Integration with LDAP

Hi Zholaman.

From my experience with activiti:

AD does not allow anonymous access, The following settings are used to query AD.
ldap.user=uid=admin, ou=system
ldap.password=secret

To find your users you will have to set the base dn.
ldap.basedn=OU=employees,DC=work,DC=company,DC=com

Incase you have multiple ou’s containing users, you just move the basedn a bit up.
For example:
ldap.basedn=DC=work,DC=company,DC=com

It is very important that ALL user objects below the basedn have all attributes set. Otherwise it can lead to null pointers.

A 2nd option that I have not thested is to point the basedn to “DC=company,DC=com”, and use ldap queries.

Once LDAP is in the stable branch, I’ll do some testing and document some scenarios with AD and LDAP.

A 3rd option is to add an attribute to the user and create an ldap query to filter out those users.
A 4th option would be to put all flowable users in a group and create an ldap query to filter out those users.

Hi Sebastiaan,

thank you a lot for your answer!

I have a proposal if you not against I can provide you a fresh build ‘war’ files of Flowable now or you can build it by youself using this step-by-step instruction created by me.

Best regards,
Zholaman

Hi Zholaman.

Do you know of a step-by-step Ubuntu way? :slight_smile:

Dear Sebastiaan,

Yes of course, my last Flowable I build under Ubuntu Server 16.04.2 LTS :slight_smile:

I need about 2-4 hours to prepare a new instruction, running ahead I will say that the sequence is about the same as under Windows.

I’ll let you know when new instruction has been prepared. I’ll try to do it until tomorrow.

Best regards,
Zholaman

Dear Sebastiaan,

instruction is ready. Link.

Best regards,
Zholaman

Hi Zholaman,

Guess I have no excuses now :slight_smile:
Give me a few days to build a virtual test environment. I’ll try to have something by the end of the weekend.

Dear Sebastiaan,

OK, thanks :slight_smile:

Best regards,
Zholaman

Well Zholaman,

I have no need for an AD implementation since we since we use Openldap at work.

I’ll know more this weekend, but I think a java developer with AD/LDAP knowledge should be able to resolve this.

Sebastiaan

Dear Sebastiaan,

no problem I will try to find a solution by myself.

In any way thanks for your effort!

Best regards,
Zholaman

For anybody who intersted to integrate with MS AD, I found the correct configuration option for MS AD.