AnsweredAssumed Answered

ldap integration with activiti on tomcat7

Question asked by ilansch on Dec 21, 2015
Latest reply on Dec 22, 2015 by jbarrez
Hi,
I want acitivi it to work with Windows Server 2012R2 Active Directory for authentication.
I have configured the activiti-custom-context ldap settings as following:

<!– Server connection params –>
            <property name="server" value="ldap://NIA-DC01" />
            <property name="port" value="389" />
            <property name="user" value="uid=DevUser,OU=Salli,OU=Users,DC=NIA,DC=DOM" />
            <property name="password" value="MyPass" />

            <!– Query params –>
            <property name="baseDn" value="DC=NIA,DC=DOM" />
            <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(uid={0}))" />
            <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
            <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />

            <!– Attribute config –>
            <property name="userIdAttribute" value="uid" />
            <property name="userFirstNameAttribute" value="cn" />
            <property name="userLastNameAttribute" value="sn" />
            <property name="userEmailAttribute" value="mail" />


            <property name="groupIdAttribute" value="cn" />
            <property name="groupNameAttribute" value="cn" />

          </bean>
      </list>
    </property>    

I am getting the following exception:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0

DevUser exist on active directory: http://i.imgur.com/pqM2pRu.png

What am i missing ? I have also edited activiti-ui-context as following:
  <property name="adminGroups">
  <list>
    <value>admin</value>
  </list>
  </property>
  <property name="userGroups">
    <list>
      <value>user</value>
    </list>
</property>

Outcomes