[keycloak-user] Linking pre-existing Keycloak user with LDAP user (without import)

[Mike Wakim]

Hello,

I have a small question regarding a specific use case with user federation, that I am hoping someone can help with. I set up a small LDAP server using the example given in the Keycloak Git repo. I imported the LDAP realm into Keycloak and did the following:

1. Turn the "enabled" setting off in user federation (temporarily).
2. Turn the "import" setting off in user federation.
3. Turn the "sync registrations" setting off in user federation.

My use case is the following:

I would like to create a user (e.g. bwilson) manually in Keycloak, and I would like to assign to that user custom roles as needed. However, this user (e.g. bwilson), is a user that already exists in my LDAP server. If I enable user federation, and try to log in using this user, Keycloak by default will only check the Keycloak DB, and will not try to authenticate this username through user federation. Is there anyway for me to link the manually created "bwilson" user, with the "bwilson" user that already exists in LDAP? I'm mainly interested in linking the roles that appear in the Keycloak DB, I would like the user to log in using his LDAP credentials.

I am aware that if I "import" users from LDAP into Keycloak, I can go to a user's settings, and add roles to that user as needed. However if I have a pre-existing user in the Keycloak DB, can I link this user to the user with the same username in LDAP (without importing)? Any assistance would be much appreciated!

Thanks,

Mike