I am using: java + spring ldap + activiti explorer version 5.15.1 framework
Objective: in Activiti Explorer, after admin accept an account to active, I will call a function to active user account in AD automatically.
Code to add in your class:
In header of your class define
Add one function in your class
(USING: activeAccount('quang.nguyendang', 'enable') or activeAccount('quang.nguyendang', 'disable'))
public UserEntity activeAccount(final String userId, final String action) {
if (StringUtils.isBlank(userId) || StringUtils.isBlank(action))
return null;
LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
return ldapTemplate.execute(new LDAPCallBack() {
public UserEntity executeInContext(InitialDirContext initialDirContext) {
try {
String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByUserId(ldapConfigurator, userId);
String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn();
NamingEnumeration< ? > namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
UserEntity user = new UserEntity();
while (namingEnum.hasMore()) { // Should be only one
SearchResult result = (SearchResult) namingEnum.next();
logger.debug("DATA FROM AD: " + result);
logger.debug("DATA FROM AD --> result.getNameInNamespace() : " + result.getNameInNamespace());
displayAttributes(result.getAttributes());
// update user status
String userAccountControlStr = result.getAttributes().get(USER_ACCOUNT_CONTROL_ATTR_NAME).get().toString();
int newUserAccountControl = Integer.parseInt(userAccountControlStr);
if (ENABLE.equalsIgnoreCase(action.trim()))
newUserAccountControl = Integer.parseInt(userAccountControlStr) & ~FLAG_TO_DISABLE_USER; // enable
else if (DISABLE.equalsIgnoreCase(action.trim()))
newUserAccountControl = Integer.parseInt(userAccountControlStr) | FLAG_TO_DISABLE_USER; // disable
Attribute attr = new BasicAttribute(USER_ACCOUNT_CONTROL_ATTR_NAME, "" + newUserAccountControl);
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(InitialDirContext.REPLACE_ATTRIBUTE, attr);
try {
initialDirContext.modifyAttributes(result.getNameInNamespace(), mods);
} catch (Exception e) {
logger.error("CANNOT MODIFY ATTRIBUTES", e);
}
}
namingEnum.close();
return user;
} catch (NamingException ne) {
logger.error("Could not modify attributes of user " + userId + " : " + ne.getMessage(), ne);
return null;
}
}
});
}
public void displayAttributes(Attributes attributes) {
try {
String userAccountControlStr = attributes.get(USER_ACCOUNT_CONTROL_ATTR_NAME).get().toString();
logger.info("userAccountControl : " + userAccountControlStr);
} catch (NamingException e) {
logger.error("Display Attributes error", e);
}
}
Objective: in Activiti Explorer, after admin accept an account to active, I will call a function to active user account in AD automatically.
Code to add in your class:
In header of your class define
// usercontrol params
private static final int FLAG_TO_DISABLE_USER = 0x2;
private static final String USER_ACCOUNT_CONTROL_ATTR_NAME = "useraccountcontrol"; // userAccountControl
private static final String ENABLE = "enable";
private static final String DISABLE = "disable";
Add one function in your class
(USING: activeAccount('quang.nguyendang', 'enable') or activeAccount('quang.nguyendang', 'disable'))
public UserEntity activeAccount(final String userId, final String action) {
if (StringUtils.isBlank(userId) || StringUtils.isBlank(action))
return null;
LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
return ldapTemplate.execute(new LDAPCallBack
public UserEntity executeInContext(InitialDirContext initialDirContext) {
try {
String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByUserId(ldapConfigurator, userId);
String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn();
NamingEnumeration< ? > namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
UserEntity user = new UserEntity();
while (namingEnum.hasMore()) { // Should be only one
SearchResult result = (SearchResult) namingEnum.next();
logger.debug("DATA FROM AD: " + result);
logger.debug("DATA FROM AD --> result.getNameInNamespace() : " + result.getNameInNamespace());
displayAttributes(result.getAttributes());
// update user status
String userAccountControlStr = result.getAttributes().get(USER_ACCOUNT_CONTROL_ATTR_NAME).get().toString();
int newUserAccountControl = Integer.parseInt(userAccountControlStr);
if (ENABLE.equalsIgnoreCase(action.trim()))
newUserAccountControl = Integer.parseInt(userAccountControlStr) & ~FLAG_TO_DISABLE_USER; // enable
else if (DISABLE.equalsIgnoreCase(action.trim()))
newUserAccountControl = Integer.parseInt(userAccountControlStr) | FLAG_TO_DISABLE_USER; // disable
Attribute attr = new BasicAttribute(USER_ACCOUNT_CONTROL_ATTR_NAME, "" + newUserAccountControl);
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(InitialDirContext.REPLACE_ATTRIBUTE, attr);
try {
initialDirContext.modifyAttributes(result.getNameInNamespace(), mods);
} catch (Exception e) {
logger.error("CANNOT MODIFY ATTRIBUTES", e);
}
}
namingEnum.close();
return user;
} catch (NamingException ne) {
logger.error("Could not modify attributes of user " + userId + " : " + ne.getMessage(), ne);
return null;
}
}
});
}
public void displayAttributes(Attributes attributes) {
try {
String userAccountControlStr = attributes.get(USER_ACCOUNT_CONTROL_ATTR_NAME).get().toString();
logger.info("userAccountControl : " + userAccountControlStr);
} catch (NamingException e) {
logger.error("Display Attributes error", e);
}
}
