[keycloak-user] Active Directory Realm question.
mposolda at redhat.com
Tue Nov 4 14:58:31 EST 2014
after "Synchronize all users" you should be able to see all users from
LDAP, not just those which already authenticated in Keycloak. For your
LDAP tree, I believe that Base DN should be "DC=acme,DC=com" and User DN
should be "OU=acmeUsers,DC=acme,DC=com" . Please let me know if it helps.
On 4.11.2014 14:58, Patrick V. Madden wrote:
> Hope this doesn't post twice....
> I am running a local 1.0.4.Final build on my local machine to do some
> I have a quick question regarding an Active Directory Realm that I am
> trying to configure. I am able to successfully test the connection and
> test authentication using Bind DN and Bind Credential and Connection URL.
> I can connect via an external LDAP browser using same credential and
> browse the directory.
> When I click Synchronize all users button it says it is successful.
> However, when I go back to search page I get nothing when I enter a
> username. When I click show all users it shows nothing. I was hoping
> it would show me a list of all users in the search tree based on my
> Lets assume my company is acme.com. When I look at browser it shows:
> +---CN=John Doe
> ---CN=Jane Doe
> ---CN=Joe Blow
> I want the users to be in OU=acmeUsers,DC=acme,DC=com
> And yes OU=acmeUsers is what I need...
> So what would I put in for Base DN and User DN Suffix to get it to
> show a list of all users in the directory?
> Or does it only show users that have logged into the Realm via a web app?
> Hope this makes sense.
> *Patrick Madden*
> Principal Design Engineer
> *Tom Sawyer Software <http://www.tomsawyer.com/>*
> 1997 El Dorado Avenue
> Berkeley, CA 94707
> Cell: +1 (845) 416-4629 <callto:+1%20%28845%29%20416-4629>
> E-mail: pmadden at tomsawyer.com <mailto:pmadden at tomsawyer.com>
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user