[keycloak-user] Two realms; one LDAP; one namespace?
Marek Posolda
mposolda at redhat.com
Mon May 16 02:33:07 EDT 2016
On 13/05/16 16:58, Jason Axley wrote:
>
> Just configured two different realms pointing to the same LDAP
> directory. Logged into master via LDAP the first time. The second
> time, logged into another realm with the same user and got an error
> “Email already exists.”
>
> Shouldn’t the realms be independent of one another? It seems like
> there is a universal namespace for users that crosses realms. Is that
> intended? What is the “Keycloak way” to handle this situation if it’s
> by design?
>
yes, realms should be independent on each other. And AFAIK they are.
I've just tried the scenario you described and wasn't able to reproduce
with steps you provided. I have user "john" successfully imported from
same LDAP in both "realm-a" and "realm-b".
The fact that you had "Email already exists" in "realm-b" is maybe not
related to the fact that you previously logged to "realm-a". You can try
to see admin console and list of users in "realm-b" and doublecheck if
there is really not a already existing user with the conflicting email.
Marek
>
> -Jason
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160516/1b6a6723/attachment.html
More information about the keycloak-user
mailing list