Help

Issue with integration of alfresco process services with active directory

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ajay_k
Active Member
‎27 Sep 2018 8:02 AM

Issue with integration of alfresco process services with active directory

Jump to solution

I need to integrate alfresco process services with active directory. For that i edited activiti-ldap.properties file in <install location>/tomcat/lib as it had precedence than activiti-ldap.properties file in <install location>tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/activiti-app/. But i'm unable to login with active directory users.

I'm attaching both properties files here and renamed those files to differentiate here.

activiti-ldap(webapps).properties.zip
activiti-ldap(tomcat⁄lib).properties.zip
0 Kudos
Reply
1 Solution

Accepted Solutions
deko
Established Member
‎28 Sep 2018 7:21 AM

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Hi Ajay,

Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.

Reviewing your properties file, I can see that this cannot work as is at the moment.

I see you set correctly

ldap.authentication.enabled=true

As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:

# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.

# By default, runs at midnight, since this is quite a heavy operation.

# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.

#ldap.synchronization.full.enabled=false

#ldap.synchronization.full.cronExpression=0 0 0 * * ?

# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.

# A differential sync cannot detect deletes of users/groups. This is done by the full sync.

#ldap.synchronization.differential.enabled=false

#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?‍‍‍

Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.

After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.

Best regards,

Dennis

View solution in original post

Reply
2 Replies
deko
Established Member
‎28 Sep 2018 7:21 AM

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Hi Ajay,

Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.

Reviewing your properties file, I can see that this cannot work as is at the moment.

I see you set correctly

ldap.authentication.enabled=true

As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:

# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.

# By default, runs at midnight, since this is quite a heavy operation.

# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.

#ldap.synchronization.full.enabled=false

#ldap.synchronization.full.cronExpression=0 0 0 * * ?

# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.

# A differential sync cannot detect deletes of users/groups. This is done by the full sync.

#ldap.synchronization.differential.enabled=false

#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?‍‍‍

Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.

After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.

Best regards,

Dennis

Reply
ajay_k
Active Member
‎28 Sep 2018 8:58 AM

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Thanks Dennis, now its working.

Reply
Alfresco Process Services Forum

Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.