[keycloak-user] feature request: ldap protocol as authentication frontend
Herrmann Hinz
tobias.hinz at gmail.com
Wed Oct 11 14:06:47 EDT 2017
okay thank you. what a pitty.
like i said: feature-request ;D
--------------------------------
Tobias Herrmann Hinz
mobil: 01522 1940 885
--------------------------------
On 11 October 2017 at 14:59, Marek Posolda <mposolda at redhat.com> wrote:
> No, Keycloak itself doesn't talking with the applications through the LDAP
> protocol.
>
> I suggest to take a look at ApacheDS for this. It is written in Java and
> allows you to plug the "source" of identities like users etc. Maybe there
> is a way to connect it somehow to Keycloak DB and take users from there,
> but it will be lots of coding needed though. We are using ApacheDS in our
> testsuite, you can take a look for inspiration:
> https://github.com/keycloak/keycloak/blob/master/misc/
> Testsuite.md#ldap-server
>
> Marek
>
>
>
> On 11/10/17 14:49, Herrmann Hinz wrote:
>
> hallo marek,
>
> im talking about ldap as authentication protocol.
> atm available auth protocols are SAMl and OpenID (this one is used to
> authenticate against a docker registry as well afaik).
>
> my usecase is:
>
> - we have an internal ldap/ad server in the company
> - we want to be independent at a later stage of this
> - until then we want to setup keycloak as "man in the middle" (ldap proxy
> so to say)
> - we would like to enrich the user database on our keycloak with own
> technical users for ci/cd components like jenkins, nexus, u name it...
> - we would like to use keycloaks SSO posibilities
> - now: some cicd backends do not support SAML or OpenID - what if we could
> talk to keycloak via LDAP authentication protocol instead of using the one
> company AD (which does not know yet about the technical users)
>
>
> do you get my point?
>
> thanks,
>
> tobias
>
> --------------------------------
> Tobias Herrmann Hinz
> mobil: 01522 1940 885 <01522%201940885>
> --------------------------------
>
>
> On 11 October 2017 at 14:41, Marek Posolda <mposolda at redhat.com> wrote:
>
>> We have support for LDAP. It's documented here [1] . Keycloak is able to
>> lookup users from the LDAP and login users with their LDAP
>> username/passwords + bunch of other things (Attribute mappings, role/group
>> mappings, writable or read-only etc).
>>
>> Or did I misunderstood what usecase exactly you mean?
>>
>> [1] http://www.keycloak.org/docs/latest/server_admin/topics/user
>> -federation/ldap.html
>>
>> Marek
>>
>>
>> On 11/10/17 00:12, Herrmann Hinz wrote:
>>
>>> hello all,
>>>
>>> afaik at the moment its not possible to authenticate against an keycloak
>>> installation via ldap/s protocol. is this correct?
>>>
>>> if so: any plans on integrating it? is there any work done already?
>>>
>>> would be very helpful to have this integrated into keycloak. would it
>>> even
>>> complete more.
>>>
>>> thanks for your answers in ahead,
>>>
>>> tobias
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>
>
More information about the keycloak-user
mailing list