Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP adminGroups configuration problem

jim676
Champ in-the-making
Champ in-the-making

‎02-14-2014 10:40 AM

Hi,

Quick question I have configured the explorer to work with LDAP, it all works well except I cannot create an admin user, i.e a user who has access to everthing in the explorer. I work in a large organization and I am not allowed the LDAP admin role, thus I though the 
'property name="adminGroups"


in the activiti-ui-context.xml would help so I added a group I am in (I am in many groups):


<property name="adminGroups">
  <list>
    <value>BPM_INSRV_ADM</value>
  </list>
  </property>
  <property name="userGroups">
    <list>
      <value>BPM_INSRV_ADM</value>
    </list>
</property>    
  </bean>

But this does not work? I still do not have explorer admin access.

Any help greatly appreciated.

Jim
Labels:
0 Kudos
7 REPLIES 7

alim736
Champ in-the-making
Champ in-the-making

‎02-14-2014 12:16 PM

I face same problem
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎02-17-2014 09:28 AM

You need to change the

<code>
  <property name="loginHandler" ref="activitiLoginHandler" />
</code>

to not use activitiLoginHandler, but a CUSTOM bean that implements the org.activiti.explorer.ui.login.LoginHandler interface.

It is the default implementation that has a hard dependency on the 'admin' group

<code>
   if (Constants.SECURITY_ROLE_ADMIN.equals(group.getId())) {
       loggedInUser.setAdmin(true);
   }
</code>
0 Kudos

nrocchetti
Champ in-the-making
Champ in-the-making
In response to jbarrez

‎05-28-2014 02:04 PM

Hi,

I am a begginer on Activiti.

I'm trying to get activiti to recognize the groups I set on ldap.
Reading on this post I understand that what is said on the user-guide doesn't work.

Next is what it is said on the user-guide to get activiti to recognize ldap groups:
<property name="adminGroups">
  <list>
    <value>Admin</value>
  </list>
  </property>
  <property name="userGroups">
    <list>
      <value>User</value>
    </list>
</property>   
  </bean>

If this doesn't work, would you explain how can I get activiti to recognize my custom bean that implements LoginHandler interface?

Thanks!
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-04-2014 12:14 PM

If those values are hardcoded, why does the user guide says: Add following configuration to the explorerApp bean in activiti-ui.context:
<code>
<property name="adminGroups">
  <list>
    <value>admin</value>
  </list>
  </property>
  <property name="userGroups">
    <list>
      <value>user</value>
    </list>
</property> 
</code>

This is not necessary, when those values are hardcoded, isn´t it?
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-06-2014 09:24 AM

I tried to extend the Activiti Explorer to have a "designer" security role, so that you can write
<code>
<property name="adminGroups">
  <list>
    <value>activiti_admins</value>
  </list>
  </property>
  <property name="userGroups">
    <list>
      <value>activiti_users</value>
    </list>
</property>
<property name="designerGroups">
  <list>
    <value>activiti_designers</value>
  </list>
  </property>
</code>

Therfore, I added in ExplorerApp.java:

<code>protected List<String> designerGroups;</code>

and

<code>
  public List<String> getDesignerGroups() {
return designerGroups;
  }
 
  public void setDesignerGroups(List<String> designerGroups) {
    this.designerGroups = designerGroups;
  }
</code>

In addition, the DefaultLoginHander looks like this:

<code>
for (Group group : groups) {

        if (Constants.SECURITY_ROLE.equals(group.getType())) {
          loggedInUser.addSecurityRoleGroup(group);
          if (ExplorerApp.get().getUserGroup().equals(group.getId())) {
            loggedInUser.setUser(true);
          }
          if (ExplorerApp.get().getAdminGroup().equals(group.getId())) {
            loggedInUser.setAdmin(true);
          }
          if (ExplorerApp.get().getDesignerGroup().equals(group.getId())) {
              loggedInUser.setDesigner(true);
            }
</code>

Without LDAP, this worked very fine. But as soon as I switched to LDAP, my Explorer just considers the admin and the user role.
Maybe, this here is the reason:
<code>if (Constants.SECURITY_ROLE.equals(group.getType())) { </code>
Maybe, the Explorer sees the LDAP Group "activiti_designers" not as a security group. But with the two other roles (users and admins), it works fine.
In short: When using LDAP, how does the Activiti Explorer know that user and admin are security role groups?

Did I miss something?
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-09-2014 12:52 PM

That was it. The Activiti Explorer did not know that the LDAP group activiti_designers is a security role. I fixed this with this line:
<code> if (Constants.SECURITY_ROLE.equals(group.getType()) || ExplorerApp.get().getDesignerGroup().equals(group.getId()))</code>
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎03-10-2014 06:59 AM

Thanks for posting this back, this will help a lot of people!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC