[keycloak-user] feature request: ldap protocol as authentication frontend

Marek Posolda mposolda at redhat.com
Wed Oct 11 08:59:56 EDT 2017 

No, Keycloak itself doesn't talking with the applications through the 
LDAP protocol.

I suggest to take a look at ApacheDS for this. It is written in Java and 
allows you to plug the "source" of identities like users etc. Maybe 
there is a way to connect it somehow to Keycloak DB and take users from 
there, but it will be lots of coding needed though. We are using 
ApacheDS in our testsuite, you can take a look for inspiration: 
https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#ldap-server

Marek


On 11/10/17 14:49, Herrmann Hinz wrote:
> hallo marek,
>
> im talking about ldap as authentication protocol.
> atm available auth protocols are SAMl and OpenID (this one is used to 
> authenticate against a docker registry as well afaik).
>
> my usecase is:
>
> - we have an internal ldap/ad server in the company
> - we want to be independent at a later stage of this
> - until then we want to setup keycloak as "man in the middle" (ldap 
> proxy so to say)
> - we would like to enrich the user database on our keycloak with own 
> technical users for ci/cd components like jenkins, nexus, u name it...
> - we would like to use keycloaks SSO posibilities
> - now: some cicd backends do not support SAML or OpenID - what if we 
> could talk to keycloak via LDAP authentication protocol instead of 
> using the one company AD (which does not know yet about the technical 
> users)
>
>
> do you get my point?
>
> thanks,
>
> tobias
>
> --------------------------------
> Tobias Herrmann Hinz
> mobil: 01522 1940 885
> --------------------------------
>
>
> On 11 October 2017 at 14:41, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     We have support for LDAP. It's documented here [1] . Keycloak is
>     able to lookup users from the LDAP and login users with their LDAP
>     username/passwords + bunch of other things (Attribute mappings,
>     role/group mappings, writable or read-only etc).
>
>     Or did I misunderstood what usecase exactly you mean?
>
>     [1]
>     http://www.keycloak.org/docs/latest/server_admin/topics/user-federation/ldap.html
>     <http://www.keycloak.org/docs/latest/server_admin/topics/user-federation/ldap.html>
>
>     Marek
>
>
>     On 11/10/17 00:12, Herrmann Hinz wrote:
>
>         hello all,
>
>         afaik at the moment its not possible to authenticate against
>         an keycloak
>         installation via ldap/s protocol. is this correct?
>
>         if so: any plans on integrating it?  is there any work done
>         already?
>
>         would be very helpful to have this integrated into keycloak.
>         would it even
>         complete more.
>
>         thanks for your answers in ahead,
>
>         tobias
>         _______________________________________________
>         keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>

More information about the keycloak-user mailing list