[keycloak-user] Active Directory Realm question.

Marek Posolda mposolda at redhat.com
Tue Nov 4 14:58:31 EST 2014


Hi,

after "Synchronize all users" you should be able to see all users from 
LDAP, not just those which already authenticated in Keycloak. For your 
LDAP tree, I believe that Base DN should be "DC=acme,DC=com" and User DN 
should be "OU=acmeUsers,DC=acme,DC=com" . Please let me know if it helps.

Marek

On 4.11.2014 14:58, Patrick V. Madden wrote:
> Hi,
>
> Hope this doesn't post twice....
>
> I am running a local 1.0.4.Final build on my local machine to do some 
> testing.
>
> I have a quick question regarding an Active Directory Realm that I am 
> trying to configure. I am able to successfully test the connection and 
> test authentication using Bind DN and Bind Credential and Connection URL.
>
> I can connect via an external LDAP browser using same credential and 
> browse the directory.
>
> When I click Synchronize all users button it says it is successful. 
> However, when I go back to search page I get nothing when I enter a 
> username. When I click show all users it shows nothing. I was hoping 
> it would show me a list of all users in the search tree based on my 
> settings.
>
> Lets assume my company is acme.com. When I look at browser it shows:
>
> RootDSE
>     +---DC=acme,DC=com
>        +---OU=acmeUsers
>            +---CN=John Doe
>              ---CN=Jane Doe
>              ---CN=Joe Blow
>
> I want the users to be in OU=acmeUsers,DC=acme,DC=com
>
> And yes OU=acmeUsers is what I need...
>
> So what would I put in for Base DN and User DN Suffix to get it to 
> show a list of all users in the directory?
>
> Or does it only show users that have logged into the Realm via a web app?
>
> Hope this makes sense.
>
> Regards,
>
> *Patrick Madden*
> Principal Design Engineer
> *Tom Sawyer Software <http://www.tomsawyer.com/>*
> 1997 El Dorado Avenue
> Berkeley, CA 94707
>
> Cell: +1 (845) 416-4629 <callto:+1%20%28845%29%20416-4629>
> E-mail: pmadden at tomsawyer.com <mailto:pmadden at tomsawyer.com>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141104/3b219d9d/attachment.html 


More information about the keycloak-user mailing list