Search code examples
ldaplotus-dominoactiviti

How to config activiti.org to work with IBM Domino LDAP groups

I work on integration IBM Domino with activiti.org workflow engine. I need to connect Activiti with Domino LDAP in order to retrive users and groups.
I already can log in with my Domino credentials but I'm not able to resolve user groups. My user is a member of ACTIVITI_ADMINS domino group but he doesn't see activiti-explorer administration menu (the one that default kermit user see). I've made the following modifications in Activiti xml config files. What should I add/rewrite in my config files in order to resolve user groups?

activiti-custom-context.xml

<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
    <!--...-->
    <property name="configurators">
        <list>
            <bean class="org.activiti.ldap.LDAPConfigurator">
                <!-- Server connection params -->
                <property name="server" value="ldap://myDominoLdapServer" />
                <property name="port" value="389" />                
                <property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
                <property name="password" value="myPassword" />
                <!-- Query params -->                
                <property name="baseDn" value="o=myCompany" />      
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(displayname={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />        
                <!-- Attribute config -->       
                <property name="userIdAttribute" value="displayname" />
                <property name="userFirstNameAttribute" value="GivenName" />
                <property name="userLastNameAttribute" value="sn" />
                <property name="userEmailAttribute" value="mail" />
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
            </bean>
        </list>
    </property>
</bean>

activiti-ui-context.xml

<bean name="explorerApp" class="org.activiti.explorer.ExplorerApp" scope="session">
    <property name="environment" value="${activiti.ui.environment}" />
    <property name="useJavascriptDiagram" value="${activiti.ui.jsdiagram}" />
    <property name="i18nManager" ref="i18nManager" />
    <property name="viewManager" ref="viewManager" />
    <property name="notificationManager" ref="notificationManager" />
    <property name="attachmentRendererManager" ref="attachmentRendererManager" />
    <property name="formPropertyRendererManager" ref="formPropertyRendererManager" />
    <property name="variableRendererManager" ref="variableRendererManager" />
    <property name="applicationMainWindow" ref="mainWindow" />
    <property name="componentFactories" ref="componentFactories" />
    <property name="workflowDefinitionConversionFactory" ref="workflowDefinitionConversionFactory" />
    <property name="loginHandler" ref="activitiLoginHandler" />
    <property name="simpleWorkflowJsonConverter" ref="simpleWorkflowJsonConverter" />
    <property name="adminGroups">
        <list>      
            <value>ACTIVITI_ADMINS</value>
        </list>
    </property>
    <property name="userGroups">
        <list>
            <value>user</value>
        </list>
    </property>
</bean>
Solution

  • Well, I've found that the baseDN entry was the reason of my problem. I set empty value and Activiti is resolving my group now. The activiti-custom-context.xml file contains the following code:

    <bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
    <!--...-->
    <property name="configurators">
        <list>
            <bean class="org.activiti.ldap.LDAPConfigurator">
                <!-- Server connection params -->
                <property name="server" value="ldap://myDominoLdapServer" />
                <property name="port" value="389" />                
                <property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
                <property name="password" value="myPassword" />
                <!-- Query params -->              
                <!--MY CHANGE START-->  
                <property name="baseDn" value="" />
                <!--MY CHANGE END-->  
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(displayname={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />        
                <!-- Attribute config -->       
                <property name="userIdAttribute" value="displayname" />
                <property name="userFirstNameAttribute" value="GivenName" />
                <property name="userLastNameAttribute" value="sn" />
                <property name="userEmailAttribute" value="mail" />
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
            </bean>
        </list>
    </property>
</bean>