Jacobs2000
Reputation: 928
Keycloak LDAP integration: using of Custom User LDAP Filter to filter by group
I am trying to integrate LDAP Active Directory with Keycloak. I have been able to synchronize LDAP users using Custom User LDAP Filter that filters by LDAP attributes - (theAttribute=theValue). Is there a way/syntax to filter by groups? For example, say I have Active Directory group "My Group" and I want to synchronize to Keycloak only users in that group. What would be the search Custom User LDAP Filter?
Upvotes: 6
Views: 16186
Answers (1)
Kohei TAMURA
Reputation: 5122
How about memberOf? For example:
(&(objectCategory=Person)(sAMAccountName=*)(theAttribute=theValue)(memberOf=cn=My Group,dc=example,dc=com))
Please refer to RFC2254 "The String Representation of LDAP Search Filters" more details:
Upvotes: 12
Related Questions
- Keycloak - user attributes that are specific to groups
- Mapping LDAP groups to existing keycloak groups
- Keycloak: map ldap groups to springboot roles
- How to search users inside group in Keycloak?
- Assign different default user groups in Keycloak based on different LDAP user federation
- Limit available groups for specific user in keycloak
- Map LDAP specific attribute to Keycloak roles
- LDAP and group filter
- LDAP filter to only allow users that have a group membership
- LDAP filter - retrieve all users in a given group