Integrating Activiti with Active Directory

Integrating Activiti with LDAP can be tricky. Through trail and error I got Active Directory working with Activit. The configuration may not be exactly the same for your organization, all depends on how your LDAP is setup.

package com.nuke.ldap;

import java.util.HashMap;
import java.util.Map;

import org.activiti.ldap.LDAPConfigurator;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;

import com.nuke.activiti.annotations.ActivitiProd;

@Configuration
@ActivitiProd
public class LDAPProdConfiguration {

	@Value("${LDAP_URL:}")
	private String ldapUrl;

	@Value("${LDAP_SERVICE_ACCOUNT_NAME:}")
    private String ldapServiceAccountUserName;

	@Value("${LDAP_SERVICE_ACCOUNT_CN:}")
    private String ldapServiceAccountUserNameCn;
    
	@Value("${LDAP_SERVICE_ACCOUNT_PASSWORD:}")
    private String ldapServiceAccountPassword;

	@Value("${LDAP_SEARCH_FILTER:}")
    private String ldapSearchFilter;

	@Bean(name="ldapProd")
	public LDAPConfigurator LDAProdPConfig(){
		LDAPConfigurator ldapProdConfig = new LDAPConfigurator();
		ldapProdConfig.setServer(ldapUrl);
		ldapProdConfig.setUser(ldapServiceAccountUserNameCn);
		ldapProdConfig.setPassword(ldapServiceAccountPassword);
		
		ldapProdConfig.setBaseDn("OU=Security Groups,DC=Corp,DC=internal,DC=us"); 
		ldapProdConfig.setUserBaseDn("OU=Service Accounts,DC=Corp,DC=internal,DC=us");
		ldapProdConfig.setGroupBaseDn("OU=Security Groups,DC=Corp,DC=internal,DC=us");
		
		ldapProdConfig.setQueryUserByUserId("(&(objectClass=user)(sAMAccountName={0}))");
		ldapProdConfig.setQueryUserByFullNameLike("(&(objectClass=user)(|({0}=*{1}*)({2}=*{3}*)))");
		ldapProdConfig.setQueryGroupsForUser("(&(objectClass=group)(member={0}))");
		
		Map<String, String> connectionMap = new HashMap<String, String>();
		connectionMap.put("InitialDirContext", "Context.REFERRAL");
		ldapProdConfig.setCustomConnectionParameters(connectionMap);
		
		ldapProdConfig.setUserIdAttribute("cn");
		ldapProdConfig.setUserFirstNameAttribute("givenName");
		ldapProdConfig.setUserLastNameAttribute("sn");
		
		ldapProdConfig.setGroupIdAttribute("sAMAccountName");
		ldapProdConfig.setGroupNameAttribute("sAMAccountName");
		
		return ldapProdConfig;
	}
}

Published by Thys Michels

Cloud Architect - Salesforce and everything related

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s