Configuring the Worklist Manager External System

The Worklist Manager is a web-based interface that allows you to view, assign, escalate, and execute the tasks generated from user activities. The functions that can be performed in the Worklist Manager are based on user hierarchy. BPM supports the definition of organization hierarchies and user roles for task assignment. Tasks can be escalated and delegated by users from custom worklists and activity processing windows. The Worklist Manager requires an LDAP directory to define users, their roles, and their hierarchy.

Configuring the WorkList Manager

When you create the Environment for a user activity Business Process, you need to create and configure a Worklist Manager External System. The properties you configure for the external system define the Worklist Manager database connectivity, LDAP server and directory information, and custom labels for flex attributes. Perform the following steps to configure the Worklist Manager.

• Creating the Worklist Manager External System

• Defining Configuration Properties

• Customizing Flex Attribute Labels

• Defining Email Notification Properties

In addition, you must perform one of the following tasks:

• Configuring an OpenLDAP Connection

• Configuring a Sun Java System Directory Server Connection

• Configuring a Microsoft Active Directory Connection

Creating the Worklist Manager External System

The Worklist Manager External System is created from the Environment Explorer.

To create the Worklist Manager External System

1. In the Environment Explorer, right-click the Environment for the user activity Project.

2. Point to New, and then click Worklist Manager.

3. Enter a name for the Worklist Manager External System, and then click OK.

   The Properties window appears.

4. Configure the Worklist Manager, as described in the following sections.

Defining Configuration Properties

The configuration properties of the Worklist Manager define information about the Worklist Manager database and application.

To define configuration properties

1. On the Worklist Manager Properties window, click WLMConnector External System Configuration.

2. Enter values for the properties described in the following table.

3. Click OK.

   Property	Description
   Database Type	The type of database you are using. Select from oracle, sybase, sqlserver, or db2.
   Database Host	The name of the database server.
   Database Port	The port number on which the database is listening.
   Database SID	The SID name of the database.
   Database User ID	The login ID of the WLM user for the database. This should be the same user as was created by the WLM database installation scripts.
   Database Password	The password for the WLM user.
   Database Connection Retry Count	The number of times the driver will try to connect to the database after an unsuccessful attempt.
   Database Connection Retry Delay	The number of seconds the driver waits before retrying to connect to the database server.
   Database Initial Pool Size	The number of physical connections with which the database will be initialized.
   Database Pool Minimum Pool Size	The minimum number of physical connections in the database pool.
   Database Pool Maximum Pool Size	The maximum number of physical connections in the database pool.
   Database Pool Property Cycle	The frequency in seconds that the database pool manager should check the pool.
   Database Pool Idle Time	The length of time a physical connection can be inactive.
   Auto Commit	An indicator of whether to enable the auto-commit feature of the database.
   Connection Parameters	The type of LDAP directory you are using. Select from Sun Java System Directory Server, ActiveDirectoryConnection, or OpenLdapConnection.
   WLM Application Name	The name of the Worklist Manager application that is generated when you deploy the Project. This name is part of the URL used to log into the Worklist Manager and should be unique for each user activity Business Process. You can deploy multiple Business Processes with user activities to the same Environment, but each WLM application must have a unique name. In that case, the Environment must include multiple Worklist Manager External Systems.
   WLM Session Timeout (minutes)	The number of minutes the Worklist Manager can remain idle before timing out.
   WLM Initial Order	The order of the fields on the Worklist Manager. When you click the ellipses next to this property, the Ordering Sequence dialog box appears, where you can select the fields to display on the Worklist Manager, and the order in which they appear.

Customizing Flex Attribute Labels

Flex attributes are customizable attributes that aid in task assignment. The attributes appear in the Business Rule Designer as well as in columns of the Worklist Manager.

You can map values to these attributes in the Business Rule Designer so the values appear in the Worklist Manager. You can also label the attributes to make them easy to identify in the Worklist Manager.

To customize flex attribute labels

1. From the Environment Explorer, right-click the Worklist Manager External System.

2. Click Properties.

   The Properties dialog box appears.

