[keycloak-user] Multiple LDAP Providers
Marek Posolda
mposolda at redhat.com
Fri Jul 21 10:42:47 EDT 2017
On 21/07/17 13:48, Dmitry Repchevsky wrote:
> Hello,
>
> Is there any way to define different user profiles to be stored in LDAP?
> I would like to distinguish between local users and users that come from
> Google.
> The user groups should be different (with different attributes). For
> instance local users have "homeDirectory" and "google" ones are treated
> as "guests".
>
> If I define two LDAP "WRITABLE" providers the attempt to write the new
> user to LDAP is done by priority order, right?
Yes, right. It all depends on priority right now.
We have opened JIRA for the case when you want to add social users
locally or to specified user Storage provider (not the default one with
biggest priority). It's not yet available OOTB. However you can achieve
something if you define firstBrokerLogin flow and replace
IdpCreateUserIfUniqueAuthenticator with something else, which will
register user either locally or to different LDAP provider that the one
with biggest priority. But you would need to code that.
Marek
> I mean if I define a mandatory "homeDirectory" attribute and "google"
> user has no this attribute, the user is stored in the second provider?
>
> Thank you in advance,
>
> Dmitry
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list