Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need query to search users in active directory

johnraju
Champ in-the-making
Champ in-the-making

‎08-08-2013 04:32 AM

Hi,

I am trying to integrate Activiti BPM 5.13 with Active directory.
and I am looking for search filter to query active directory for users.
I tried varies combination for search filter but nothing worked.
Attached is my activiti-standalone-context file in txt format
Kindly help to provide the exact search filter for microsoft Active directory.

Regards,
John
Labels:
activiti-standalone-context_1.txt.zip
0 Kudos
15 REPLIES 15

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-06-2014 05:04 AM

I tried this without success:

<code>
    <property name="customConnectionParameters">
     <map>
    <entry key="InitialDirContext" value="Context.REFERRAL" />
    </map>
    </property>
</code>

When I enter incorrect credentials, I get the message that I could not logged in (that is correct). When I enter correct credentials, simply nothing happens. I get no error message, I still see the Activiti Explorer login screen.

Here is the full configuration:

<code>
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
   <property name="dataSource" ref="dataSource" />
   <property name="transactionManager" ref="transactionManager" />
   <property name="databaseSchemaUpdate" value="true" />
   <property name="jobExecutorActivate" value="true" />
    <property name="customFormTypes">
      <list>
        <bean class="org.activiti.explorer.form.UserFormType"/>
        <bean class="org.activiti.explorer.form.ProcessDefinitionFormType"/>
        <bean class="org.activiti.explorer.form.MonthFormType"/>  
      </list>
    </property>
<property name="configurators">
          <list>
              <bean class="org.activiti.ldap.LDAPConfigurator">
             
                <!– Server connection params –>
                <property name="server" value="ldap://10.120.201.12" />
                <property name="port" value="389" />
                <property name="user" value="cn=Administrator,cn=Users,dc=ebusiness,dc=local" />
                <property name="password" value="****" />
               
    <!– Query params –>
                <property name="baseDn" value="ou=ebusiness,dc=ebusiness,dc=local" />
                <property name="queryUserByUserId" value="(&amp;(objectClass=person)(cn={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=person)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=group)(cn={0}))" />
   
    <property name="customConnectionParameters">
    <map>
    <entry key="InitialDirContext" value="Context.REFERRAL" />
    </map>
    </property>
               
                <!– Attribute config –>
                <property name="userIdAttribute" value="cn" />
                <property name="userFirstNameAttribute" value="givenName" />
                <property name="userLastNameAttribute" value="sn" />
               
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
               
              </bean>
          </list>
        </property>
</code>

Please, could anyone help?

Thank you very much
Ben
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-06-2014 06:11 AM

Problem solved. My users in LDAP just had a lastname, not a forename. Then, nothing happend, the Activiti Login screen did not disappear. After adding a forename, the login was successful.

This looks for me like a bug. Steps for reproduce:
Create an LDAP User without a forename. Try to login with cn in the activiti explorer.
Expected behavior: Login is successful
Actual behaviour: Nothing happens. There is no error message and the login screen does not disappear.

Should I open a jira ticket?
0 Kudos

frederikherema1
Star Contributor
Star Contributor

‎03-10-2014 05:53 AM

Seems like something wee need to look at, so yes please Smiley Wink
0 Kudos

b_schnarr
Champ in-the-making
Champ in-the-making

‎03-10-2014 07:42 AM

Jira says: "Not a member? To request an account, please contact your JIRA administrators."
0 Kudos

aggiepilot04
Champ in-the-making
Champ in-the-making

‎04-03-2014 04:08 PM

The missing first name/last name issue bit us with our test users in the past, but it is unrelated to the referral issue.  If you're hitting the referral issue, the error in the logs will look something like this (as mentioned in a previous post):

<code>
INFO  org.activiti.ldap.LDAPUserManager  - Could not authenticate user [USERID]: Unprocessed Continuation Reference(s)
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=blah,DC=local'
</code>

In 5.14, we had this fixed in the activiti-ldap source code.  We just upgraded to 5.15.1, and I'm able to avoid using the customized code with the following configuration:

<code>
<property name="customConnectionParameters">
    <map>
        <entry key="java.naming.referral" value="follow" />
    </map>
</property>
</code>
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎04-22-2014 04:30 AM

@aggiepilot04: Thanks for posting this. Useful information for many!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC