Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need query to search users in active directory

johnraju
Champ in-the-making
Champ in-the-making

‎08-08-2013 04:32 AM

Hi,

I am trying to integrate Activiti BPM 5.13 with Active directory.
and I am looking for search filter to query active directory for users.
I tried varies combination for search filter but nothing worked.
Attached is my activiti-standalone-context file in txt format
Kindly help to provide the exact search filter for microsoft Active directory.

Regards,
John
Labels:
activiti-standalone-context_1.txt.zip
0 Kudos
15 REPLIES 15

jbarrez
Star Contributor
Star Contributor

‎08-08-2013 05:06 AM

No clue how Active Directory stores users and groups … or how it was configured by your admin …

Probably you'll need to google on Java + Activiti Directory in general to find out how it works, cause Activiti is under the hood just using regular java.naming stuff.
0 Kudos

johnraju
Champ in-the-making
Champ in-the-making

‎08-12-2013 10:54 AM

hi jbarrez,

We have found the correct search query in ADS i.e. (&(objectCategory=person)(objectClass=user)(CN={0}))

but we are still unable to authenticate against ADS in Activiti BPM.

We are receiving the following error,

"org.activiti.ldap.LDAPUserManager  - Could not authenticate user amit : Unprocessed Continuation Reference(s)
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=FILENET,DC=TEST,DC=COM'"

The work around as per online forum seems to setting a particular java property, "-Djava.naming.REFERRAL=follow" in the startup of the application server i.e. Apache Tomcat 7.0. But even after setting this java property we are receiving the above error.

Our LDAP configuration looks like below,

<bean class="org.activiti.ldap.LDAPConfigurator">
                <!– Server connection params –>
                <property name="server" value="ldap://xxx.xxx.xxx.xxx"/>
                <property name="port" value="389"/>
  <property name="user" value="CN=amit,CN=Users,DC=FILENET,DC=TEST,DC=COM" />
                <property name="password" value="password" />
               
                <!– Query params –>
                <property name="baseDn" value="DC=FILENET,DC=TEST,DC=COM"/>
  <property name="queryUserByUserId" value="(&amp;(objectCategory=person)(objectClass=user)(CN={0}))"/>
  <property name="queryGroupsForUser" value="(&amp;(objectCategory=group)(objectClass=group)(CN={0}))"/>
  
                <!– Attribute config –>
                <property name="userIdAttribute" value="cn" />
                <property name="userFirstNameAttribute" value="cn" />
                <property name="userLastNameAttribute" value="sn" />               
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
             </bean>
          </list>
        </property>
  </bean>

Kindly advise if we are missing any configuration here or any specific setting.

Thanks,
John
0 Kudos

jamesgoodwin
Champ in-the-making
Champ in-the-making

‎08-13-2013 03:39 PM

Thanks jbarrez!!  spin palace
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎08-14-2013 06:04 AM

I found this: http://stackoverflow.com/questions/12222869/need-elaboration-on-unprocessed-continuation-reference

Did you try the suggestion in the last post: "I got around it by setting your InitialDirContext environment to have the Context.REFERRAL key set to "follow".

According to the Javadocs, that key can be "follow", "ignore", or "throw". The default is determined by the provider you use, which is probably "throw"."

You should be able to set those properties through the customConnectionParameters setting: see the docs for more info.

If it does work, please report back, so we can update the userguide accordingly.
0 Kudos

aggiepilot04
Champ in-the-making
Champ in-the-making

‎10-04-2013 01:04 AM

I can confirm that setting Context.REFERRAL to "follow" in InitialDirContext resolved this problem for us.
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎10-04-2013 04:35 AM

Awesome! Thanks!
0 Kudos

ismail1
Champ in-the-making
Champ in-the-making

‎12-20-2013 09:42 AM

Hi joram, i would like to apply that parameter to ldap config, is that correct:

<code>

….
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
<property name="customConnectionParameters">
<Map>
  <property name="InitialDirContext" value="Context.REFERRAL"/>
</Map>
</property>
….
</code>

If not how to set a property with <code> Map<String, String>  </code> as stated in user guide?
0 Kudos

trademak
Star Contributor
Star Contributor

‎12-20-2013 10:28 AM

No, please lookup in the Spring documentation how to fill a map through a Spring configuration or search google and find a link like this one:

http://www.mkyong.com/spring/spring-collections-list-set-map-and-properties-example/
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-06-2014 04:33 AM

Please could someone post the correct string? I have the same problems and a spring beginner. A little help would be great.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC