Multiple Active Directory-LDAP


#1

We have a scenario in our organization such that we have 2 different Active Directory instances and it is required to provide access to users in both these ADs in Camunda. I did find how to integrate a single LDAP(https://docs.camunda.org/manual/7.7/user-guide/process-engine/identity-service/).

But I was wondering if it is possible to integrate 2 different ADs/LDAPs?
Any help is much appreciated.


#2

Hi,

One ‘brute force’ way could be to write a custom plugin which bridges the two…ANother way could be to use yet another IDP which you point camunda at, and it federates across your two AD domains (for example you could use Okta as an IDP and Okta AD agents could provision each of the AD domains into a common Okta instance…

A more elegant approach would be to use federation or trust down at the AD level…

regards

Rob


#3

Hi @Webcyberrob,

We got a Proxy created in front of both the instances, which will map to both the instances. However we are facing an issue where in certain cases there are users with the same username on both instances. In this scenario we get an error “Query return 2 results instead of max 1”. I’m wondering if there is some kind of priority that can be set in Camunda configurations to allow instance 1 to be checked first and if it fails instance 2 is checked.

@camunda Is there some work around for this?