User Task Assignments to Candidate Groups and accessing workitems from spring-container

I am creating a 2 step process (both steps are User Tasks) and trying to assign the 2 tasks to 2 different candidate groups.
Questions :

  1. How to configure organizational structure (groups->users awareness of the flowable engine) where groups and users can be created in fowable engine by connecting directly to LDAP server without any manual group/user creation using flowable-idm.

I do not want to introduce a process level variable and assign the step to the variable and populate the variable at runtime. I want the engine/spring application context to load the organizational structure from LDAP server (user-role mapping info is available in LDAP server)

  1. How to migrate this awareness in spring application context ? My understanding is we can export the bpmn xml and use it spring boot src/main/resources/processes. What configurations need to be done so that spring application context is aware of the organizational structure?

Also I do not want to use the “Fixed Values” option while configuring assignees to user tasks to groups, but use candidate groups for the same . And be able from spring container to successfully view pending workitems using a userid belonging to that candidate group to which the step where process is pending has been assigned.

  1. If you’re using LDAP, you don’t need to configure anything in IDM. You use the id’s from users/groups in ldap in the process model. The engine doesn’t check any of these values, they are there for querying, etc.

  2. Same story, Flowable is agnostic to it. If you’re using Spring, you configure Spring security with LDAP. In your application, you will have a Spring Principal after logging in which you can use to do for example a query using the principal’s id to get a task list through the taskQuery.assignee(userId).