AnsweredAssumed Answered

Programmatically LDAP configuration

Question asked by matutano6 on May 22, 2015
Latest reply on Jun 2, 2015 by matutano6
I'm trying to configure LDAP on a ProcessEngine by doing it programmatically on Activiti 5.14. First, I want to use the default configuration resource (i.e. and then configure the LDAP properties. Everythings seems to work until the engine tries to do queries to the LDAP server; then I get the following exception:

   at org.activiti.ldap.LDAPQueryBuilder$1.executeInContext(
   at org.activiti.ldap.LDAPQueryBuilder$1.executeInContext(
   at org.activiti.ldap.LDAPTemplate.execute(
   at org.activiti.ldap.LDAPQueryBuilder.buildQueryGroupsForUser(
   at org.activiti.ldap.LDAPGroupManager$1.executeInContext(
   at org.activiti.ldap.LDAPGroupManager$1.executeInContext(
   at org.activiti.ldap.LDAPTemplate.execute(
   at org.activiti.ldap.LDAPGroupManager.findGroupsByUser(
   at org.activiti.engine.impl.TaskQueryImpl.getGroupsForCandidateUser(
(not relevant stacktrace follows)

This is the code I'm using:

/* Create default configuration */
ProcessEngineConfigurationImpl engineConfiguration = (ProcessEngineConfigurationImpl)

/* Populate configuration */
LDAPConfigurator ldapConfigurator = new LDAPConfigurator();
ldapConfigurator.setServer("actual value was removed");
ldapConfigurator.setUser("actual value was removed");
ldapConfigurator.setPassword("actual value was removed");
ldapConfigurator.setUserBaseDn("actual value was removed");
ldapConfigurator.setGroupBaseDn("actual value was removed");

ldapConfigurator.setQueryUserByUserId("actual value was removed");
ldapConfigurator.setQueryUserByFullNameLike("actual value was removed");
ldapConfigurator.setQueryGroupsForUser("actual value was removed");
ldapConfigurator.setUserIdAttribute("actual value was removed");
ldapConfigurator.setUserFirstNameAttribute("actual value was removed");
ldapConfigurator.setUserLastNameAttribute("actual value was removed");
ldapConfigurator.setGroupIdAttribute("actual value was removed");
ldapConfigurator.setGroupNameAttribute("actual value was removed");

/* Build process engine */
ProcessEngine processEngine = engineConfiguration.buildProcessEngine();

I browse the code (5.14) and found that the exception is raised at this line (

NamingEnumeration< ? > namingEnum =, userDnSearch, createSearchControls(ldapConfigurator));

If I'm not missing anything, the only way to have a NPE at that line is by having initialDirContext null. So, browsing up the origin of that object I arrived to LDAPConnectionUtil.createDirectoryContext:

public static InitialDirContext createDirectoryContext(LDAPConfigurator ldapConfigurator, String principal, String credentials) {
    Properties properties = new Properties();
    properties.put(Context.INITIAL_CONTEXT_FACTORY, ldapConfigurator.getInitialContextFactory());
    properties.put(Context.PROVIDER_URL, ldapConfigurator.getServer() + ":" + ldapConfigurator.getPort());
    properties.put(Context.SECURITY_AUTHENTICATION, ldapConfigurator.getSecurityAuthentication());
    properties.put(Context.SECURITY_PRINCIPAL, principal);
    properties.put(Context.SECURITY_CREDENTIALS, credentials);
    if (ldapConfigurator.getCustomConnectionParameters() != null) {
      for (String customParameter : ldapConfigurator.getCustomConnectionParameters().keySet()) {
        properties.put(customParameter, ldapConfigurator.getCustomConnectionParameters().get(customParameter));

    InitialDirContext context;
    try {
      context = new InitialDirContext(properties);
    } catch (NamingException e) {
      throw new ActivitiException("Could not create InitialDirContext for LDAP connection : " + e.getMessage(), e);
    return context;

Once again, the only way to get a null InitialDirContext is by leaving that method from the catch block, but I'm not getting that exception (at least, it's not beign shown in the log).

I think theres something missing when I populate the LDAPConfigurator, but I couldn't realize what it is yet. Maybe, the way I'm doing it is totally wrong and there has to be another approach to do what I'm trying to do. ¿Could please anyone tell me if I'm taking the right path or what's missing in my code?

Thanks in advance!