I need to integrate alfresco process services with active directory. For that i edited activiti-ldap.properties file in <install location>/tomcat/lib as it had precedence than activiti-ldap.properties file in <install location>tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/activiti-app/. But i'm unable to login with active directory users.
I'm attaching both properties files here and renamed those files to differentiate here.
Solved! Go to Solution.
Hi Ajay,
Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.
Reviewing your properties file, I can see that this cannot work as is at the moment.
I see you set correctly
ldap.authentication.enabled=true
As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:
# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.
# By default, runs at midnight, since this is quite a heavy operation.
# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.
#ldap.synchronization.full.enabled=false
#ldap.synchronization.full.cronExpression=0 0 0 * * ?
# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.
# A differential sync cannot detect deletes of users/groups. This is done by the full sync.
#ldap.synchronization.differential.enabled=false
#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?
Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.
After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.
Best regards,
Dennis
Hi Ajay,
Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.
Reviewing your properties file, I can see that this cannot work as is at the moment.
I see you set correctly
ldap.authentication.enabled=true
As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:
# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.
# By default, runs at midnight, since this is quite a heavy operation.
# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.
#ldap.synchronization.full.enabled=false
#ldap.synchronization.full.cronExpression=0 0 0 * * ?
# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.
# A differential sync cannot detect deletes of users/groups. This is done by the full sync.
#ldap.synchronization.differential.enabled=false
#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?
Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.
After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.
Best regards,
Dennis
Thanks Dennis, now its working.
Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.