[keycloak-user] How to retrieve Organiational Unit from LDAP?
Celso Agra
celso.agra at gmail.com
Thu Mar 30 20:31:21 EDT 2017
Thanks Marek! For now, I'm using the (a) option!
But I think would be possible to implement an LDAP Mapper in the future.
just to get the "ou" info.
I'll take a look in the code and try to add a new Mapper Type.
Thanks again! This is a really great tool!
2017-03-30 16:33 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
> There is no built-in support for this. However you can achieve it by doing
> any of:
>
> a) Map the LDAP_ENTRY_DN as attribute in your token and then have some
> logic in your application (or whenever it is needed) that will just parse
> name of the OU from the full DN.
> b) Create the custom LDAP mapper, which will do the above. Then it will be
> available in user attributes
> c) Create protocol mapper, which will do the above. User attribute will
> still contain just LDAP_ENTRY_DN, but you will have claim in the token with
> the value of your OU.
>
> I would personally go with (a) and handle it in your app if possible.
> That's the easiest path IMO.
>
> Marek
>
>
> On 30/03/17 20:20, Celso Agra wrote:
>
>> Hi all,
>>
>> I'd like to retrieve the organizational unit (ou) from LDAP Mapper and set
>> this in the User Attributes.
>>
>> When I get a user from LDAP, it set an attribute called LDAP_ENTRY_DN,
>> with
>> value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
>>
>> So, I'd like to retrieve just the ou info "group", and set this to the
>> user
>> attribute.
>> Would be possible to do that? Is there some mapper type just to retrieve
>> this information?
>>
>> Best Regards,
>>
>>
>
--
---
*Celso Agra*
More information about the keycloak-user
mailing list