[keycloak-user] Unable to Store and Retrieve Group-Role relationship in LDAP
Marek Posolda
mposolda at redhat.com
Fri Mar 10 06:02:10 EST 2017
Yes, you're right. This is not available ATM. What is available is the
support for Keycloak group inheritance to be mapped for LDAP groups. But
mapping for:
- Groups-roles membership mappings
- Roles to composite roles membership mappings
is not available now.
Feel free to create JIRA. But not sure if we ever go into it...
Marek
On 10/03/17 11:31, abhishek raghav wrote:
> Hi
>
> I have a set of* Realm Roles* that is mapped to an certain *OU=Roles* in an
> *MSAD*. Similar is the case for a set of *Groups*.
>
> But when I *assign a group with a certain role, the assignment is visible
> in Keycloak. But the same is not reflected on the AD.*
> I mean, this mapping of role and group is *not stored in the "member" or
> "memberof" attributes of either the respective group or the role*.
>
> Please suggest is this functionality available using any mapper from
> Keycloak to AD? Or do we need to create our own Custom Mapper? If yes, how?
>
>
> *- Best Regards*
> Abhishek Raghav
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list