This plugin provides a user directory implementation that retrieves user and group information from an LDAP server. To use it, go to System Setting > Directory Manager Setting, select "LDAP Directory Manager" from the drop-down list and click on "select" button.
Figure 1 : Steps to enable LDAP Directory Manager
After that, a configuration screen as Figure 2 will appear, set it accordingly to your LDAP organization structure and submit it.
Figure 2: LDAP Directory Manager configuration screen
After the configurations are correctly set, the LDAP directory manager implementation will be enable. You require to log out and log in again. You can use the value set in the "Admin Username (Principal)" and "Admin Password (Credential)" to login Workflow Management Console as admin in the case that your LDAP directory manager configuration doesn't work. Note that when the LDAP directory manager implementation is enabled, the "Setup Users" in the main navigator of Workflow Management Console will be disabled.
Figure 3: After LDAP directory manager is enabled
Configuration Explanation
Page 1 : Configure LDAP Directory Manager
URL : URL of the LDAP server
Admin Username (Principal) : Login username (also known as principal) of the LDAP user that has permission to browse the targeted LDAP server. It also can be used to login Workflow Management Console as admin (useful in event when the LDAP Plugin configuration doesn't work).
Admin Password (Credential) : Login password (also known as credential) of the LDAP user that has permission to browse the targeted LDAP server. It also can be used to login Workflow Management Console as admin (useful in event when the LDAP Plugin configuration doesn't work).
Root DN : Root DN to be queried for LDAP entries
Page 2 : User
User Base DN : Base DN of the LDAP user entries. If not specified, the Root DN will be used.
User Import Search Filter : LDAP filter query to return LDAP user entries. eg. "(objectClass=person)". Refer to LDAP Filter Syntax.
Attribute Mapping - Username : LDAP entry attribute that return username of user. eg. "sAMAccountName".
Attribute Mapping - First Name : LDAP entry attribute that return first name of user.
Attribute Mapping - Last Name : LDAP entry attribute that return last name of user.
Attribute Mapping - Email : LDAP entry attribute that return email of user.
Attribute Mapping - Status : LDAP entry attribute that return status of user. Returned value should be either 1 or 0. If not specified, the value will be set to 1 for all users.
Attribute Mapping - Time Zone : LDAP entry attribute that return time zone of user. Returned value should be a number from -12 to 12 (>= -12 and <= 12).
Attribute Mapping - Report To : LDAP entry attribute that return the primary attribute value of a LDAP user entry which a user is reporting to. eg. "manager". The "reportTo" takes higher precedence than HOD defined in Department
Map To "Report To" Entry Attribute : The primary attribute of a LDAP entry that return by "Report To". eg. "distinguishedName".
Attribute Mapping - Groups : LDAP entry attribute that return the primary attribute value of a LDAP group entry which a user is belonging to. eg. "memberOf". Used only when groups info is also kept in LDAP user.
Map To LDAP Group Entry Primary Attribute : The primary attribute of a LDAP entry that return by "Groups". eg. "distinguishedName".
Attribute Mapping - Departments : LDAP entry attribute that return the primary attribute value of a LDAP department entry which a user is belonging to. eg. "memberOf". Used only when departments info is also kept in LDAP user.
Map To LDAP Department Entry Primary Attribute : The primary attribute of a LDAP entry that return by "Departments". eg. "distinguishedName".
Page 3 : Group
Group Base DN : Base DN of the LDAP group entries. If not specified, the Root DN will be used.
Group Import Search Filter : LDAP filter query to return LDAP group entries. eg. "(objectClass=group)". If not specified, no group will be queried. Refer to LDAP Filter Syntax.
Attribute Mapping - Id : LDAP entry attribute that return id of group. eg. "distinguishedName".
Attribute Mapping - Name : LDAP entry attribute that return name of group.
Attribute Mapping - Description : LDAP entry attribute that return description of group.
Attribute Mapping - Users : LDAP entry attribute that return the primary attribute value of a LDAP user entry. eg. "member".
Map To LDAP User Entry Primary Attribute : The primary attribute of a LDAP entry that return by "Users". eg. "distinguishedName".
Page 4 : Department
Department Base DN : Base DN of the LDAP department entries. If not specified, the Root DN will be used.
Department Import Search Filter : LDAP filter query to return LDAP department entries. eg. "(objectClass=group)". If not specified, no department will be queried. Refer to LDAP Filter Syntax.
Attribute Mapping - Id : LDAP entry attribute that return id of department.
Attribute Mapping - Name : LDAP entry attribute that return name of department.
Attribute Mapping - Description : LDAP entry attribute that return description of department.
Attribute Mapping - HOD : LDAP entry attribute that return the primary attribute value of a LDAP user entry which representing a head of department. eg. "manager".
Attribute Mapping - Users : LDAP entry attribute that return the primary attribute value of a LDAP user entry. eg. "member".
Map To LDAP User Entry Primary Attribute : The primary attribute of a LDAP entry that return by "HOD" and "Users". eg. "distinguishedName".
Page 5 : Admin Role
Admin Role Base DN : Base DN of the LDAP admin role entries. If not specified, the Root DN will be used.
Admin Role Import Search Filter :LDAP filter query to return LDAP department entries. eg. "(objectClass=group)". If not specified, no user with administrator role will be queried. Refer to LDAP Filter Syntax.
Attribute Mapping - Users : LDAP entry attribute that return the primary attribute value of a LDAP user entry. eg. "member". Returned LDAP user entries will be granted with admin role in Workflow Management Console
Map To LDAP User Entry Primary Attribute : The primary attribute of a LDAP entry that return by "Users". eg. "distinguishedName".
Page 6 : Advanced
Result Size Per Paged Search : Controls the total number of entries that can be returned by a paged search. To disable paged search, please set the value to 0
Debug Mode : If ticked, debugging messages will be logged to help troubleshooting.
Sample Configuration
KBv3:This LDIF file (click to download), contains a sample LDAP structure assembling the standard organization chart and user base bundled into the Joget Workflow database in default installation.
For a brief graphical illustration, the LDAP structure looks like this: 
And using this sample LDAP structure, the LDAP Plugin could be configured as follows:
Using this sample configuration:
URL : ldap://hostname:389 (please change this accordingly)
Admin Username (Principal) : cn=admin,dc=joget,dc=org
Admin Password (Credential) : admin
Root DN : DC=joget,DC=org
User Base DN :
User Import Search Filter : (objectClass=person)
Attribute Mapping - Username : cn
Attribute Mapping - First Name : givenName
Attribute Mapping - Last Name : sn
Attribute Mapping - Email : mail
Attribute Mapping - Status :
Attribute Mapping - Time Zone : 8
Attribute Mapping - Report To :
Map To "Report To" Entry Attribute :
Map To LDAP Group Entry Primary Attribute :
Attribute Mapping - Departments :
Map To LDAP Department Entry Primary Attribute :
Group Base DN :
Group Import Search Filter : (objectClass=groupOfNames)
Attribute Mapping - Id : cn
Attribute Mapping - Name : description
Attribute Mapping - Description : description
Attribute Mapping - Users : member
Map To LDAP User Entry Primary Attribute : distinguishedName
Department Base DN :
Department Import Search Filter : (objectClass=groupOfNames)
Attribute Mapping - Id : cn
Attribute Mapping - Name : description
Attribute Mapping - Description : description
Attribute Mapping - HOD : owner
Attribute Mapping - Users : member
Map To LDAP User Entry Primary Attribute : distinguishedName
Admin Role Base DN :
Admin Role Import Search Filter : (cn=clark)
Attribute Mapping - Users : distinguishedName
Map To LDAP User Entry Primary Attribute : distinguishedName
Result Size Per Paged Search : 100
Debug Mode :
- We can login to Workflow Management Console with admin role, using either of these users:
- username: cn=admin,dc=joget,dc=org, password: admin
- username: clark, password: password
- These are the departments and user groups that will be pulled:
- CEO's Office
- Finance
- Human Resource & Admin
- Marketing
- Product Development
- Support & Services
- Training & Consulting