Activiti and ApacheDS integration purpose

Question

I'm new in Activiti, and I can't grasp the reason for what to use Activiti + ApacheDS

NOTE In Activiti, there’s no validation if the user who claims the user task is also part of the candidate user or group. The Engine doesn’t even validate whether the user is known. This makes it easy to plug in your own identity management solution, which can, for example, be an LDAP repository. It’s a best practice to define a list of candidate users or groups and only claim the user task with a user that’s on this list. The validation logic that checks if a user exists in your identity management system and whether the user is part of a specific group must be implemented by you.

But I can specify the users & groups for each task by the Activiti possibilities without ApacheDS. Moreover, after authentification, user information stores in the application, so I don't need to ask ApacheDS every time.

My question is:

For what should I use Activity and ApacheDS integration?

Answer 1

Often users and groups are defined in a LDAP directory. But you can use it without LDAP.

Some reasons to integrate a LDAP could be:

• LDAP Password checking
• Autoprovisioning: When the user does not already exist in Activiti, auto create the user entries.
• Read the group information from LDAP, instead of Activiti
• Read user permissions from LDAP (e.g. who can start a process).

If you user Activiti-Explorer, you could also do a Single Sign-On integration so that user groups and permissions are provided by the sign-on respone (e.g. SAML2 Assertion). (This could also be used for on-the-fly user provisioning.)