Issue with integration of alfresco process services with active directory

cancel
Showing results for 
Search instead for 
Did you mean: 
ajay_k
Active Member

Issue with integration of alfresco process services with active directory

Jump to solution

I need to integrate alfresco process services with active directory. For that i edited activiti-ldap.properties file in <install location>/tomcat/lib as it had precedence than activiti-ldap.properties file in <install location>tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/activiti-app/. But i'm unable to login with active directory users.

I'm attaching both properties files here and renamed those files to differentiate here.

1 Solution

Accepted Solutions
deko
Established Member

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Hi Ajay,

Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.

Reviewing your properties file, I can see that this cannot work as is at the moment.

I see you set correctly

ldap.authentication.enabled=true

As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:

# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.

# By default, runs at midnight, since this is quite a heavy operation.

# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.

#ldap.synchronization.full.enabled=false

#ldap.synchronization.full.cronExpression=0 0 0 * * ?

# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.

# A differential sync cannot detect deletes of users/groups. This is done by the full sync.

#ldap.synchronization.differential.enabled=false

#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?‍‍‍

Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.

After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.

Best regards,

Dennis

View solution in original post

2 Replies
deko
Established Member

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Hi Ajay,

Indeed, you should only modify the activiti-ldap.properties file in the tomcat/lib directory, as this is loaded last from the classpath and after the properties file from within the exploded webapp was loaded.

Reviewing your properties file, I can see that this cannot work as is at the moment.

I see you set correctly

ldap.authentication.enabled=true

As you can see in the properties file in the comment above this property, for authentication to work properly, the synchronization part needs also to be enabled. So you should enable it by removing those comments and changing those properties to true and defining the crons:

# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.

# By default, runs at midnight, since this is quite a heavy operation.

# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.

#ldap.synchronization.full.enabled=false

#ldap.synchronization.full.cronExpression=0 0 0 * * ?

# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.

# A differential sync cannot detect deletes of users/groups. This is done by the full sync.

#ldap.synchronization.differential.enabled=false

#ldap.synchronization.differential.cronExpression=0 0 */4 * * ?‍‍‍

Also I see that you only defined the LDAP URL, but the security principal and password are commented, which does not make much sense.

After a restart you can then login as admin and inspect, whether your users and groups have been synced in by going to activiti-app -> Identity Management -> Users. Only if you can see your expected users synced in there and existing there, you will be able to login with those if the rest of your configration is fine.

Best regards,

Dennis

ajay_k
Active Member

Re: Issue with integration of alfresco process services with active directory

Jump to solution

Thanks Dennis, now its working.