Configure LDAP to connect to existing active directory


#1

I want to connect camunda’s identity service to existing AD. How do I configure this.


#2

You can take a look at the docs on the Identity Service. It explains how to connect LDAP to Camunda


#3

Thanks Niall, I would like to configure the LDAP using annotations, I can see that the configurations in the link you sent is in XML. Does camunda have annotations to configure LDAP?


#4

Hi @ebenezergraham

you could do something like this using Spring:

import org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;


@Configuration
public class LdapConfiguration {

	@Value("${security-conf.ldap.url}")
	private String ldapUrl;

	@Value("${security-conf.ldap.user.name}")
	private String ldapUserName;

	@Value("${security-conf.ldap.user.password}")
	private String ldapUserPassword;
	
	@Value("${security-conf.admin.user}")
	private static String adminUser;

	@Bean
	public LdapIdentityProviderPlugin ldapIdentityProviderPlugin(){
		LdapIdentityProviderPlugin plugin = new LdapIdentityProviderPlugin();
		
		plugin.setServerUrl(ldapUrl);
		plugin.setAcceptUntrustedCertificates(false);
		plugin.setAllowAnonymousLogin(false);
		plugin.setAuthorizationCheckEnabled(true);

		plugin.setUseSsl(true);
		plugin.setSecurityAuthentication("simple");
		// manager Einstellungen
		plugin.setBaseDn("");
		plugin.setManagerDn(ldapUserName);
		plugin.setManagerPassword(ldapUserPassword);
		
		plugin.setUserSearchBase("");
		plugin.setUserSearchFilter("");
		plugin.setUserIdAttribute("");
		plugin.setUserFirstnameAttribute("");
		plugin.setUserLastnameAttribute("");
		plugin.setUserEmailAttribute("");
		plugin.setUserPasswordAttribute("");

		plugin.setGroupSearchBase("");
		plugin.setGroupSearchFilter("");
		plugin.setGroupIdAttribute("");
		plugin.setGroupNameAttribute("");
		plugin.setGroupMemberAttribute("");

		return plugin;
	}
}

#5

Thanks :slight_smile: