[keycloak-user] user storage ldap or keycloak
Istvan Orban
istvan.orban at gmail.com
Fri Jan 27 02:48:48 EST 2017
Thanks for this. I am glad to hear it. it can be our central user store.
I am wondering about one single question. Suppose down the line we want to
upgrade to LDAP sometime in the future. Of course we can export the user
data but the passwords are hashed.
Will be able to import users into an LDAP store without having to reset
every single user's password ?
Thanks a lot!
------------------------------
>
> Message: 4
> Date: Thu, 26 Jan 2017 14:14:36 -0500
> From: Bill Burke <bburke at redhat.com>
> Subject: Re: [keycloak-user] user storage ldap or keycloak
> To: keycloak-user at lists.jboss.org
> Message-ID: <1424da64-3570-39ba-8200-1e3fb95716f9 at redhat.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
> Keycloak can handle responsibilities of a main user store and I would
> recommend you do that. The few customers that I've seen take your
> approach struggled a bit with tuning LDAP to get it to perform well.
> With Keycloak only store, there's just one less moving part you have to
> worry about, tune, and debug.
>
> The disadvantage is that you'll have to migrate from Keycloak DB to LDAP
> or something if you ever want to ditch Keycloak.
>
> Another option: using the User Storage SPI you do have the option to
> retain your legacy user store.
>
>
> On 1/26/17 2:00 PM, Istvan Orban wrote:
> > Dear Keycloak users.
> >
> > I am very new to keycloak and I really like it. it is great.
> >
> > I am currently migrating a legacy app ( using it's own user management
> ) to
> > support SSO.
> >
> > I have set-up keycloak with openid connect and it works very well. At
> this
> > point we need to decide
> > if we will use keycloak as our main user store or we will set-up an LDAP
> .
> >
> > My question is that. Is keycloak designed in a way that it can fullfil
> all
> > the responsibilities of the main user store?
> >
> > Any risk with this at all?
> >
> > ps: our userbase is small and at this point I am not sure if we want to
> add
> > ldap just for this.
> >
> >
> >
>
--
Kind Regards,
*----------------------------------------------------------------------------------------------------------------*
*Istvan Orban* *I *Skype: istvan_o *I *Mobile: +44 (0) 7956 122 144 *I *
More information about the keycloak-user
mailing list