Reputation: 13492
Keycloak - Issues syncing users with LDAP
I installed Openldap in server and after that added the user into the ldap,below screen show show the added user through Apache Active Directory
Now in keycloak i added user federation as a openLdap and its connecting to ldap without any issue,but when i am trying to sync the user i am getting message
Success! Sync of users finished successfully. 0 imported users, 0 updated users
So no user import from ldap to keycloak ,below is the related ldap connection information in keycloak .
Upvotes: 5
Views: 23890
Answers (2)
Reputation: 13492
Thanks to @EricLavault and one of company colleague at last Keycloak able to import the user successfully. Below changes i have done to fix the issue.
- Change the
User Object Classes=* - Created a new entry
ou=Peoplethen created user under it - In Keycloak used
Users DN = ou=user,ou=people,dc=suredev20
After this its start throwing below exception
ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-1931) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: uid, user DN: cn=subodh123,ou=user,ou=People,dc=suredev20, attributes from LDAP: {sn=[joshi123], cn=[subodh123], createTimestamp=[20191118180647Z], modifyTimestamp=[20191118180647Z]}
Which is fixed by using Username LDAP attribute = cn as ldap username Attribute description in openldap case bydefault cn
Upvotes: 6
Reputation: 16035
User entries are not stored correctly in your directory. In fact you shouldn't use cn=root as a container as it's supposed to represent the directory manager and should be used for binding and other operations but not for structuring your directory.
Instead, you should use the default user container (at least for OpenLDAP and Apache DS) that is ou=people,dc=suredev20, ie. you need to move cn=subodh
- from
cn=subodh,ou=user,cn=root,dc=suredev - to
cn=subodh,ou=people,dc=suredev20
Also, in Keycloack you need to set users dn accordingly : ou=people,dc=suredev20
(you can try with ou=user,cn=root,dc=suredev without moving subodh entry but not recommended).
Upvotes: 4
Related Questions
- Keycloak federation with LDAP fails to make the connection : Error! Error when trying to connect to LDAP. See server.log for details
- Keycloak gives "Username or password is wrong" error after pressed "unlink users" button
- OpenLDAP invalid credentials immediately after setting credentials
- Migrating users from Keycloak to LDAP with passwords intact
- LDAP mixing up user credentials
- Receive invalid credentials (49)when trying to add a user to LDAP
- How to integrate OpenLDAP to Keycloak correctly?
- Sync Users between different Keycloak instances
- Keycloak says it imports users but they don't show up
- Keycloak unable to synchronize with LDAP: Synchronization ignored as it's already in progress