[keycloak-user] No LDAP Group Attribute mapper in Keycloak?
Marek Posolda
mposolda at redhat.com
Wed Feb 3 08:06:25 EST 2016
This is actually supported. If you look at LDAP Group mapper, you can
see field "Mapped Group Attribues" . Here you can specify list of
attributes, which will be mapped from LDAP group to Keycloak group and
viceversa.
There is one limitation, that name of attribute needs to be same on both
places (ie. you can map LDAP attribute "description" to Keycloak
attribute "description" . But you can't map LDAP attribute "description"
to Keycloak attribute "foo" ). Feel free to create JIRA if this is
limiting you. I've actually go simple way, but it can be improved if
there is additional demand.
Marek
On 02/02/16 17:45, Edgar Vonk - Info.nl wrote:
> Hi,
>
> If I am correct there is no LDAP Group Attribute mapper in Keycloak right? There is a User Attribute mapper and there is a Group Mapper but group attributes in LDAP cannot be synched to and from Keycloak at the moment?
>
> I guess it should not be too hard to write an LDAP Group Attribute mapper should we want to?
>
> cheers
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list