Skip to main content

After reading the post by Bob in this thread: http://www.k2underground.com/forums/thread/30745.aspx, I was wondering, 'Can line rules access an Active Directory group stored in a Destination Queue?'. 


The situation that I'm trying to answer is in an Infopath Workspace (Starts with a Start Activity then goes to a Infopath Form Submission) I want a line rule to be executed when members of a particular AD Group submit thier form.  As I understand it, an Activity can access a Destination Queue via the Activites 'Destintation Rule' property.  Is there a way a Line Rule can determine if a user is in a particular group or not?  I think I could take email address found in K2.ProcessInstance.Originator.Email or maybe the fully qualified name (K2.ProcessInstance.Originator.FQN) and compare it against AD?


Here's how I would connect to AD in web page:


System.Security.Principal.

WindowsIdentity oUser;


oUser = (System.Security.Principal.

WindowsIdentity)HttpContext.Current.User.Identity;


System.Security.Principal.

WindowsPrincipal WinPrincp = new System.Security.Principal.WindowsPrincipal(oUser);


string strWPName = WinPrincp.Identity.Name.Replace("DOMAIN"", "");


DirectoryEntry entry = new DirectoryEntry("LDAP://");


DirectorySearcher Dsearch = new DirectorySearcher(entry);


Dsearch.Filter =

"(&(objectClass=user)(sAMAccountName=" + strWPName + "))";


try


{


foreach (SearchResult sResultSet in Dsearch.FindAll())


{


// email address


if (searchResult.Properties.Contains("mail"))


{


strEmail = searchResult.Propertiese"mail"]m0].ToString();


}


// Compare email address from K2.ProcessInstance.Originator.Email to strEmail and if a match is found, if so then grab groups this user belongs to?


}


}


Is there a preset way that a Line Rule can connect to AD? 


J

K2.net 2003 doesn't provide any OOTB/standard interaface to AD, so regular .NET code is the way to do it.  The K2.net 2003 Service is most likely running as a domain account so the code that's required in the line rule will most likely look very similar to what you have already.

Instead of putting code in a line rule typically I would recommend adding another activity right after the Start activity and call it something like "Determine Group Membership".  Inside that activity I would add a Default Server event that would use the code similar to the above and write out the result to a datafield that the line rules would simply evaluate and flow down the correct path.  This will make your process easier to maintain overtime by people not initially involved in the design.

 

Since you are using K2 2003 you might want to test out the K2 2003 Active Directory Event Template I created.  It might not do exactly what you want to do in 1 step but it can certainly determine the originator's AD group membership and write that out to a XML field which another server event could do the comparison.  The AD event template is available at:  http://www.k2underground.com/k2/ProjectHome.aspx?ProjectID=5

 

I hope this helps,

Tim 

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings