How to use Actors and Filters with LDAP in Bonita?

Actors means : Person who will perform the step/task. In my project, I need to get all the HODs from LDAP server and then applying the filters on HOD for defining, which HOD is for which department.

In Bonita Actor, following are the parameters that need to be discussed:

Server connection

The first settings are used to establish connection to the LDAP server.

Make sure that the protocol type matches the port number.

Use a username that has sufficient privileges to make LDAP queries.

  • Host: The host name or IP address where your LDAP server is located (e.g. localhost or 192.168.0.1)
  • Port: The port number that your LDAP server is listening to. The default port for LDAP is 389, for LDAPS (LDAP using an SSL tunnel) the port is 636.
  • Protocol: The choice between LDAP, LDAPS and TLS (LDAP secure using TLS instead of SSL for LDAPS)
  • User name: The username used to connect to the LDAP server. Usually, the username is the DN of a user, stored in the LDAP (e.g. for OpenDS cn=directory manager).
  • Password: The password associated with the username.

Once the LDAP connection has been configured, try to connect using the “Test Configuration” button.

User selection

The settings here are used to query the LDAP and return a list of usernames. To understand how this is done, see the section called “Behavior”, below.

Important: The username returned by the LDAP Actor Selector must match the username used to log in to User Experience.

  • Group base DN: the DN to the LDAP entry parent of all groups
  • People base DN: the DN to the LDAP entry parent of all users
  • Filter: the LDAP filter to select one group. LDAP filter example: (&(cn=groupSales)(objectclass=groupOfUniqueNames))

Advanced settings impact the way the query is executed:

  • Scope:
    • subtree: the query will be run recursively on all elements under the base DN
    • one level: the query will only be run on one level under the base DN
    • base: the query will only be run on the base DN
  • Size limit: specifies the maximum number of entries returned by the query
  • Time limit: the maximum time in seconds you want to allow to answer the query
  • Referral handling:
    • Ignore: the referral will not be followed
    • Follow: the referral will be followed
  • Alias de-referencing: under which condition aliases are de-referenced.

Behaviour

Executing the LDAP Actor Selector will run the following steps:

  • A query to select one group is created.
  • The query will only keep the “uniqueMember” attribute value. One group (groupOfUniqueNames) can contain several uniqueMember attributes, one for each user member of the group.
    Here groupOfUniqueNames is objectClass for group from which users are fetched. Its must. Otherwise you want fetch the users from LDAP. If you want to change this configuration, you need to make your own LDAP Actor selector.
  • An LDAP “filter” is used to select only one group entry. If several groups match the query, only the first one is used.
  • The query is run under “Group base DN”.
  • The query execution will provide a list of user DN’s.
    A new query is created to get the user’s username.
  • The query includes a filter configured to get all users returned by the previous query.
  • The query looks for the username in an attribute named “uid”.
  • The query is run under “People base DN”.
  • A list of user uid’s is returned by the Actor Selector.
    If you need a different behavior, you can create your own Actor Selector.
    Filter Configuration:
    To choose one HOD at a time, depending on department of employee, we need to filter the actors. This option is to the right column when you click on Actors.
    Here is the code:
    def result=[]
    candidates.each{
    if('${department}'=='CE' && it=='hsrai')
    
     result.add(it)
    else if ('${department}'=='EE' && it=='jas')
    
     result.add(it)
    else if ('${department}'=='CSE' && it=='aman')
     result.add(it)
    else if ('${department}'=='ECE' &&  it=='nirmal')
     result.add(it)
    else if ('${department}'=='ME' && it=='khangu')
    result.add(it)
    else if ('${department}'=='PE' && it=='naran')
      result.add(it)
    else if ('${department}'=='IT' && it=='akshay')
     result.add(it)
    }
    result as Set
    You can write all conditions together using OR (||) operator also.
    Here candidates is predefined variable list containing the result (list of users that you get from Actors)
    it is implicit variable used to iterate through the list of variables.
    Thats all. 🙂

Server connection

The first settings are used to establish connection to the LDAP server.

Make sure that the protocol type matches the port number.

Use a username that has sufficient privileges to make LDAP queries.

  • Host: the host name or IP address where your LDAP server is located (e.g. localhost or 192.168.0.1)
  • Port: the port number that your LDAP server is listening to. The default port for LDAP is 389, for LDAPS (LDAP using an SSL tunnel) the port is 636.
  • Protocol: the choice between LDAP, LDAPS and TLS (LDAP secure using TLS instead of SSL for LDAPS)
  • User name: the username used to connect to the LDAP server. Usually, the username is the DN of a user, stored in the LDAP (e.g. for OpenDS cn=directory manager).
  • Password: the password associated with the username

Once the LDAP connection has been configured, try to connect using the “Test Configuration” button.

Advertisements

About Priyanka Kapoor

Simple, Hardworking & friendly.....
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s