LDAP Administrator Group not authorized

Hi,
I am integrating LDAP into the engine. I can login with my user to the welcome page. My user data is displayed correctly but there are no apps in the Application container and I cannot login in Cockpit, Admin or Tasklist (Error message: Wrong credentials or missing access rights to application). My user is part of the LDAP group that I configured as the administrator-group in bpm-platform.xml
The groupMemberAttribute is also configured correctly.
I can also see with wireshark that the ldap group query contains the admin group and the member attribute is filled with my DN.
Because I can login to the welcome page I suspect that I cannot login to the admin/tasklist/cockpit because my membership to the admin group is not matched correctly.

How do I debug from here?

Edit: I disabled authorization. Then I could login to the Admin panel. There I could see that the groupId that I configured (GUID) was wrong. The GUID is not a String, it was a hex. Camunda could not interpret this correctly and logged a warning to the console because the group could not be identified. I then changed the groupId Attribute and it works.

Can be closed.

I have the same problem. Where is this GUID ? Is it LDAP?

In my bpm-platform.xml I configured those two properties:

cn
name

The wrong configuration was:
guid

Does this help you?

1 Like

I’m using Spring Boot deployment so I have to find out how that maps to what we have. I don’t get that start up warning you mentioned either so might not be exactly the same issue. I appreciate the response nevertheless.