Hyland Connect

tombo · ‎09-23-2013

I have activity-explorer 5.13 integrated with Active Directory by provided activiti-ldap client. Users are being authenticated and authorized as they should (aside SSO problem mentioned in another post).

However, I can't assign any task to other user as user list is empty and search doesn't find any user. No error is being thrown and there's nothing in the application server logs like no action was invoked, after typing several letters to the task assignment form.
Can anyone confirm this working with MS Active Directory?

Boris

jonnycarter · ‎09-23-2013

I have precisely the same situation with my MS AD connection. I can sign in. I can even make processes that specify potential assignees based on username, and they work.

However, when I try to reassign and search for a user (by name or username), nothing brings up any results. There's a little spinner in the upper right hand corner; its background alternates between yellow and white, then briefly flashes red before it quits.

The only changes I see in the logs are in the localhost_access_log.<date>.txt, which has content like this around the time I make the attempt to search for a user:

<code>
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:04:52 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 108
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:04:58 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 1846
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:01 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 108
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:03 -0500] "GET /activiti-explorer/VAADIN/themes/base/common/img/loading-indicator-delay.gif HTTP/1.1" 200 1590
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:03 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 107
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:05 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 110
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:06 -0500] "GET /activiti-explorer/VAADIN/themes/base/common/img/loading-indicator-wait.gif HTTP/1.1" 200 1590
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:07 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 110
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:09 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 110
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:05:11 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 111
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:02 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 533
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:44 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 1847
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:44 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 108
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:46 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 108
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:48 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 111
0:0:0:0:0:0:0:1%0 - - [23/Sep/2013:11:06:50 -0500] "POST /activiti-explorer/ui/UIDL?windowName=1 HTTP/1.1" 200 111
</code>

Here's my (somewhat obfuscated) LDAPConfigurator bean from activiti-standalone-context.xml:
http://pastebin.com/GgqX3hvp

Would have used the code tags, but forum helps a little too much on that score by adding a bunch of hyperlinks.

tombo · ‎09-24-2013

Thank you for confirming that I'm not alone with that problem. My LDAP configuration is practically the same. I tried with userIdAttribute= „cn“ as well but, there was no change.

trademak · ‎09-24-2013

Hmm, could you check if the LDAP query we are performing works for MS AD? If you have an idea what the query should be we can see how we can get it fixed. We didn't test it against a MS AD.

Best regards,

tombo · ‎09-24-2013

I've tested queries and result is mostly OK.

queryUserByUserId (&(objectClass=user)(sAMAccontName=some.user)) is OK
queryUserByUserId (&(objectClass=user)(cn=Some User)) is OK

queryUserByFullNameLike (&(objectClass=user)(|(givenName=*Some*)(sn=*User))) doesn't return user
queryUserByFullNameLike (&(objectClass=user)(givenName=*Some*)(sn=*User*)) is OK
Correcting this query definition in the activiti-standalone-context.xml doesnt solve problem.

queryGroupsForUser" value="(&(objectClass=group)(member=Some User,OU=SomeOrganizationUnit,DC=domainname,DC=local)) is OK

It looks like search action is not triggered after entering several letters to the form field.
I had the same behaviour in activity-explorer 5.12.1. while user cache was misconfigured through activity-ui-context.xml.

tombo · ‎09-24-2013

Well, I've just performed test against the Apache DS LDAP and situation is exactly the same: empty users list and no errors thrown.

Regards,
Boris

tombo · ‎09-26-2013

I had more time to carefully test Active Directory queries and can confirm that all are OK. Typo was reson that one was not returning user. So, problem is somewhere else.

Regards,
Boris

frederikherema1 · ‎10-02-2013

Ok, thanks for double-checking…

clnyx · ‎10-08-2013

Hello,

I got the same problem. Is there something new how to fix this/get this working?

Greetings

jbarrez · ‎10-21-2013

Well, the previous indicates it works (he had a typo). We also test against apache DS in our test suite.

Hyland Connect

LDAP integration – users list is empty