Identity service implementation is read-only error while editing user profile


#1

Dear Team,

I have getting the below error while using ldap identity service having enabled the authorization plugin.
Below is my camunda.cfg.xml

<?xml version="1.0" encoding="UTF-8"?>

<bean id="ldapIdentityProviderPlugin"
	class="org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin">

	<property name="serverUrl" value="ldap://localhost:10389/" />
	<property name="managerDn" value="cn=Sundar S,ou=users,o=camunda" />
	<property name="managerPassword" value="pass" />
	<property name="baseDn" value="o=camunda" />

	<property name="userSearchBase" value="ou=users" />
	<property name="userSearchFilter" value="(objectclass=person)" />
	<property name="userIdAttribute" value="uid" />
	<property name="userFirstnameAttribute" value="cn" />
	<property name="userLastnameAttribute" value="sn" />
	<property name="userEmailAttribute" value="mail" />
	<property name="userPasswordAttribute" value="userPassword" />

	<property name="groupSearchBase" value="ou=groups" />
	<property name="groupSearchFilter" value="(objectclass=groupOfUniqueNames)" />
	<property name="groupIdAttribute" value="ou" />
	<property name="groupNameAttribute" value="cn" />
	<property name="groupMemberAttribute" value="member" />

	<property name="authorizationCheckEnabled" value="true" />

</bean>

<bean id="administratorAuthorizationPlugin"
	class="org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin">
	<property name="administratorGroupName" value="Admin" />
	<property name="administratorUserName" value="sundar" />

</bean>

Any help is appreciated!

Thanks
Sundar


#2

You can’t update user or group profiles via Camunda when using LDAP, because Camunda does not manage the users. Do that directly in your LDAP interface.


#4

@thorben
@Sundar i tried to implement from ldap interface it didn’t work
let me show u my config file
serverurl: *************
acceptuntrustedcertificates: true
allowAnonymousLogin: false
securityauthentication: simple
basedn: DC=***,DC=***,DC=Com
managerdn: CN=US_ifs_BOS_Hub_d001,OU=Applications,DC=***,DC=***,DC=com
managerpassword: *******
usersearchbase: OU=Internal,OU=Users
usersearchfilter: (objectClass=person)
useridattribute: cn
userfirstnameattribute: givenName
userlastnameattribute: sn
useremailattribute: mail
userpasswordattribute: userpassword
groupsearchbase: OU=Internal Groups
groupsearchfilter: (CN=bos-pif)
groupidattribute: cn
groupnameattribute: cn
groupmemberattribute: member
usessl: true
sortcontrolsupported: false

am not see any persons in my group even we added from Ldap interface