[keycloak-user] Users (related to LDAP) are gone when I change the username

Tue Oct 10 18:14:24 EDT 2017

I configured "mail" as "Username LDAP Attribute" and "uid" as "RDN LDAP
Attribute" and set some configs on LDAP Mapper.
but I got an error:

Could not create user: org.keycloak.models.ModelException: RDN Attribute
[uid] is not filled. Filled attributes: {mail=[], cn=[ ], sn=[ ],
createTimestamp=[], modifyTimestamp=[]}

maybe, change username could be a bad practice. Could be better if I set a
special number on username, such as timestamp. This could solve my issue

Thanks Marek

2017-10-10 9:08 GMT-03:00 Marek Posolda <mposolda at redhat.com>:

> Thanks.
>
> I see it probably doesn't work as you have email as username and "uid" is
> used as both username attribute and RDN attribute. When you're changing
> email of user in Keycloak, it is trying to change "uid" in LDAP, but that's
> not allowed.
>
> I can imagine that things might work if you configure "mail" as "Username
> LDAP Attribute" and "uid" as "RDN LDAP Attribute", but you probably need to
> do some tricks with mappers and maybe implement your own LDAP mapper. If
> you don't manage to have this working, feel free to create JIRA.
>
> Marek
>
>
>
> On 09/10/17 18:54, Celso Agra wrote:
>
> Thanks for your answer, Marek!
>
> Here is some of my configs. In addition, I put the same values to username
> and e-mail.
>
> Here is my User Representation:
>
>> UserRepresentation user = new UserRepresentation();
>> user.setUsername(email);
>> user.setFirstName(firstName;
>> user.setLastName(lastName);
>> user.setEnabled(true);
>> user.setEmail(email);
>
>
> Best regards,
>
> Celso Agra
>
>
> 2017-10-09 10:37 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>
>> We didn't try to test this use-case though. But it may work as long as
>> things are configured correctly. Maybe I would re-create the LDAP provider
>> with the "Username LDAP attribute" be set to "mail", but the "RDN LDAP
>> Attribute" to "uid" . Is this the configuration you're using?
>>
>> If things still doesn't work, you can possibly create JIRA . Ideally with
>> the details of the configuration of your LDAP provider, realm (whether
>> 'username as email' is enabled etc) and how LDAP users looks like and how
>> you expect them to look like after.
>>
>> Regards,
>> Marek
>>
>>
>> On 04/10/17 15:45, Celso Agra wrote:
>>
>>> Hi all,
>>>
>>> I'm getting a strange behavior.
>>>
>>> My LDAP (openldap) is configured as writable in my User Federation. So, I
>>> can create user from my Keycloak, but when I change the username, the
>>> user
>>> disappear from my user's list.
>>>
>>> I check the LDAP and the user still there, with the 'old' username. So,
>>> is
>>> there some way to change the username without disappear from the keycloak
>>> user's list?
>>>
>>> This occurs because in my case, username as the same of email. So, If the
>>> user changes email, I have to change the username also.
>>>
>>> I'm using version 3.0.0.Final
>>>
>>>
>>> Best regards
>>>
>>
>>
>>
>
>
> --
> ---
> *Celso Agra*
>
>
>

-- 
---
*Celso Agra*