[keycloak-user] CN= is not being sent when creating users in LDAP

[Thomas Barcia]

I have a user federation connected to Active Directory that works for authenticating users but I'm trying to create / modify LDAP users and it appears that I'm getting the error ENTRY_EXISTS because it's not filling the CN= attribute:

Caused by: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00002071: UpdErr: DSID-0305038D, problem 6005 (ENTRY_EXISTS), data 0

In an attempt to get this working I've made the following changes to the federation:

Changed Sync Registrations to ON
Ensured RDN LDAP attribute set to cn
Created a mapper called "fullname"; Mapper Type: "Full Name"; category "Attribute Mapper"; Type "Full Name"; LDAP Full Name Attribute: cn; read only OFF; write only: OFF

Can anybody help me with what I missed?


*** This communication has been sent from World Fuel Services 
Corporation or its subsidiaries or its affiliates for the intended recipient 
only and may contain proprietary, confidential or privileged information. 
If you are not the intended recipient, any review, disclosure, copying, 
use, or distribution of the information included in this communication 
and any attachments is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to this 
communication and delete the communication, including any 
attachments, from your computer. Electronic communications sent to or 
from World Fuel Services Corporation or its subsidiaries or its affiliates 
may be monitored for quality assurance and compliance purposes.***

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160907/82966b36/attachment-0001.html