Camunda 8.8 self-managed LDAP configuration

Bishal072 · June 17, 2025, 11:50am

Hi everyone,

I’m currently working on integrating Camunda with Keycloak and LDAP. I’ve successfully connected Keycloak with LDAP using Apache Directory Studio and Apache DS. However, I’m facing issues connecting Keycloak with Camunda. Here are the details of my setup:

Operating System: Windows
Camunda Version: C8run 8.8 Alpha self managed
Keycloak Version: Latest
LDAP Tool: Apache Directory Studio and Apache DS

nathan.loding · June 17, 2025, 1:11pm

Hi @Bishal072, welcome to the forums! What have you already tried? Are you seeing errors in the logs? Can you share the configs you tried already?

Bishal072 · June 17, 2025, 5:48pm

Hi @nathan.loding
I’m trying to integrate Camunda 8.8.0-alpha5 with LDAP authentication on my local system, but I do not have access to Docker. I attempted to configure the connection using environment variables, and while I’m not seeing any errors, I’m also not sure if the setup is actually working or if I’m heading in the right direction.

Here’s the configuration I’m using:

ELASTICSEARCH_VERSION=8.17.3
CAMUNDA_VERSION=8.8.0-alpha5
CONNECTORS_VERSION=8.8.0-alpha5
COMPOSE_TAG=8.7
COMPOSE_EXTRACTED_FOLDER=docker-compose-8.7
SPRING_PROFILES_ACTIVE=ldap-auth

CAMUNDA_OPERATE_LDAP_URL=ldap://localhost:10389
CAMUNDA_OPERATE_LDAP_BASEDN=dc=example,dc=com
CAMUNDA_OPERATE_LDAP_MANAGERDN=cn=admin,dc=example,dc=com
CAMUNDA_OPERATE_LDAP_MANAGERPASSWORD=secret
CAMUNDA_OPERATE_LDAP_USERSEARCHFILTER=uid={0}
CAMUNDA_OPERATE_LDAP_USERSEARCHBASE=ou=users,dc=example,dc=com
CAMUNDA_OPERATE_LDAP_USERIDATTRNAME=uid
CAMUNDA_OPERATE_LDAP_DISPLAYNAMEATTRNAME=cn
I’m not using Docker, so I’m trying to run everything manually or through local builds. I haven’t found clear documentation for setting up LDAP with Camunda 8 in a non-Docker environment.

My questions:

Is this the correct way to configure LDAP for Camunda without Docker?

nathan.loding · June 17, 2025, 6:46pm

@Bishal072 - that will enabled LDAP authentication for Operate but not for the rest of the stack. That also bypasses Keycloak. I think the best approach is to use Keycloak with Identity, and configure your LDAP provider/user federation within Keycloak.

The 8.8-alpha5 build is an alpha, so there may be issues; it might be better to work on the stable 8.7 release.

system · September 15, 2025, 6:47pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.