seem wise to me for a LDAP with 80000+ entries. Has anybody any insight on integrating the Activiti Engine with a large LDAP repository ?

Thanks in advance for your help.

Luke

sebastian_s · ‎02-26-2012

Hello Luke,

without having looked too deeply into this:

What prevents you from delegating the search calls etc. to your LDAP-server? I see you reason why you should be obligated to retrieve a list of all users from your LDAP which is indeed a bad idea.

Translate the API-calls to LDAP-queries/searches and convert the result into the appropriate data objects.

Cheers
Sebastian

roig · ‎02-26-2012

//TODO: get all users from your identity domain and convert them to List<User>

The "get all users" query could be called by the engine, but I am not sure it is called at all. For example, when you start the web-explorer, than is caches 25 users, not all the users (I dont really know your application architecture). Try to check the engine code and see if there is such a query - I believe you will not find it.

tontonflingueur · ‎02-29-2012

Thank you for you answers.
I am going to investigate about that… As roig said, I am under the impression that neither the explorer nor the engine are using the method, but I am not sure yet.

Luke

Hyland Connect

Integration with a large LDAP directorry