[keycloak-user] LDAP configuration

Marek Posolda mposolda at redhat.com
Tue Jun 9 10:07:12 EDT 2015


You did not include whole exception though. Especially you omit on which 
line NullPointerException is thrown, which is most important here. Could 
you also please enable TRACE logging for 
org.picketlink.idm.ldap.internal.LDAPIdentityStore and send some log 
snippet with few lines before this exception is thrown?

Thanks,
Marek

On 8.6.2015 21:58, Ayrton Araújo wrote:
> Okay,
>
> as your suggestion I changed to the complete DN, but now I get this:
>
> Caused by: org.picketlink.idm.IdentityManagementException: 
> PLIDM000501: Could not query IdentityType using query 
> [org.picketlink.idm.query.internal.D
> efaultIdentityQuery at 69d4fcb8].
> at 
> org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:236)
> at 
> org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:190)
> ... 57 more
> Caused by: org.picketlink.idm.IdentityManagementException: Could not 
> populate attribute type org.picketlink.idm.model.basic.User at 8665a20.
> at 
> org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:815)
> at 
> org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:682)
> at 
> org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231)
> ... 58 more
> Caused by: java.lang.NullPointerException
>
>
> Em quinta-feira, 21 de maio de 2015, Marek Posolda 
> <mposolda at redhat.com <mailto:mposolda at redhat.com>> escreveu:
>
>     On 20.5.2015 22:00, Ayrton Araújo wrote:
>>     I'm trying do add a new user federation provider for integrate
>>     keycloak with a ldap server.
>>
>>     The parameters:
>>     Console display name -> Active Directory
>>     Priority -> 0
>>     Edit Mode -> READ_ONLY
>>     Sync Registrations -> OFF
>>     Vendor -> Active Directory
>>     Username LDAP attribute -> sAMAccountName
>>     User Object Classes -> person, organizationPerson, user
>>     Connection URL -> ldap://dom.example.com:389
>>     <http://dom.example.com:389/>
>>     Base DN -> DC=dom,DC=example,DC=com
>>     User DN Suffix -> CN=Users
>>     Bind DN -> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com
>>     Bind Credential -> ********
>>     Connection pooling -> ON
>>     Pagination -> ON
>>     Enable Account After Password Update -> OFF
>>     Batch Size -> 100
>>     Periodic Full Sync -> OFF
>>     Periodic changed users sync -> ON
>>     Changed users sync period -> 86400
>>
>>     I tried change User DN Suffix to only Users, but it not works.
>>     The log always saying:
>>     LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem
>>     5012 (DIR_ERROR)
>>     And it says this when it tries to parse the User DN Suffix.
>     Currently "User DN Suffix" is supposed to contain whole DN. So in
>     your case it should be probably something like:
>     CN=Users,DC=dom,DC=example,DC=com
>
>     I agree that name of the parameter "User DN Suffix" is misleading.
>     It will be improved in next version ( 1.3.0.Beta1 ) and also it
>     will be possible to configure more User DNs to search for users.
>
>     Marek
>>
>>     Theres something wrong with my conf?
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org  <javascript:_e(%7B%7D,'cvml','keycloak-user at lists.jboss.org');>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> -- 
> Ayrton Araújo
> "If you can tell the false from the true you are already a scientist."
>
> --
> http://ayr-ton.net/
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150609/8cb9bc12/attachment-0001.html 


More information about the keycloak-user mailing list