I successfully connected Camunda to an OpenLDAP instance, and I was able to read users and groups. My target configuration should be a mixed one:
Authorizations would then be mixed. Is it a real/meaningful/feasible situation? It appears that if you activate the LDAP plugin everything goes read-only (users and groups), so I suspect that the answer is ‘no’
Hi @Diego_Pascotto,
let me cite from the docs here:
The identity service provider is implemented as a Process Engine Plugin and can be added to the process engine configuration. In that case it replaces the default database identity service.
Since process engine plugins usually override the process engine configuration, it makes sense that enabling the LDAP plugin overrides the default user handling. So, unfortunately, I think there is no way of combining both ways of user handling.
Cheers,
Miklas
Thanks, this is exactly what I suspected
Isn’t it possible to write our own implementation of the Process Engine plugin? So that we can use LDAP users with Camunda memberships and groups?
Hi @elif,
yes, thats possible and the common way to solve special use cases like this.
Hope this helps, Ingo