[keycloak-user] Keycloak LDAP User Validation

[Marek Posolda]

Just to understand, did you already combined both things together? I 
mean the scenario like:
1) You setup LDAP with import on
2) Then you login some LDAP user "joe" and imported him
3) Then you switched import off
4) Then login again as the LDAP user "joe" and saw the error?

If yes, I suspect this won't work.

I think you need to decide from the beginning if you want import or not. 
If you don't want import, it will likely good to start from clean DB, so 
the scenario will be like:
1) You setup LDAP with import off
2) You login as "joe" and it will work.

Marek

On 01/09/17 15:23, felix.straub at kaufland.com wrote:
>
> Hello together,
>
> I have to following issue:
>
> I added LDAP/AD User federation to my keycloak server version 3.2.0.Final.
> So far so good everything is working I can import all the users and then
> can validate the users against the LDAP.
>
> But the target is that no user gets imported to keycloak. Thats working,
> too. Just switched off the import button.
> If I try to login now with my LDAP-credentials an error comes up. The error
> on the keycloak login page says: "Unexpected error when handling
> authentication request to identity provider".
> In the keycloak log it throws a "ReadOnlyException".
> But if I look into the sessions there is an active session with the user I
> tried to login.
>
> Did I miss any settings that keycloak can authenticate the user against
> LDAP/AD without importing all the users?
>
> Thank you for your help.
>
> Mit freundlichen Grüßen
> Felix Straub
>
>
> +49 7132 94 920297
>
> Kaufland Informationssysteme GmbH & Co. KG
> Postfach 12 53 - 74172 Neckarsulm
> Kommanditgesellschaft
> Sitz: Neckarsulm
> Registergericht: Stuttgart HRA 104163
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user