Users from LDAP, local groups

I successfully connected Camunda to an OpenLDAP instance, and I was able to read users and groups. My target configuration should be a mixed one:

  • Users from LDAP
  • Groups defined locally in Camunda DB

Authorizations would then be mixed. Is it a real/meaningful/feasible situation? It appears that if you activate the LDAP plugin everything goes read-only (users and groups), so I suspect that the answer is ‘no’

Hi @Diego_Pascotto,

let me cite from the docs here:

The identity service provider is implemented as a Process Engine Plugin and can be added to the process engine configuration. In that case it replaces the default database identity service.

Since process engine plugins usually override the process engine configuration, it makes sense that enabling the LDAP plugin overrides the default user handling. So, unfortunately, I think there is no way of combining both ways of user handling.


1 Like

Thanks, this is exactly what I suspected

Isn’t it possible to write our own implementation of the Process Engine plugin? So that we can use LDAP users with Camunda memberships and groups?

Hi @elif,

yes, thats possible and the common way to solve special use cases like this.

Hope this helps, Ingo

1 Like

Hi @Ingo_Richtsmeier,

Yes it does. Thank you.