LDAP integration

Hi Team,

i was able to successfully integrate with LDAP , i have created one user which is under admin, but using this user i am not able to create a new group or add any new user to admin group. Getting below exception.

Failed :
GROUP_CREATE_MESSAGE_ERROR

20:58:36,274 WARNING [ExceptionHandler] (default task-60) org.camunda.bpm.engine.rest.exception.InvalidRequestException: Identity service implementation is read-only.
at org.camunda.bpm.engine.rest.impl.GroupRestServiceImpl.createGroup(GroupRestServiceImpl.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

if you integrate with LDAP camunda should never be used to create users or groups. They should be created directly via your LDAP server.

Hi @Niall,

how can we manage authorizations for different users for camunda cockpit ?

Regards,
Praveen

You should create authorizations in Camunda but not users and groups.

1 Like

Thanks @Niall for reply, but i got below error when i logged into cockpit using a user who got admin previlage and trying to manage authorizations.

Failed :
GROUP_CREATE_MESSAGE_ERROR

20:58:36,274 WARNING [ExceptionHandler] (default task-60) org.camunda.bpm.engine.rest.exception.InvalidRequestException: Identity service implementation is read-only.
at org.camunda.bpm.engine.rest.impl.GroupRestServiceImpl.createGroup(GroupRestServiceImpl.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)