IBM BPM, V8.0.1, All platforms > Get started with IBM BPM > Key concepts > BPEL processes and human tasks > Human tasks overview > Authorization and people assignment > People resolution
People directory providers and configurations
Business Process Choreographer uses people directory providers as adapters for accessing people directories. You can configure virtual member manager, LDAP, the user registry, and the system people directory providers to retrieve user information.
The decision on which people directory provider to use depends on the support that you need from people resolution. To exploit all of the people assignment features offered by Business Process Choreographer, use virtual member manager.
All people directory providers are made available at the node level.
- Virtual member manager people directory provider
- The virtual member manager people directory provider is used to access WebSphere Application Server federated
repositories. You can use this provider to exploit the following aspects
of people resolution:
- Federated repository features, including the use of various repositories, such as file and database repositories, LDAP directories, the property extension repository, and the federation of repositories
- Email notification for escalations
- Substitution for absentees
- All of the predefined people assignment criteria
- Lightweight Directory Access Protocol (LDAP) people directory provider
- The LDAP people directory provider is used to access an LDAP directory directly without using WebSphere Application Server. In most
cases, the WebSphere Application Server security
realm is set to Stand-alone LDAP registry, and configured to point to the same LDAP directory as the one referenced by the LDAP people directory provider. You can use this provider to exploit the following aspects of people resolution:
- Email notification for escalations
- All of the predefined people assignment criteria
- User registry people directory provider
- You can use the user registry people directory provider to access the following people directories with WebSphere Application Server: the local
operating system, a stand-alone LDAP registry, or a stand-alone custom registry. The people directory that is used depends on the configuration of the application server security realm. You can use this provider to exploit the following aspects of people resolution:
- Minimum configuration of the people directory provider for Business Process Choreographer because the repository is determined by the security realm for the application server
- A limited set of predefined people assignment criteria. The user registry people directory provider can resolve users and groups, but not employee to manager relationships, user properties, or email addresses.
- System people directory provider
- The system people directory provider has limited people resolution support. Because the system provider supports only hard-coded queries, it is suitable only for test purposes.
All of the people directory configurations require that WebSphere Application Server administrative and application security are enabled.
Each of the people directory providers can be associated with one or more people directory provider configurations. All of the configurations, except the LDAP people directory provider, are ready to use. For the virtual member manager people directory provider, the federated repositories functionality must be configured in WebSphere Application Server. For the LDAP provider configuration, the required connection parameters must be set. In addition, the transformation file for the LDAP provider configuration must be customized.
Each of the configurations is uniquely identified by its Java™ Naming Directory (JNDI) name. The JNDI names are the link between a task template definition and the people directory configuration that is to be used for resolving the people assignments to task roles. Use Integration Designer to specify the configuration name for a task template. If you are defining tasks at run time using the task creation API, you can specify the configuration name directly in the API. Different task templates can reference different people directory configurations.
After a task template is deployed, the people directory configuration name is fixed for the lifetime of the deployed template. If you need to change the people directory that is associated with the template, use Integration Designer to change the JNDI name of the people directory configuration that is defined for the task template definition, and deploy the template again.
Related information:
Configure the LDAP people directory provider
Configure the Virtual Member Manager people directory provider
Federated repositories