Identity service implementation is read-only error while editing user profile

Camunda 7 Topics Discussion & Questions
1

Dear Team,

I have getting the below error while using ldap identity service having enabled the authorization plugin.
Below is my camunda.cfg.xml

<?xml version="1.0" encoding="UTF-8"?> 

<bean id="ldapIdentityProviderPlugin"
	class="org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin">

	<property name="serverUrl" value="ldap://localhost:10389/" />
	<property name="managerDn" value="cn=Sundar S,ou=users,o=camunda" />
	<property name="managerPassword" value="pass" />
	<property name="baseDn" value="o=camunda" />

	<property name="userSearchBase" value="ou=users" />
	<property name="userSearchFilter" value="(objectclass=person)" />
	<property name="userIdAttribute" value="uid" />
	<property name="userFirstnameAttribute" value="cn" />
	<property name="userLastnameAttribute" value="sn" />
	<property name="userEmailAttribute" value="mail" />
	<property name="userPasswordAttribute" value="userPassword" />

	<property name="groupSearchBase" value="ou=groups" />
	<property name="groupSearchFilter" value="(objectclass=groupOfUniqueNames)" />
	<property name="groupIdAttribute" value="ou" />
	<property name="groupNameAttribute" value="cn" />
	<property name="groupMemberAttribute" value="member" />

	<property name="authorizationCheckEnabled" value="true" />

</bean>

<bean id="administratorAuthorizationPlugin"
	class="org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin">
	<property name="administratorGroupName" value="Admin" />
	<property name="administratorUserName" value="sundar" />

</bean>

Any help is appreciated!

Thanks
Sundar

2

You can’t update user or group profiles via Camunda when using LDAP, because Camunda does not manage the users. Do that directly in your LDAP interface.

1 Like
4

@thorben
@Sundar i tried to implement from ldap interface it didn’t work
let me show u my config file
serverurl: *************
acceptuntrustedcertificates: true
allowAnonymousLogin: false
securityauthentication: simple
basedn: DC=***,DC=***,DC=Com
managerdn: CN=US_ifs_BOS_Hub_d001,OU=Applications,DC=***,DC=***,DC=com
managerpassword: *******
usersearchbase: OU=Internal,OU=Users
usersearchfilter: (objectClass=person)
useridattribute: cn
userfirstnameattribute: givenName
userlastnameattribute: sn
useremailattribute: mail
userpasswordattribute: userpassword
groupsearchbase: OU=Internal Groups
groupsearchfilter: (CN=bos-pif)
groupidattribute: cn
groupnameattribute: cn
groupmemberattribute: member
usessl: true
sortcontrolsupported: false

am not see any persons in my group even we added from Ldap interface

5

It looks like I encountered the same issue using v7.12 and SringBoot.
I declared a following bean, putting simply server url to get rid of null pointer exception

    public static LdapIdentityProviderPlugin ldapIdentityProviderPlugin(){

        LdapIdentityProviderPlugin plugin = new LdapIdentityProviderPlugin();
        plugin.setServerUrl("ldap://localhost:10389");
        return plugin;
    }

An the famous exception is being thrown:

ngframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.camunda.bpm.engine.spring.SpringProcessEngineServicesConfiguration': Unsatisfied dependency expressed through field 'processEngine'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'processEngineFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.UnsupportedOperationException: This identity service implementation is read-only.
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:643) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:130) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1422) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:594) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:879) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:878) ~[spring-context-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
	at com.lingaro.hrApp.Application.main(Application.java:11) [classes/:na]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'processEngineFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.UnsupportedOperationException: This identity service implementation is read-only.
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:101) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1818) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1266) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:260) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1510) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1467) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1250) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1207) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:640) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	... 19 common frames omitted
Caused by: java.lang.UnsupportedOperationException: This identity service implementation is read-only.
	at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:37) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:28) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:110) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:46) ~[camunda-engine-spring-7.12.0.jar:7.12.0]
	at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:44) ~[camunda-engine-spring-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:70) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:33) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.IdentityServiceImpl.newUser(IdentityServiceImpl.java:94) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.createUser(CreateAdminUserConfiguration.java:102) ~[camunda-bpm-spring-boot-starter-3.4.2.jar:3.4.2]
	at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.postProcessEngineBuild(CreateAdminUserConfiguration.java:64) ~[camunda-bpm-spring-boot-starter-3.4.2.jar:3.4.2]
	at org.camunda.bpm.engine.impl.cfg.CompositeProcessEnginePlugin.postProcessEngineBuild(CompositeProcessEnginePlugin.java:107) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.invokePostProcessEngineBuild(ProcessEngineConfigurationImpl.java:1080) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.buildProcessEngine(ProcessEngineConfigurationImpl.java:816) ~[camunda-engine-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.spring.SpringTransactionsProcessEngineConfiguration.buildProcessEngine(SpringTransactionsProcessEngineConfiguration.java:63) ~[camunda-engine-spring-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:55) ~[camunda-engine-spring-7.12.0.jar:7.12.0]
	at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:34) ~[camunda-engine-spring-7.12.0.jar:7.12.0]
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:171) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
	... 30 common frames omitted


Process finished with exit code 1

Can anyone provide more detailed instruction how to configure LDAP? I’m going to search for community projects, but I would be grateful for hints or snippets.

6

This happens when your app is trying to create the admin user usually. Dont forget to comment out the below stanza in your application.yaml file.
camunda.bpm:

admin-user:

id: demo

password: demo

firstName: Demo

lastName: Demo

1 Like
7