Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Please help with connecting Activiti and Active Directory

bizilux
Champ on-the-rise
Champ on-the-rise

‎02-05-2016 03:40 AM

Hello all, long story short, im doing this pilot/test project for a company, and also writing Bachelor's degree on topic "Use of Alfresco Activiti for process reeingineering" at the same time. Problem is, I am catastrophically stuck at this AD problem for the past 1 month.

Alfresco is on version 5.0.2.5 and Activiti is on 1.3.3
 
I used "demo setup" from activiti-share-connector-1.3.2, and it is working. If I started a process in activiti, it was shown in Alfresco dashboard too.
 
Then I configured Active Directory for Alfresco, that worked too. It imported all 1600 users and groups. Configuration file for that is located on this path (and also attached it)
C:\Alfresco\Alfresco-5.0.2.5-january\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\extension\subsystems\Authentication\ldap\ldap1\ldap-authentication.properties
 
Then I wanted to configure AD on Activiti too. And it is not working with similar settings. Configuration file for that is located on this path (and also attached it)
C:\Alfresco\Activiti-1.3.3-january\tomcat\webapps\activiti-app\WEB-INF\classes\META-INF\activiti-app\activiti-ldap.properties
 
I also enabled debugging by setting log4j.logger.com.activti.idm.ldap=debug in log4j.properties file. Unfortunately it doesn't provide much information. All it does is it shows this message when we try to log in:
 
09:43:23,392 [http-nio-8080-exec-4] DEBUG com.activti.idm.ldap.auth.ActivitiActiveDirectoryAuthenticationProvider  - Authentication for luka.bizjak@skb.si failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
09:43:23,392 [http-nio-8080-exec-4] INFO  com.activti.idm.ldap.auth.ActivitiActiveDirectoryAuthenticationProvider  - Active Directory authentication failed: Supplied password was invalid
 
I believe that Activiti doesn't import users from AD, so problem has to be in importing part.
 
Also catalina.log and localhost.log don't show any errors at all.
 
 
So can you help please?
ldap-authentication.properties file is from Alfresco AD configuration, and that works. Can you create/fix file for Activiti AD configuration out of that Alfresco's working file?

I would be eternally grateful, this is the only thing standing between me and my graduation.

PS: I only removed "ldap.synchronization.java.naming.security.credentials" so that it is hidden.
PSS: I had to change .properties extension to .txt, so that i could upload ithere. You can simply change it back to .properties if you want
Labels:
ldap-authentication.txt.zip
activiti-ldap.txt.zip
5 REPLIES 5

jbarrez
Star Contributor
Star Contributor

‎02-05-2016 09:38 AM

Moved to Enterprise forum.

We've got many customers running AD with Activiti, so I'm sure there is a way to get it working.

I see ldap.authentication.active-directory.enabled=true. I've heard many people have success by NOT using that, and accessing AD as a regular Ldap server (so just use the traditional ldap queries etc).
0 Kudos

bizilux
Champ on-the-rise
Champ on-the-rise

‎02-09-2016 05:08 AM

Hello, yes I did find that already, and I tried it a month ago, but no luck.

I've also found this bug report which is basically describing exact problem that we have…
https://issues.alfresco.com/jira/browse/ACTIVITI-225

this is the interesting bit:
<code>
If Users were anywhere created elsewhere in the domain besides the "CN=Users" it would never authenticate. This can be problematic as enterprise AD will not always have all the users created under "CN=Users, DC=…,DC=…" they may exists else where in the domain.</code>

Our AD structure is different, it was modified, so we dont have all users under this default AD structure.

Could you please ask one of your guys to take a look at this bug? I am almost certain this is the problem. Afterall, AD is working on Alfresco. And on Activiti it wont even import users.
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎02-11-2016 03:51 AM

This issue is specifically about the AD specific properties. In the same issues it also states:

"I could never figure out how to get any of these properties to work, instead I stripped it down to basics and removed all activite-directory properties and it works. It was never the synchronization that was of issue but authentication did not work otherwise."

I checked with the person who created the issue and she confirmed me it was working once she changed the configuration to be a 'regular ldap' instead of an AD one (so simply talking to AD as if it were an LDAP server).
0 Kudos

bizilux
Champ on-the-rise
Champ on-the-rise

‎02-11-2016 04:10 AM

thanks for replying… I was even thinking right now of installing another AD that would be in test environment and not in production, so that i could figure this out

So if I understand you correctly, you are saying that in documentation, I should just look at "LDAP Example" and not at "Active Directory Example" right?  I should just use settings for LDAP examples?

Could you tell me who was the person who created the issue? I would like to contact him/her for a few more follow up questions… is it Jennie Soria or is she just managing this issue, since she is an employee?
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎02-11-2016 04:58 AM

Indeed, acting like AD is a regular LDAP solved the issue (and I've heard the same before).
Jennie is indeed an Alfresco employee and she created this issue.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC