Adeptia Suite LDAP Integration Guide

Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736

DOCUMENT INFORMATION Adeptia Suite LDAP Integration Guide Adeptia Suite Version 6.2 Printed January 2014 Printed in USA Adeptia Support Information Access the Adeptia Web site at the following URL: www.adeptia.com Copyright Copyright 2000-2015 Adeptia, Inc. All rights reserved. Trademarks Adeptia is a trademark of Adeptia, Inc. All other trademarks and registered trademarks are the property of their respective owners. Confidentiality This document is the confidential and proprietary information of Adeptia. The information set forth herein represents the confidential and proprietary information of Adeptia. Such information shall only be used for the express purpose authorized by Adeptia and shall not be published, communicated, disclosed or divulged to any person, firm, corporation or legal entity, directly or indirectly, or to any third person without the prior written consent of Adeptia. Disclaimer Adeptia, Inc. provides this publication "as is" without warranty of any kind, either express or implied. In no event shall Adeptia be liable for any loss of profits, loss of business, loss of use or data, interruption of business, indirect, special, punitive, incidental, or consequential damages of any kind. No part of this work should be reproduced in any form or by any means graphic, electronic, or mechanical including photocopying, recording, taping, or storage in an information retrieval system, without prior written permission of Adeptia Inc. This publication is subject to replacement by a later edition. To determine if a later edition exists, contact www.adeptia.com. 2 Adeptia Suite Adeptia

TABLE OF CONTENTS CONTENTS Document information... 2 Table of Contents... 3 Contents... 3 Preface... 5 Target Audience... 5 Pre-requisites... 5 Other resource materials... 5 Conventions... 6 Typographical conventions... 6 Graphical conventions... 7 Contacts/Reporting problems... 7 Sales... 7 Support... 7 Latest updates and information... 7 Adeptia Web site... 7 Introduction... 8 Configuring Adeptia Suite to Use LDAP Server for Authentication... 9 Managing User Privileges... 13 Configuring LDAP User as SYSAdmin user... 13 Configuring LDAP User as Business User... 14 Configuring LDAP User as Developer User... 14 Configuring Default User-Type for LDAP User within Adeptia Suite... 15 Configuring Default Group of LDAP User within Adeptia Suite... 16 Mapping User Details from LDAP Server to Adeptia Server... 17 Login into Adeptia Suite Using LDAP user... 21 Managing LDAP Users and Groups... 22 Creating New Group and User Accounts... 22 Modifying User details... 22 Renaming the group or moving user from one group to another group... 22 Deleting User Account... 22 Adeptia Incorporation Adeptia Suite V6.2 LDAP Integration Guide 3

Using LDAP over SSL... 24 Importing Certificate into Keystore... 25 Appendix: A... 28 Connection Properties... 28 User Configuration Properties... 30 Adeptia Incorporation Adeptia Suite V6.2 LDAP Integration Guide 4

PREFACE 1. This guide provides a brief description on how to configure Adeptia Suite to use LDAP Server for authentication and authorization. Target Audience This document is intended for the Administrators, who want to integrate Adeptia Suite with LDAP server authentication and authorization. Pre-requisites You must have administrative rights within Adeptia Suite to enable LDAP Authentication and Authorization. LDAP Server must be installed. Adeptia Suite is certified with Windows Active Directory and Open LDAP Server. Other resource materials The following other resource materials are available. Title Description Getting Started Guide This document is intended as a reference for those working with Adeptia Suite for the first time. For first time users, it is recommended that you step through the material in a sequential fashion. Developer Guide This document covers a detailed description of all activities and services of Adeptia Suite that are available to a developer. It acts as a guideline to use these services seamlessly and use them in a design environment using Adeptia Suite. Business User Guide This document covers a detailed description of all features of Adeptia Suite that are available to a business user. It acts as a guideline to use these features seamlessly and perform them in a business environment using Adeptia Suite. Modeler and Simulation Guide This document provides an overview of Process Modeler and Simulation features of Adeptia Suite and covers the description and usage of these tools. It guides you to seamlessly use these tools to analyze, optimize and enhance a business process. Adeptia Incorporation Adeptia Suite V6.2 LDAP Integration Guide 5

Admin Guide This document provides a detailed description of the Administrative features of Adeptia Suite. It guides you to seamlessly manage the functioning, design and integration of business processes using these administrative features. CONVENTIONS The following tables list the various conventions used in Adeptia documentation. We follow these conventions to help you quickly and easily identify particular elements, processes, and names that occur frequently in documents. Typographical conventions This guide uses the following typographical conventions: Convention Description Bold text Indicates one of the following: Screen element New terminology A file or folder name A control in an application s user interface Important information Italic text Indicates a reference or the title of a publication. Monospaced text Indicates code examples or system messages. Monospaced bold text Indicates system commands that you enter. Hyperlink Indicates an Internet link to target material. Adeptia Incorporation Adeptia Suite V6.2 LDAP Integration Guide 6

Graphical conventions This guide uses the following graphical conventions: Convention Description Indicates additional information that may be of interest to the reader. Indicates cautions that, if ignored, can result in damage to software or hardware. CONTACTS/REPORTING PROBLEMS These sections present contact information for a variety of situations. Sales In case of any sales queries, please contact us at sales@adeptia.com. Support For support queries, please contact us at support@adeptia.com. Latest updates and information For the latest updates and information, please visit us at www.adeptia.com. Adeptia Web site Access the Adeptia Web site at the following URL: www.adeptia.com Adeptia Incorporation Adeptia Suite V6.2 LDAP Integration Guide 7

INTRODUCTION.2. Adeptia Suite uses its own database, to store user and group information. Whenever you log in to Adeptia Suite, the username and password gets authenticated from list of Username and Password stored in the Adeptia Suite database. You can also configure Adeptia Suite to use an LDAP Server for Authentication. LDAP is an application protocol for accessing and maintaining distributed directory information services from the LDAP server over an Internet Protocol (IP) network. The LDAP Directory services provide an organized set of records, often with a hierarchal structure such as a corporate email directory. LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track Request for Comments (RFCs). This document covers: Configuring Adeptia Suite to use LDAP Server for Authentication. Managing User Privileges Mapping User Details from LDAP Server to Adeptia Server Login into Adeptia Suite using LDAP User. Managing LDAP User Group Using LDAP over SSL Adeptia Suite Adeptia 8

.3. CONFIGURING ADEPTIA SUITE TO USE LDAP SERVER FOR AUTHENTICATION This section explains how to configure the properties of Adeptia Suite to use LDAP Server for Authentication. Steps to enable LDAP Services in Adeptia Suite 1. On the Adeptia Suite homepage, click Administer Tab. The Application Setting page is displayed (see Figure 1). Figure 1: Application Setting page Adeptia Suite Adeptia 9

2. Click the link Update System Properties. The Update System Properties page is displayed (see Figure 2). Figure 2: The Application Setting page Adeptia Suite Adeptia 10

3. Click Systems to expand the Systems hierarchy (see Figure 3). Figure 3: Application Setting page 4. To enable LDAP user authentication and authorization in Adeptia Suite, select LDAP Authentication. The properties to be set for LDAP Authentication are displayed (see configuration changes into effect. Adeptia Suite Adeptia 11

Figure 4: LDAP Authentication Properties 5. Configure the LDAP Authentication Properties. To know the details of each property, refer to Appendix: A section. 6. Click Save. 7. Restart the Kernel and WebRunner to bring the configuration changes into effect. Adeptia Suite Adeptia 12

MANAGING USER PRIVILEGES.4. By default, whenever you login into Adeptia Suite, using any LDAP user, this user is treated as Developer type of user in Adeptia Suite. This section explains how to map and LDAP user to Sys Admin user or Business User in Adeptia Suite. Adeptia Suite has the following types of users: Sys Admin Business User Developer To understand the types of users, refer the Administrative Rights of Users section of Administrator Guide. By default, whenever you login into Adeptia Suite, using any LDAP user, this user is treated as Developer type of user in Adeptia Suite. However if you want to map the some of the LDAP user as Sys Admin user or Business User, when they login into Adeptia Suite, you need to configure certain properties. This section explains how to map a LDAP user to Sys Admin or Business s User. CONFIGURING LDAP USER AS SYSADMIN USER You can configure individual LDAP users or all users of an LDAP group to be mapped as Sys Admin user in Adeptia Suite. Following properties are used to define the LDAP users and Group, which you want to map as Sys Admin user in Adeptia Suite: abpm.ldap.administratorusers abpm.ldap.administratorgroups To know details of these properties, refer the User Configuration Properties section Appendix:A. When you map any LDAP user or group as sysadmin user, and that user logs in to Adeptia Suite, it will always of part of Administrator group within Adeptia Suite. Adeptia Suite Adeptia 13

CONFIGURING LDAP USER AS BUSINESS USER You can configure individual LDAP users or all users of an LDAP group to be mapped as Business user in Adeptia Suite. Following properties are used to define the LDAP Users and Group, which you want to map as Business user in Adeptia Suite: abpm.ldap.businessusers abpm.ldap.businessgroup To know details of these properties, refer the User Configuration Properties section Appendix:A. CONFIGURING LDAP USER AS DEVELOPER USER You can configure individual LDAP users or all users of an LDAP group to be mapped as Developer user in Adeptia Suite. Following properties are used to define the LDAP Users and Group, which you want to map as Developer user in Adeptia Suite: abpm.ldap.developerusers abpm.ldap.developergroups To know details of these properties, refer the User Configuration Properties section Appendix:A. Adeptia Suite Adeptia 14

CONFIGURING DEFAULT USER-TYPE FOR LDAP USER WITHIN ADEPTIA SUITE.5. By default all the LDAP users belong to the developer user-type in Adeptia Suite. You can now set the default user type by configuring the ldapconfiguration.xml file. Please follow the steps below to configure the default user type for LDAP user within Adeptia Suite: 1. Go to..\adeptiaserver\serverkernel\etc folder. 2. Open the ldapconfiguration.xml file. 3. Change the usertype as per your requirement (see Figure 5). Figure 5: Configure Default User Type For LDAP Users After configuring the ldapconfiguration.xml file, you would need to restart Adeptia Kernel and Adeptia Webrunner. Adeptia Suite Adeptia 15

CONFIGURING DEFAULT GROUP OF LDAP USER WITHIN ADEPTIA SUITE.6. Adeptia Suite enables you to create and manage a default group for all its users. You need to specify the Entity ID of the Adeptia Suite group in the property abpm.ldap.defaultldapgroup. To enable default group management, you need to configure the property abpm.ldap.enabledefaultgrouplogin. By default, this property is disabled and its value is blank. This applies that if the User in LDAP belongs to the group other than Default group then User directly login into Adeptia Suite with the LDAP group, a new User and Group will be created in Adeptia. If the property abpm.ldap.enabledefaultgrouplogin is set as Yes this applies that if the LDAP user has been allocated in groups other than the default group then on the Adeptia Suite Login page, a drop-down list will be displayed. This drop-down list will display the name of all the groups in which the user has been allocated along with the default group name (defined in the property abpm.ldap.defaultldapgroup). To know details of these properties, refer the User Configuration Properties section Appendix:A. Adeptia Suite Adeptia 16

MAPPING USER DETAILS FROM LDAP SERVER TO ADEPTIA SERVER.7. It is very likely that the Adeptia Server and LDAP Server uses different parameters to store their user accounts information. Therefore, while configuring LDAP, you will be required to map the user details from your LDAP server to Adeptia Server. To configure mapping between the two servers, Adeptia Suite provides ldapconfiguration.xml file, which is stored in ServerKernel/etc folder of your Adeptia Suite. After successful retrieval of LDAP user object (based on specified base DN and base filter) and authentication, it s attributes are queried to map it to Adeptia user attributes so that similar user can be created inside Adeptia. If retrieval of specified attribute from LDAP user object fails, it is populated with NA. So, all of them are optional except uniqueidentifier" which specifies the attribute through which user is uniquely identified in LDAP Server and we need this attribute value for creating user in Adeptia. The configurable ldapconfiguration.xml file has each field for user in Adeptia Suite as tag which contains the following two attributes: Mapped-to: This attribute contains the name of attribute which is to be mapped with user detail in Adeptia Server. Default-value: This attribute contains the default value, such as NA, if the attribute defined in above section does not have any value or does not exist in Adeptia Server. The following screen shot displays the tags and attributes in the ldapconfiguration.xml file (see Figure 6 ): Adeptia Suite Adeptia 17

Figure 6: Tags and Attributes in ldapconfiguration.xml file Adeptia Suite Adeptia 18

Detail of each field of LdapConfiguration.xml File: Field Name Field Description uniqueidentifier attribute that defines its uniqueness in LDAP Server. firstname lastname description address1 address2 city state zip country fax phone mobile attribute that defines its first name. attribute that defines its last name. attribute that defines any description about the user. attribute that defines its address. attribute that defines its address. attribute that defines city where user resides. attribute that defines state where user resides. attribute that defines zip of state where user resides. Attribute that defines country where user resides. Attribute that defines its fax #. Attribute that defines its phone #. attribute that defines Sample or Possible Values (for "mapped-to" element in configuration XML) Default Value (in case value From mapped attribute can't be fetched Mandatory specified by "default-value" element in configuration XML) - Yes uid (for OpenLDAP) samaccountna me (for Active Directory) givenname N.A. No sn N.A. No LDAP user streetaddress N.A. No N.A. l N.A. No st N.A. No N.A. co N.A. No facsimiletelephonenu mber N.A. telephonenumber N.A. No mobile N.A. No No No No No Adeptia Suite Adeptia 19

email title comment orgname orgurl its mobile #. attribute that defines its email id. Attribute that defines its title. attribute that defines any comment for it. attribute that defines name of organization where user works. attribute that defines URL of organization where user works. mail email@company.com No title N.A. No N.A. No company N.A. No N.A. No Adeptia Suite Adeptia 20

LOGIN INTO ADEPTIA SUITE USING LDAP USER.8. Once you enable LDAP Authentication in Adeptia Suite, you will have to use the LDAP user credentials for login into the Adeptia Suite. When you login into Adeptia Suite, your credentials (login ID and password) are validated by the LDAP Server and not by the Adeptia Server. When you log in the Adeptia Suite for the first time using the LDAP credentials, a local copy of your user account is created in the Adeptia Suite database. In addition, a local copy of group, to which the user belongs, is created in the Adeptia Suite. If any other user of the same group logs in to Adeptia Suite, then local copy of that user is created in database. This time local of group is not created as this was already created earlier. Adeptia Suite Adeptia 21

.9. MANAGING LDAP USERS AND GROUPS Once you configure Adeptia Suite to use LDAP Server for Authentication, you have to manage Users and Groups through LDAP Server. You cannot create or modify any user or group from Adeptia Server. This section explain how any modification in User and Group in LDAP Server, will be reflected in Adeptia Suite. CREATING NEW GROUP AND USER ACCOUNTS Once you configure LDAP within your Adeptia Suite, any new user and group shall be created in the LDAP server and not in the Adeptia Server. You will be required to use the LDAP credentials to log into the Adeptia Suite. When any LDAP user logs in to Adeptia Suite, the local copy of user is also created in Adeptia Suite database. The group, to which this user belongs, is also created in Adeptia Suite. MODIFYING USER DETAILS When you modify any details of a user account in LDAP Server, such as Password, Country Name, Contact Number, and Address etc., then these details gets updated in Adeptia Database at next login. If you change the Logon name of the User in LDAP Server, then the new user will be created in the Adeptia Suite when you login with the modified name. You need to manually move the objects (i.e. Process Flows and activities etc.) of user whose name is modified to the new created User. To know how to move objects from one user to another user, refer the Moving User s Object section Adeptia Suite Administrator Guide. RENAMING THE GROUP OR MOVING USER FROM ONE GROUP TO ANOTHER GROUP If you edit the group name or change the group for a particular user in LDAP, then the group name will not be renamed Adeptia Suite at next login. When the user logs in to Adeptia Suite, a new group will be created with the name of the new group and this user will be part of this new group. However you have to manually move the objects from previous group to new group. To know how to move objects from one user to another user, refer the Moving User s Object section Adeptia Suite Administrator Guide. DELETING USER ACCOUNT If a user is deleted from the LDAP, then this user does not automatically gets deleted from the Adeptia Suite. However, this user will not able to login into Adeptia Suite. You have to delete this user from Adeptia Suite also. Adeptia Suite Adeptia 22

For further details on how to delete a user, you can refer to the section Deleting a User of the Administrator Guide. Adeptia Suite Adeptia 23

