Firstly I’m sorry for bother you! I beg you not to bother yourself, could you just suggest directions, I’ll do the rest by myself. I have found instruction how to deploy Maven. After Maven installation I will try again. I want to walk through all these steps to create a document (procedure) to all newbies like me and publish it on the Google++ link
Ok that’s indeed to be expected on Windows (I use Mac OSx). But this is at the end of building the distro (building the user guide), so you should already have the Flowable Task application WAR file that you can use to test with AD.
First of all I have build Flowable from the src again (today) and checked intagration with LDAP server (embedded in Apache Studio) all working correctly.
Now I tried integration Flowable with MS Active Directory but no success a while. So I have couple of questions and I kindly ask you to answer on them when you have time.
1. In flowable-ui-app.properties (flowable-idm module) we have the option - “ldap.user=uid=admin” so what ‘uid’ is, can we use different indetificator insteed it ? For example, in MS AD we do not have ‘uid’, but there are two identificator what we can to use:
a) cn (like ‘John Deep’, with space character between first and last names);
b) sAMAccountName (like ‘john.deep’, without space character)
2. What type of data and in what format we need to return to the following two variables:
3. If we do not have ‘uid’ identificator in MS AD, what exactly we need to change in the following LDAP query or if we need to change only ‘uid’ parameter then what we should to use instead ‘uid’:
I’m not very familiar with Active Directory, maybe someone else from the community is able to help with these questions?
The ldap.user property is the value that is used to logon to the LDAP server together with ldap.password. So this needs to be your AD login.
For the queries, you would need to define a valid LDAP query to fetch a user by its id, where id is the username of the user that wants to login.
Let me draw your attention on some moment relating to integration with Active Directory.
When new user are creating they usually fall down under Users CN (which is default for new users), but in some cases System Administrators have different folder for new users.
So as I understand Flowable get admin login by ‘Distinguished Name’ (in case of LDAP) BUT what happens if ‘Distinguished Name’ of Administrator login/user will differ from ‘Distinguished Name’ of other domain users ?
Example: “Distinguished Name” of Administrator: CN=Administrator,CN=Users,DC=work,DC=company,DC=com
“Distinguished Name” of ordinary AD users: CN=Sophie Marceau,OU=employees,DC=work,DC=company,DC=com
CN = Common Name
OU = Organizational Unit
DC = Domain Component
AD does not allow anonymous access, The following settings are used to query AD.
To find your users you will have to set the base dn.
Incase you have multiple ou’s containing users, you just move the basedn a bit up.
It is very important that ALL user objects below the basedn have all attributes set. Otherwise it can lead to null pointers.
A 2nd option that I have not thested is to point the basedn to “DC=company,DC=com”, and use ldap queries.
Once LDAP is in the stable branch, I’ll do some testing and document some scenarios with AD and LDAP.
A 3rd option is to add an attribute to the user and create an ldap query to filter out those users.
A 4th option would be to put all flowable users in a group and create an ldap query to filter out those users.