3. Click Custom Attribute Labels.

4. Define labels for as many attributes as necessary.

5. Click OK.

Defining Email Notification Properties

If you defined email notifications on the Worklist Manager window for a user activity, you need to define the connection properties for the email server in the Worklist Manager External System properties. You also need to modify the LDAP properties for the directory server you are using by specifying the name of the attribute that contains the users’ email addresses.

To define email notification properties

1. On the Worklist Manager Properties window, click Email Server Connection Parameters.

2. Enter values for the properties.

3. Click OK.

   Property	Description
   Email Outgoing server	The name of the email server on which the Worklist Manager email notifications are sent.
   Email User Name	The login ID for the email account used by the Worklist Manager.
   Email Password	The password for the email account.
   Sender of Email	The name that should appear in the email as the sender. This property is used to create a URL, so it cannot contain any spaces.
   First footer of Email	A footer for the email notifications.
   Second footer/Disclaimer of Email	A second footer or disclaimer for the email notifications.

Configuring an OpenLDAP Connection

To use OpenLDAP with the Worklist Manager, you must specify certain information about the LDAP directory structure so the Worklist Manager knows where to find the user information defined in the directory. You can use your existing directory structure as long as there is a mechanism for defining a user reporting hierarchy.

The Worklist Manager uses an anonymous bind with OpenLDAP, so you do not need to specify credentials for the security principal.

To configure an OpenLDAP connection

1. From the Environment Explorer tab, right-click the Worklist Manager External System, and then click Properties.

2. On the properties page that appears, verify that the Connection Parameters property is set to OpenLdapConnection.

3. Expand WLMConnector External System Configuration, and then click Open Ldap Parameters.

   The Properties dialog box appears.

4. Enter values for the properties.

   ---

   Note –

   The default values for these properties are based on the values for the user activity sample and the and audit processing tutorial. Modify these values to suit your existing directory structure and attributes.

   ---

5. Click OK.

   Property	Description
   LDAP Initial Context Factory	The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations.
   LDAP Provider URL	The URL of the LDAP server. The format of the URL is ldap://<host>:<port>, where <host> is the name of the computer hosting the LDAP server, and <port> is the port number on which the LDAP server is listening for requests.
   Open LDAP RootName	The name of the root node in the LDAP directory. For example, if the root node is dc=Sun,dc=com, the value for this property would be Sun.
   Open LDAP Version	The version of OpenLDAP you are running.
   Open LDAP Search Filter	A search filter used by the Worklist Manager to search for users. The Worklist Manager will only find those users described by the filter.  For example, to use an organization name as the search filter where all Worklist Managers are assigned to the Sun organization, the value for this property would be (o=Sun).
   Open LDAP Search DN	The DN of the root entry of the portion of the LDAP directory where the Worklist Manager will start the search for users.  For example, if users are all defined in an organizational unit named People, the value for this property would be similar to ou=People,dc=sun,dc=com.
   Open LDAP Attribute Role	The name of the role attribute in the LDAP directory to which Worklist Manager users belong. Only enter a value for this property if you have defined a role to which all Worklist Manager users are assigned.
   Open LDAP Attribute Manager	The name of the attribute that specifies reporting hierarchy in the LDAP directory. This is the attribute assigned to a user that specifies who they report to. You can use Manager, the predefine attribute for OpenLDAP, or you can create a custom attribute. The Worklist Manager uses this entry to create the list of users to whom a supervisor can reassign tasks, and to specify the supervisor when a task is escalated.
   Open LDAP Group	The name of the group attribute in the LDAP directory to which Worklist Manager users belong. Only enter a value for this property if you have defined a group to which all Worklist Manager users are assigned.
   Open LDAP Email	The name of the attribute that contains a user’s email addresses. This is used in email notification.
   Open LDAP Attribute Given Name	The name of the attribute that contains a user’s first name. This is used in email notification.

Configuring a Sun Java System Directory Server Connection

To use the Sun Java System Directory Server with the Worklist Manager, you must specify certain information about the LDAP directory structure so the Worklist Manager knows where to find the user information defined in the directory. You can use your existing directory structure as long as there is a mechanism for defining a user reporting hierarchy.

To configure a Sun Java System Directory Server connection

1. From the Environment Explorer tab, right-click the Worklist Manager External System, and then click Properties.

2. On the properties page that appears, verify that the Connection Parameters property is set to Sun Java System Directory Server.

3. Expand WLMConnector External System Configuration, and then click Sun Java System Directory Server/ADS.

   The Properties dialog box appears.

4. Enter the property values for the properties described in the following table.

   ---

   Note –

   Depending on how your LDAP directory is set up, not all of these fields are required. The default configuration is not necessarily illustrative of an actual implementation.

   ---

5. Click OK to close the Properties dialog box.

   Property	Description
   Java Naming Provider URL	The URL of the LDAP server. The format of the URL is ldap://<host>:<port>, where <host> is the name of the computer hosting the LDAP server, and <port> is the port number on which the LDAP server is listening for requests.
   Java Naming Factory Initial	The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations.
   Java Naming Security Authentication	The security level to use in JNDI naming operations. Enter one of the following values:  none: Authentication is not required. Use this for anonymous access. simple: Authentication requires a user name and password. You must enter the security principal and credentials below.
   Java Naming Security Principal	The DN of the security principal used for connecting to the LDAP server.
   Java Naming Security Credentials	The password of the naming security principal.
   Users ParentDN	The parent DN of the user entries. This property specifies the root entry of the Users portion of the LDAP directory; for example, ou=People,dc=sun,dc=com.
   UserDN Attribute Name In User	The name of the attribute in a user entry where the user’s DN is defined. The default value is entrydn, which is the default name for the Sun Java System Directory Server attribute.
   UserId Attribute Name In User	The name of the naming attribute in each user entry. The default name for this attribute in the Sun Java System Directory Server is uid, but can also be cn.
   Roles Parent DN	The parent DN of the role entries. This property specifies the root entry of the Roles portion of the LDAP directory; for example, dc=sun,dc=com.
   Role Name Field In RoleDN	The name of the attribute in a role entry that specifies the name of the role. The default name for this attribute in the Sun Java System Directory Server is cn.
   Role Name Attribute Name In User	The name of the attribute in a user entry that specifies the DNs of the roles to which a user is assigned. The default value is nsroledn, which is the default attribute name in the Sun Java System Directory Server.
   Group ParentDN	The parent DN of the group entries. This property specifies the root entry of the Groups portion of the LDAP directory; for example ou=Groups,dc=sun,dc=com.
   Group DN Attribute Name In Group	The name of the attribute in a group entry that specifies the name of the group. The default value is entrydn, which is the default name for the Sun Java System Directory Server attribute.
   Group Name Field In Group DN	The name of the attribute in a group entry that specifies the name of the group. The default name for this attribute in the Sun Java System Directory Server is cn.
   Group Of User Filter Under Groups ParentDN	The LDAP search filter used to retrieve all of a user’s groups. This property follows the syntax supported by the java.text.MessageFormat class with {1} marking where the user’s DN should be inserted. For example, uniquemember={1}.
   UserId Attribute Manager	The name of the attribute in a user entry that specifies the person the user reports to. The default value is manager, which is the attribute the Sun Java System Directory Server provides for this purpose. You can also use the entrydn for this purpose, or you can create custom attributes to define an upward reporting structure. Note: To enable task escalation and re-assignment, this value must be manager and each user entry in the LDAP directory must include a manager attribute that specifies the supervisor by their entrydn.
   UserId Attribute Subordinate	The name of the attribute in a user entry that specifies the people who report to the user. The default value is directReports, which is not used in the Sun Java System Directory Server. You can use a default attribute for Sun, such as secretary or entrydn, or you can create custom attributes to define the downward reporting structure. Note: To enable task escalation and re-assignment, this value must be entrydn and the reporting structure for each user must be defined in their entrydn attribute in the LDAP directory.
   UserId Attribute Email	The name of the attribute in a user entry that specifies an email address. The default value is mail, which is the attribute the Sun Java System Directory Server provides for this purpose. This is used for email notifications (as defined in the Worklist Manager window for a user activity in the Business Process).
   UserId Attribute Given Name	The name of the attribute in a user entry that specifies a user’s first name. The default value is givenName, which is the attribute the Sun Java System Directory Server provides for this purpose. This is used during email notification.

Configuring a Microsoft Active Directory Connection

To use Microsoft Active Directory with the Worklist Manager, you must specify certain information about the LDAP directory structure so the Worklist Manager knows where to find the user information defined in the directory. You can use your existing directory structure as long as there is a mechanism for defining a user reporting hierarchy.

To configure a Microsoft Active Directory connection

1. From the Environment Explorer tab, right-click the Worklist Manager External System, and then click Properties.

2. On the properties page that appears, verify that the Connection Parameters property is set to ActiveDirectoryConnection.

3. Expand WLMConnector External System Configuration, and then click Sun Java System Directory Server/ADS.

   The Properties dialog box appears.

4. Enter the property values for the properties described in the following table.

   ---

   Note –

   Depending on how your LDAP directory is set up, not all of these fields are required. The default configuration is not necessarily illustrative of an actual implementation.

   ---

5. Click OK to close the Properties dialog box.

   Property	Description
   Java Naming Provider URL	The URL of the LDAP server. The format of the URL is ldap://<host>:<port>, where <host> is the name of the computer hosting the LDAP server, and <port> is the port number on which the LDAP server is listening for requests.
   Java Naming Factory Initial	The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations.
   Java Naming Security Authentication	The security level to use in JNDI naming operations. Enter one of the following values:  none: Authentication is not required. Use this for anonymous access. simple: Authentication requires a user name and password. You must enter the security principal and credentials below.
   Java Naming Security Principal	The DN of the security principal used for connecting to the LDAP server.
   Java Naming Security Credentials	The password of the naming security principal.
   Users ParentDN	The parent DN of the user entries. This property specifies the root entry of the Users portion of the LDAP directory; for example, cn=Users,dc=sun,dc=com.
   UserDN Attribute Name In User	The name of the attribute in a user entry where the user’s DN is defined. If you are using the default schema for Active Directory, enter distinguishedName for this property.
   UserId Attribute Name In User	The name of the attribute in a user entry that defines the user’s login ID. The default name for this attribute in Active Directory is sAMAccountName.
   Roles ParentDN	The parent DN of the role entries. This property specifies the root entry of the Roles portion of the LDAP directory; for example, ou=SunRoles, dc=sun,dc=com.
   Role Name Field In RoleDN	The name of the attribute in a role entry that specifies the name of the role. The default name for this attribute in Active Directory is cn.
   Role Name Attribute Name In User	The name of the attribute in a user entry that specifies the roles to which a user is assigned.  The default value, nsroledn, does not apply to Active Directory. The default attribute used by Active Directory is memberOf.
   Group ParentDN	The parent DN of the group entries. This property specifies the root entry of the Groups portion of the LDAP directory; for example cn=users,dc=sun,dc=com.
   Group DN Attribute Name In Group	The name of the attribute in a group entry that specifies the DN of the group. If you are using the default schema for Active Directory, enter distinguishedName for this property.
   Group Name Field In Group DN	The name of the attribute in a group entry that specifies the name of the group. The default name for this attribute in Active Directory is cn.
   Group Of User Filter Under Groups ParentDN	The LDAP search filter used to retrieve all of a user’s groups. This property follows the syntax supported by the java.text.MessageFormat class with {1} marking where the user’s DN should be inserted. For example (for Active Directory only), (&(member={1})(objectclass=group)).
   UserId Attribute Manager	The name of the attribute in a user entry that specifies the person a user reports to. The default value is manager, which is the attribute that Active Directory provides for this purpose. You can also create custom attributes to define a reporting structure.
   UserId Attribute Subordinate	The name of the attribute in a user entry that specifies the people who report to the user. The default value is directReports, which is the attribute that Active Directory provides for this purpose. In Active Directory, directReports is linked referentially to manager, above.
   UserId Attribute Email	The name of the user attribute that specifies an email address. The default value is mail, which is the attribute that Active Directory provides for this purpose. This is used for email notifications (as defined in the Worklist Manager window for a user activity in the Business Process).
   UserId Attribute Given Name	The name of the user attribute that specifies a user’s first name. The default value is givenName, which is the attribute that Active Directory provides for this purpose. This is used during email notification.