[keycloak-user] Problems Authenticating with OpenLDAP

robinfernandes . robin1233 at gmail.com
Fri Oct 31 09:36:04 EDT 2014 

Hi,

Thanks Marek for the clarity on the mapping of LDAP attributes to
attributes of user account. It gives us more confidence now moving forward
with our implementation.

Thanks,
Robin

On Fri, Oct 31, 2014 at 5:41 AM, Marek Posolda <mposolda at redhat.com> wrote:

>  Hi,
>
> for servers like OpenLDAP it's supposed that "uid" contains username of
> the user (and I think that if you change "Vendor" combobox to "Other", it
> will also change the "Username LDAP Attribute" too). Using "cn" is supposed
> to be used mainly for servers like Active Directory.
>
> The root issue is, that right now we don't support dynamic mapping of LDAP
> attributes to attributes of user account. For servers like OpenLDAP we have
> some hard-coded mapping (like "cn" from LDAP is mapped to user's firstName
> in Keycloak, "sn" from LDAP is mapped to user's lastName in Keycloak and
> "mail" from LDAP is mapped to user's email in KC).
>
> We have plan to support dynamic attributes mapping in the future, so you
> will be able to configure that for example: "cn" is mapped to Keycloak
> username, "givenName" is mapped to firstName, "sn" to lastName etc. JIRA is
> already created https://issues.jboss.org/browse/KEYCLOAK-599 but right
> now, it's maybe not the biggest priority (feel free to vote in JIRA if you
> want prioritize)
>
> Marek
>
>
> On 29.10.2014 19:54, robinfernandes . wrote:
>
> Hi,
>
> We are also testing with the same OpenLDAP version and the connection is
> not a problem. The "Test Authentication" and the "Test Connection" works
> just fine.
> Below are the screenshots of my configuration. In the LDAP Provider
> Settings in Keycloak if we use "*Username LDAP attribute = uid*" it works
> well. However if we use "*Username LDAP attribute = cn*" it fails to
> authenticate. Have u faced a similar problem?
>
> [image: Inline image 1]
>
>
>
> [image: Inline image 2]
>
> On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
>>  Hi,
>>
>> we are testing with OpenLDAP 2.4 and works fine. Are you using different
>> version?
>>
>> Also can't be problem in the slow connection to LDAP server? On LDAP
>> configuration screen in Keycloak admin console, you can try "Test
>> Connection" or "Test Authentication" . Works this well for you?
>>
>> If connection is not a problem, maybe you can send exception stacktrace
>> and your LDAP configuration (Once you configure LDAP, there should be
>> message in server.log like "INFO
>> [org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating new LDAP
>> based partition manager for the Federation provider...." with details about
>> LDAP configuration. It may help if you send it here as well)
>>
>> Thanks,
>> Marek
>>
>>
>> On 23.10.2014 17:13, robinfernandes . wrote:
>>
>>  Hi guys,
>>
>> I am using *Keycloak 1.0.1* final and I have integrated it with
>> *OpenLDAP*.
>> When I try to authenticate the user which is in LDAP, it is not able to
>> authenticate it and the exception that comes up is "
>> *org.h2.jdbc.JdbcSQLException: Timeout trying to lock table "USER_ENTITY"
>> ; " *
>> Is there anyone who has faced this problem? Is there a way to set the
>> lock table timeout to be more than what it is by default?
>>
>> The other thing is, I tried authenticating with *Active Directory *and
>> it works just fine. So I am guessing the problem is limited to OpenLDAP.
>>
>> Any help would be appreciated.
>>
>> Thanks,
>> Robin
>>
>>
>>
>>  _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141031/052d57e4/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 38257 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20141031/052d57e4/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 45802 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20141031/052d57e4/attachment-0003.png

More information about the keycloak-user mailing list