[keycloak-user] Multiple LDAP Providers
Dmitry Repchevsky
redmitry at list.ru
Fri Jul 21 11:06:18 EDT 2017
Hello Marek,
Thank you for the prompt answer.
My current idea is to make first LDAP expect a "social" attribute which
I hardcode for "google" provider.
Other users (registered via cli or rest) will fail on it and move to the
second LDAP which is for the local users.
Dmitry
On 7/21/2017 4:42 PM, Marek Posolda wrote:
> On 21/07/17 13:48, Dmitry Repchevsky wrote:
>> Hello,
>>
>> Is there any way to define different user profiles to be stored in LDAP?
>> I would like to distinguish between local users and users that come from
>> Google.
>> The user groups should be different (with different attributes). For
>> instance local users have "homeDirectory" and "google" ones are treated
>> as "guests".
>>
>> If I define two LDAP "WRITABLE" providers the attempt to write the new
>> user to LDAP is done by priority order, right?
> Yes, right. It all depends on priority right now.
>
> We have opened JIRA for the case when you want to add social users
> locally or to specified user Storage provider (not the default one
> with biggest priority). It's not yet available OOTB. However you can
> achieve something if you define firstBrokerLogin flow and replace
> IdpCreateUserIfUniqueAuthenticator with something else, which will
> register user either locally or to different LDAP provider that the
> one with biggest priority. But you would need to code that.
>
> Marek
>> I mean if I define a mandatory "homeDirectory" attribute and "google"
>> user has no this attribute, the user is stored in the second provider?
>>
>> Thank you in advance,
>>
>> Dmitry
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
More information about the keycloak-user
mailing list