[keycloak-user] Issues syncing users with LDAP (Keycloak v1.3.1/v1.2.0)

[Marek Posolda]

On 7.7.2015 13:44, Nair, Rajat wrote:
>
> Hi,
>
> I have setup LDAP server and configured Keycloak (under User 
> Federation) to communicate with LDAP. Test connection and test 
> authentication both work and Keycloak “seems” to be communicating with 
> LDAP successfully, but when I try to sync users, no data is imported 
> to Keycloak. I have tried with Keycloak release 1.3.1 and 1.2.0 Final. 
> Also tried with simple LDAP schema (ou=customers,dc=xyz,dc=com) but 
> still no luck.
>
> I’m attaching my LDAP setting (from phpLdap) and my Keycloak settings 
> – could this be configuration issues?
>
Yes, for "User Object classes" you are supposed to enter all values of 
objectClass attribute of your typical user record in LDAP. For your 
case, it might be sufficient to enter just value "inetOrgPerson" .

In latest master, I've improved the description of User Object classes 
tooltip a bit to clearify this a bit more.  Let me know if still seeing 
issues.

Thanks,
Marek
>
> On Keycloak logs, I can see –
>
> 06:32:57,286 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default 
> task-15) Sync all users from LDAP to local store: realm: 
> 4b921ecb-e068-41d0-956d-fea12f2706cf, federation provider: myldapserver
>
> 06:32:57,301 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default 
> task-15) Sync all users finished: 0 imported users, 0 updated users, 0 
> removed users
>
> Any way I can debug further to figure out what is going on? Currently, 
> Keycloak and LDAP are setup on different boxes.
>
> -- Rajat
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150708/7dbbcf34/attachment.html