Question

我致力于将IBM Domino与activiti.org工作流引擎集成。我需要将Activiti与Domino LDAP连接以便检索用户和组。
我已经可以使用我的Domino凭据登录，但我无法解析用户组。我的用户是 ACTIVITI_ADMINS domino组的成员，但他没有看到activiti-explorer管理菜单（默认 kermit 用户看到的菜单）。我在Activiti xml配置文件中做了以下修改。我应该在配置文件中添加/重写什么才能解析用户组？

Activiti的定制-context.xml中

<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
    <!--...-->
    <property name="configurators">
        <list>
            <bean class="org.activiti.ldap.LDAPConfigurator">
                <!-- Server connection params -->
                <property name="server" value="ldap://myDominoLdapServer" />
                <property name="port" value="389" />                
                <property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
                <property name="password" value="myPassword" />
                <!-- Query params -->                
                <property name="baseDn" value="o=myCompany" />      
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(displayname={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />        
                <!-- Attribute config -->       
                <property name="userIdAttribute" value="displayname" />
                <property name="userFirstNameAttribute" value="GivenName" />
                <property name="userLastNameAttribute" value="sn" />
                <property name="userEmailAttribute" value="mail" />
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
            </bean>
        </list>
    </property>
</bean>

Activiti的-UI-context.xml中

<bean name="explorerApp" class="org.activiti.explorer.ExplorerApp" scope="session">
    <property name="environment" value="${activiti.ui.environment}" />
    <property name="useJavascriptDiagram" value="${activiti.ui.jsdiagram}" />
    <property name="i18nManager" ref="i18nManager" />
    <property name="viewManager" ref="viewManager" />
    <property name="notificationManager" ref="notificationManager" />
    <property name="attachmentRendererManager" ref="attachmentRendererManager" />
    <property name="formPropertyRendererManager" ref="formPropertyRendererManager" />
    <property name="variableRendererManager" ref="variableRendererManager" />
    <property name="applicationMainWindow" ref="mainWindow" />
    <property name="componentFactories" ref="componentFactories" />
    <property name="workflowDefinitionConversionFactory" ref="workflowDefinitionConversionFactory" />
    <property name="loginHandler" ref="activitiLoginHandler" />
    <property name="simpleWorkflowJsonConverter" ref="simpleWorkflowJsonConverter" />
    <property name="adminGroups">
        <list>      
            <value>ACTIVITI_ADMINS</value>
        </list>
    </property>
    <property name="userGroups">
        <list>
            <value>user</value>
        </list>
    </property>
</bean>

Answer 1

您的配置看起来正确，因此问题必须与用于检索用户的组的LDAP查询有关：

<property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />

此查询是否返回ACTIVITI_ADMIN组？

Answer 2

好吧，我发现 baseDN 条目是我遇到问题的原因。我设置了空值，Activiti现在正在解析我的小组。 activiti-custom-context.xml 文件包含以下代码：

<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
    <!--...-->
    <property name="configurators">
        <list>
            <bean class="org.activiti.ldap.LDAPConfigurator">
                <!-- Server connection params -->
                <property name="server" value="ldap://myDominoLdapServer" />
                <property name="port" value="389" />                
                <property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
                <property name="password" value="myPassword" />
                <!-- Query params -->              
                <!--MY CHANGE START-->  
                <property name="baseDn" value="" />
                <!--MY CHANGE END-->  
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(displayname={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />        
                <!-- Attribute config -->       
                <property name="userIdAttribute" value="displayname" />
                <property name="userFirstNameAttribute" value="GivenName" />
                <property name="userLastNameAttribute" value="sn" />
                <property name="userEmailAttribute" value="mail" />
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
            </bean>
        </list>
    </property>
</bean>

如何配置activiti.org以使用IBM Domino LDAP组

2 个答案: