[keycloak-user] [Keycloak][Ldap Federation][Custom User LDAP Filter]

Salvatore Incandela salvatore.incandela at redhat.com
Wed Feb 8 04:41:23 EST 2017 

This is what is see from log files:
*2017-02-08 10:36:41,667 TRACE
[org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore] (default
task-44) Found ldap object and populated with the attributes. LDAP Object:
LDAP Object [ dn: uid=example,ou=People,dc=example,dc=it , uuid: example,
attributes: {uid=[example], userPassword=[[B at 6ba1b2f0],
mail=[example at example.it <example at example.it>], givenName=[example],
sn=[example], title=[disabled], modifyTimestamp=[20170207194557Z],
createTimestamp=[20170207114007Z]}, readOnly attribute names: [givenname,
sn, userpassword, mail, uid, modifytimestamp, title, createtimestamp] ]*

Why in the case of UUID search the Custom User LDAP Filter is ignored?

On Wed, Feb 8, 2017 at 9:03 AM, Marek Posolda <mposolda at redhat.com> wrote:

> On 07/02/17 16:12, Salvatore Incandela wrote:
>
>> Hi Guys, I'm configuring keycloak 7.0 with Ldap Federation, I put a custom
>> query in the *Custom User LDAP Filter* parameter ("(title=enabled)"), but
>> this seems to be ignored.
>> Looking on the LDAPIdentityStore.fetchQueryResults method. It seems that
>> once an EqualsCondition was found this one is considered and the others
>> ignored.
>>
>> *if (condition instanceof EqualCondition) {*
>> .
>> .
>> return results;
>> }
>>
> Nope, if you look at the code more deeply, you can find that this one is
> used just for the special case when you query by UUID.
>
> Maybe it can help to enable TRACE logging for the class
> org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore in your
> standalone.xml . With this enabled, you should be able to see some
> additional logging messages in server.log like:
>
> TRACE Using filter for LDAP search: ...
>
> you can see in which DN you're searching and how exactly your LDAP filter
> looks like. Hopefully this can help to figure what is wrong.
>
> Marek
>
>
>> I'm sure that I'm doing something wrong, some ideas?
>>
>>
>


-- 
Salvatore Incandela
Middleware Consultant
------------------------------
Red Hat - www.redhat.com
Via Andrea Doria 41M
00192 Roma (Italy)
Mobile +39 349 6196615
Fax +39 06 39728535
E-mail salvatore.incandela at redhat.com

More information about the keycloak-user mailing list