LDAP Plugin - Bind failed: Attempt to lookup non-existant entry

Hi,
I have got ldap testserver for test cases and connect camunda tasklist via LDAP Identity Provider Plugin.
It works without managerDN. But then my user ofv2admin is not allowed to create groups in the admin view and this is what I need.

Here is a screenshot of my structure:

I configured standalone.xml with the plugin:

					  <plugin>
      <class>org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin</class>
      <properties>
		
	<property name="serverUrl">ldap://212.201.31.193:10389/</property>
 		<property name="managerDn">uid=ofv2admin,dc=ofv,dc=de</property>
      <property name="managerPassword">ofv2admin</property>
 
        <property name="baseDn">dc=ofv,dc=de</property>

        <property name="userSearchBase">ou=Users</property>
        <property name="userSearchFilter">(objectclass=person)</property>

       <property name="userIdAttribute">uid</property>
        <property name="userFirstnameAttribute">cn</property>
        <property name="userLastnameAttribute">sn</property>
        <property name="userEmailAttribute">mail</property>
        <property name="userPasswordAttribute">userpassword</property>

      </properties>
    </plugin>
    <plugin>
      <class>org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin</class>
      <properties>
        <property name="administratorUserName">ofv2admin</property>
      </properties>
    </plugin>

Any ideas? Perhaps @Ingo_Richtsmeier :wink: Thank you!

Hi @NickiMueller,

If you want to do this with Admin, it is not possible as the LDAP Plugin is ReadOnlyIdenityProvider.

You have to manage the groups, users and memberships in the LDAP interface.

But I havn’t done this by myself…

Hope this helps, Ingo

Hi @Ingo_Richtsmeier ,

thank you for the quick reply.
I do not have write access to the ldap of our company, so I can not do it in that way.

Ok, then the only solution I think which is possible would be creating users and groups in camunda programmatically and only manage authorizations with the ofv2admin.

Have a nice day. Nicole

Hi @NickiMueller,

ususally I go to the admin of the LDAP server and ask him or her to add the group…

Hi @Ingo_Richtsmeier ,
yes that would be great…but in our case it is not possible. My project is “too small” and “to unimportant” …
I do not even get a testuser account. (So I had to setup a ldap test server by myself… :roll_eyes:)

Perhaps when the project goes live and becomes more important.

Hi @Ingo_Richtsmeier ,
I tried to create groups programmatically with activated ldap connection. Thats not possible because identityService is read only…
So I think I can not use the ldap plugin.
:smirk:
I think I will beg for a camunda-admin ldap group again…and hope the administrator will be gracious.