[keycloak-user] Sync users or direct login failed even after succesfull connection with OpenLDAP
Lahari
lahari.guntha at tcs.com
Thu Dec 14 08:15:34 EST 2017
Hello,
We have been facing this Issue from long time..But Unable to figure out if
this is with Keycloak or OpenLdap..
Could you please help us by understanding the below scenario in Integrating
Keycloak with OpenLDAP
In user federation we have added an OpenLDAP server with the required
details and the "TestConnection" and "Test Authentication" got succeded.
But when we tried to sync users we are getting the below Exception:
12:22:21,866 ERROR
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default
task-23) Could not query server using DN [o=foo] and filter
[(&(ou=External,ou=People,o=foo)(objectclass=posixAccount)(objectclass=top)(objectclass=inetOrgPerson)(objectclass=organizationalPerson)(objectclass=person)(objectclass=shadowAccount))]:
javax.naming.OperationNotSupportedException: [LDAP: error code 12 - The
server is not configured to pass through control 1.2.840.113556.1.4.319];
remaining name 'o=foo'
After searching for above error..we found/suspected
(Link:https://kb.informatica.com/solution/21/Pages/136192.aspx) that it is
because of some pagination issue with both Keycloak and LDAP provider end.So
we disabled the pagination and tried to login directly.But here also we are
getting the Error like "User not found".
Erro log:
12:34:46,141 WARN [org.keycloak.events] (default task-12) type=LOGIN_ERROR,
realmId=Test, clientId=http://10.50.68.44:8080, userId=null,
ipAddress=10.125.155.49, error=user_not_found, auth_method=saml,
redirect_uri=http://10.50.68.44:8080/plugins/servlet/saml/auth,
code_id=6c3359b4-0c36-4b8e-9924-7acbd3439155, username=user1
The User we tried is the same user that was given in the "Bind Credentials"
field and the "Test Authentication" was succeded.
Please help us what extra information to be configured to achieve this.
Please find the attachmnets for the configuration of OpenLDAP with Keyclaok:
<http://keycloak-user.88327.x6.nabble.com/file/t585/ldap2.png>
<http://keycloak-user.88327.x6.nabble.com/file/t585/ldap1.png>
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
More information about the keycloak-user
mailing list