USING LDAP OVER SSL 10 To ensure and enhance security mechanisms, Adeptia Suite when integrates with LDAP servers (such as Active Directory) require encrypted communications. To encrypt LDAP communications in a Windows network, Adeptia Support provides option to use LDAP over SSL (LDAPS). If the LDAP server you are using is configured over SSL, you need to manually enable it in Adeptia Suite. To enable LDAPS in Adeptia Suite, set the value of the property abpm.ldap.enableldapoverssl.by default, this property does not have any value and is blank. If you want to enable LDAP over SSL, set its value either to yes or true. To Authenticate with the Secure LDAP server, you need to Create the Keystore activity and import the certificate of Secure LDAP server in the Keystore Activity. Follow the below Defined Steps to create the KeyStore Activity. Steps to create Keystore 1. Click Administer tab and then click Security menu. All the options of the Security menu are displayed. 2. Select Keystore option. The Manage Keystore screen is displayed (see Figure 1). Figure 1: Manage Keystore 3. Click New link. The Create Keystore screen is displayed (see Figure 2). Adeptia Suite Adeptia 24

Figure 2: Create Keystore 4. To create a new keystore enter the name and description of the keystore activity in textboxes Name and Description respectively. 5. Enter values in all the fields as per your requirment and click Save. It creates a keystore and the private public key pair inside the keystore. IMPORTING CERTIFICATE INTO KEYSTORE Steps to import certificate into Keystore 1. In the Manage Keystore screen, click the Actions icon. The list of possible actions are displayed (see Figure 3). Adeptia Suite Adeptia 25

Figure 3: Create Keystore 2. Click Import Certificate option. The Import Certificate screen is displayed (see Figure 4). Figure 4: Import Certificate 3. Click the Browse button and select the select the certificate that you want to import. 4. Enter the alias name in the Alias Name field. 5. Click Save. The selected certificate is imported in the selected keystore. Update Keystore information in server-configure.properties file: 1. Go to the etc/security/wskeystore folder and copy the keystore file created inside this folder. 2. Paste this file into the /etc/truststore folder. 3. Open the server-configure.properties file and go to the following property: Adeptia Suite Adeptia 26

4. Define the name of Keystore file in the Truststore Path Property. 5. Define the password which is defined at the Keystore creation activity. 6. Save and Restart the Adeptia Suite. 7. Login with the LDAP (Over SSL) User. Adeptia Suite Adeptia 27

APPENDIX: A This section lists all the LDAP Authentication properties that you need to configure to use LDAP Server for Authentication and Authorization. The properties are divided into two groups: Connection Properties User Configuration Properties CONNECTION PROPERTIES This section covers the properties that need to be configured in order to successfully connect to LDAP Server and perform bind & search operations on LDAP Server. The values of the following properties depend on your LDAP Server. Refer the Sample or Possible Values field of the table below for examples. Property Name Property Description Sample or Possible Values abpm.ldap.enableldap Configurable option to enable or yes no, true false disable LDAP authentication in Adeptia Suite. abpm.ldap.provider.url Provider URL to connect to LDAP ldap://servername:389 Server. abpm.ldap.naming.factory.ini tial JNDI initial context factory required for LDAP authentication. com.sun.jndi.ldap. LdapCtxFactory abpm.ldap.security.authentication Mode for LDAP security authentication. none simple sasl_mech abpm.ldap.searchscopelevel Search scope level. One Object Subtree abpm.ldap.enableldapoverssl Configurable option to enable or yes no, true false disable LDAP connection over SSL. abpm.ldap.searchtimeout Timeout in seconds for LDAP search operations. 60 abpm.ldap.servertimeout Read timeout in seconds for 60 LDAP operations. abpm.ldap.binddn The DN used to bind against the LDAP server for the user and roles queries. This is some DN with OpenLDAP) read/search permissions on the basecontextdn and rolescontextdn values. It basically specifies DN of admin user in LDAP server. abpm.ldap.bindcredential The password for the binddn. xxxxxxx uid=root,ou=devusers,dc =company,dc=com (for cn=administrator,cn=user s,dc=company3,dc=com (for Active Directory) abpm.ldap.basecontextdn The fixed DN of the context to start the user search from. ou=devusers,dc=company,dc=com (for OpenLDAP) Adeptia Suite Adeptia 28

abpm.ldap.basefilter A search filter used to locate the context of the user to authenticate. The input username as obtained from the login module callback will be substituted into the filter anywhere a "{0}" expression is seen. cn=users,dc=company3,d c=com (for Active Directory) (uid={0})(objectclass=dev) (for OpenLDAP) (samaccountname={0}) (for Active Directory) abpm.ldap.rolescontextdn abpm.ldap.rolefilter The fixed DN of the context to search for user roles. For Active Directory, this is the DN where the user account is. A search filter used to locate the roles associated with the authenticated user. The input username as obtained from The login module callback will be substituted into the filter anywhere a "{0}"expression is seen. The authenticated userdn will be substitute into the filter anywhere a "{1}" is seen. ou=devgroups,dc=compa ny,dc=com (for OpenLDAP) cn=users,dc=company3,d c=com (for Active Directory) (member={1})(objectclass =groupofnames) (for OpenLDAP) (member={1}) (for Active Directory) abpm.ldap.roleattributeid abpm.ldap.roleattributeisdn abpm.ldap.rolenameattributeid The name of the role attribute of the cn context which corresponds to the name of the role. If the roleattributeisdn property is set to true, this property is the DN of the context to query for the rolenameattributeid attribute. If the roleattributeisdn property is set to false, this property is the attribute name of the role name. A flag indicating whether the user's role yes no, true false attribute contains the fully distinguished name of a role object, or the user's role attribute contains the role name. If false, the role name is taken from the value of the user's role attribute. If true, the role attribute represents the distinguished name of a role object. The role name is taken from the value of the rolenameattributeid attribute of the corresponding object. The default value of this property is false. The name of the role attribute of the cn context which corresponds to the name of the role. If the roleattributeisdn property is set to true, this property is used to find the role object's name attribute. If the roleattributeisdn property is set to false, this property is ignored. Adeptia Suite Adeptia 29

abpm.ldap.roledn.searchrolename AttributeID abpm.ldap.rolerecursion Configurable option to enable or disable searching role name attribute in user's distinguished name. Specifies how deep the role search will Go below a given matching context. Disable with 0, which is the default. abpm.ldap.enable.anonymous.login Configurable option to enable or disable anonymous login through blank password in LDAP. yes no, true false 0 yes no, true false USER CONFIGURATION PROPERTIES By default, any incoming LDAP user is translated to "developer" user inside Adeptia Suite with default permission of 777 i.e. Read, Write and Execute permission. All LDAP users that need to be translated to "sysadmin" user inside Adeptia Suite shall either have its name or group name specified in property "abpm.ldap.administratorusers" or "abpm.ldap.administratorgroups" respectively. Similarly, all LDAP users that need to be translated to "business" user inside Adeptia Suite shall either have its name or group name specified in property "abpm.ldap.businessusers" or "abpm.ldap.businessgroup" respectively. This section lists all the properties that need to be configured to define the User configuration. The values of the following properties depend on your LDAP Server. Refer the Sample or Possible Values field of the table below for examples. Property Name Property Description Sample or Possible Values abpm.ldap.administratorusers Name(s) of LDAP users (in comma separated format) that shall be treated as sysadmin user in Adeptia. Please note that if incoming user is present in this list,then it shall always be present in "administrators" group of Adeptia Suite. User1, User2 abpm.ldap.administratorgroups abpm.ldap.businessusers abpm.ldap.businessgroup Name(s) of LDAP groups (in comma separated format) that shall be treated as administrators group in Adeptia. Please note that if group of incoming user is present in this list, then it shall always be present in "administrators" group of Adeptia Suite. Name(s) of LDAP users (in comma separated format) that shall be treated as business user in Adeptia. Name(s) of LDAP groups (in comma separated format) that shall be treated as business group in Adeptia. Group1, Group2 User3, User4 Group3, Group4 Adeptia Suite Adeptia 30

abpm.ldap.developerusers Enter the name(s) of LDAP users (in comma separated format) that shall be treated as developer user in Adeptia. User5, User6 abpm.ldap.developergroups Enter the name(s) of LDAP groups (in comma separated format) that shall be treated as developer group in Adeptia. Group5, Group6 abpm.ldap.defaultldapgroup abpm.ldap.enabledefaultgrouplogin Entity id of group (created in Adeptia) that shall be treated as default LDAP group. This group shall already exist in Adeptia repository and is not created automatically during runtime. You can always create any group inside Adeptia Suite by login with default "admin" user. 192168001249125136952301 500004 Configurable option to enable or yes no, true false disable login with default LDAP group in Adeptia. If it is enabled and incoming user doesn't belong to any group at LDAP Server, then it will login with default group specified by property "abpm.ldap.defaultldapgroup". Adeptia Suite Adeptia 31