[keycloak-user] [Keycloak][Ldap Federation][Custom User LDAP Filter]
Marek Posolda
mposolda at redhat.com
Wed Feb 8 03:03:36 EST 2017
On 07/02/17 16:12, Salvatore Incandela wrote:
> Hi Guys, I'm configuring keycloak 7.0 with Ldap Federation, I put a custom
> query in the *Custom User LDAP Filter* parameter ("(title=enabled)"), but
> this seems to be ignored.
> Looking on the LDAPIdentityStore.fetchQueryResults method. It seems that
> once an EqualsCondition was found this one is considered and the others
> ignored.
>
> *if (condition instanceof EqualCondition) {*
> .
> .
> return results;
> }
Nope, if you look at the code more deeply, you can find that this one is
used just for the special case when you query by UUID.
Maybe it can help to enable TRACE logging for the class
org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore in your
standalone.xml . With this enabled, you should be able to see some
additional logging messages in server.log like:
TRACE Using filter for LDAP search: ...
you can see in which DN you're searching and how exactly your LDAP
filter looks like. Hopefully this can help to figure what is wrong.
Marek
>
> I'm sure that I'm doing something wrong, some ideas?
>
More information about the keycloak-user
mailing list