Hyland Connect

b_schnarr · ‎03-06-2014

Maybe, I did something wrong. When I use local users, the user form type works well and I can select my assignee. Now I connected the Explorer to an LDAP. The integration works well but the user form type does not show any users anymore.

Did I something wrong or is this a bug?

Thank you
Ben

b_schnarr · ‎03-13-2014

Exactly. Maybe, the activiti developers have another idea? @tombo, thanks for you contribution and your fast answeres!

tombo · ‎03-13-2014

Last shot. We could try handle NPE event? (I hope that code is right)
<code>
    if (ldapConfigurator.getUserLastNameAttribute() != null) {
            try {
            user.setLastName(result.getAttributes().get(ldapConfigurator.getUserLastNameAttribute()).get().toString());
            } catch (NullPointerException npe) {
                user.setLastName("DummyValue");
            }
        }
</code>

b_schnarr · ‎03-13-2014

So often, the easiest answer is the right! It works! With this here
<code>
protected void mapSearchResultToUser( SearchResult result, UserEntity user) throws NamingException {
    if (ldapConfigurator.getUserIdAttribute() != null) {
      user.setId(result.getAttributes().get(ldapConfigurator.getUserIdAttribute()).get().toString());
    }
    if (ldapConfigurator.getUserFirstNameAttribute() != null) {
     try{
      user.setFirstName(result.getAttributes().get(ldapConfigurator.getUserFirstNameAttribute()).get().toString());
     }catch(NullPointerException e){
      user.setFirstName("");
     }
    }
    if (ldapConfigurator.getUserLastNameAttribute() != null) {
     try{
      user.setLastName(result.getAttributes().get(ldapConfigurator.getUserLastNameAttribute()).get().toString());
     }catch(NullPointerException e){
      user.setLastName("");
     }
    }
    if (ldapConfigurator.getUserEmailAttribute() != null) {
      user.setEmail(result.getAttributes().get(ldapConfigurator.getUserEmailAttribute()).get().toString());
    }
}
</code>

Everything works fine. And the mystery with Klaus Kerberos is solved, too. There was a third user beginning with ker, the user "waskerb". This user has no lastname. Therefore, when i typed in "kerb", there were 2 users matching: Klaus Kerberos and "waskerb". Because waskerb has no name, the exception was thrown. Now, both Users are displayed correctly in the User Form Type!

I know that you sould not catch Runtime-Exceptions, but it can always happen that a user has not all properties in LDAP. Therefore, activiti developers, could you add this try-catch Block in the official distro? That would help a lot of people and then, the user form type can be used with LDAP.

Very cool!!

Thanks a lot @tombo for the great ideas.

tombo · ‎03-14-2014

Excellent. Thank you for doing the actual job.
Those several small changes, along with extra password check, bring back important functionality for the enterprise environment.
My own conclusion, based on the finished project, is that activiti-explorer can be used in production environment. I understand developers point that it's just technology demo (because there are other priorities), but it has to many functionality built in to be easily replaced with your own solution.
Regards,
Boris

b_schnarr · ‎03-14-2014

I am exactly of the same opinion. Therefore, it would be great if those several lines of code could be integrated in the official distro.

jbarrez · ‎03-17-2014

Thanks for diving into that guys!

Added fix: https://github.com/Activiti/Activiti/commit/7e6353942597c114f480ecf8c5578b44511c76f2

kgiannakakis · ‎04-28-2015

LDAP integration with activiti-explorer is a a hard requirement for me as well. I have two comments to make regarding the provided solution.

1) Why not null checking for email as well. In my opinion a user with a missing mail attribute is much more likely than a user with a missing first or last name:

<java>
if (ldapConfigurator.getUserEmailAttribute() != null) {
    try {
        user.setEmail(result.getAttributes().get(ldapConfigurator.getUserEmailAttribute()).get().toString());
    }catch(NullPointerException e){
        user.setEmail("");
    }
}
</java>

2) The '%' character in search like query is a problem for LDAP searching. It is better to handle this in ldap module than in the activiti-explorer (org.activiti.explorer.ui.custom.SelectUsersPopupWindow.searchPeople). Something like the code below in LDAPUserManager.findUserByQueryCriteria will do:

<java>
} else if (query.getFullNameLike() != null){

final String fullNameLike = query.getFullNameLike().replaceAll("%", "");

LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
return ldapTemplate.execute(new LDAPCallBack<List<User>>() {

    public List<User> executeInContext(InitialDirContext initialDirContext) {
      List<User> result = new ArrayList<User>();
      try {
        String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullNameLike);
</java>

jbarrez · ‎04-28-2015

kgiannakakis, thanks for the comments. Would it be possible to wrap those code changes in a pull request so we can see the actual changes and discuss it properly?

kgiannakakis · ‎04-30-2015

Thanks for the response. I have created the pull request:

https://github.com/Activiti/Activiti/pull/581

jbarrez · ‎05-07-2015

Thanks! Will discuss further on the Pull Requests there.

Hyland Connect

User Form Type does not show users when using LDAP