Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket)
LDAP error are logged on loading WebApps welcome page with misleading text LDAP group query returned a group with id null as the group is returned correctly but doesn't have Camunda authorizations instead.
Steps to reproduce (Required on creation)
Connect Camunda to LDAP via camunda-identity-ldap
Login and open welcome page with a user with the following properties:
User is member of a LDAP group contained in the Camunda LDAP group search base
User does not have an authorization entry for the resource Group in Camunda
Observed Behavior (Required on creation)
The following error is logged for each of the user’s groups:
org.camunda.bpm.identity.impl.ldap LDAP-00004 LDAP group query returned a group with id null. This group will be ignored. This indicates a misconfiguration of the LDAP plugin or a problem with the LDAP service. Enable DEBUG/FINE logging for details.
Expected behavior (Required on creation)
No error is logged
Root Cause (Required on prioritization)
invalidLdapEntityReturned error (link) is thrown when a group is not authorized (link and link) even though the LDAP group query returns correct the groups.
The same misleading error can be thrown for a user entity too.
Solution Ideas
Thrown a different error when entity (user/group) is not authorized.
Avoid throwing any error when entity is not authorized (behaviour prior 7.20).
Environment (Required on creation)
Camunda 7.20+ & LDAP plugin
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket)
LDAP error are logged on loading WebApps welcome page with misleading text
LDAP group query returned a group with id null
as the group is returned correctly but doesn't have Camunda authorizations instead.Steps to reproduce (Required on creation)
Observed Behavior (Required on creation)
The following error is logged for each of the user’s groups:
Expected behavior (Required on creation)
No error is logged
Root Cause (Required on prioritization)
invalidLdapEntityReturned
error (link) is thrown when a group is not authorized (link and link) even though the LDAP group query returns correct the groups. The same misleading error can be thrown for a user entity too.Solution Ideas
Hints
Links
Breakdown
Dev2QA handover