[keycloak-user] Linking pre-existing Keycloak user with LDAP user (without import)

Marek Posolda mposolda at redhat.com
Mon Apr 9 15:25:40 EDT 2018


This is not supported OOTB. You can do it manually. You may need to 
create your own REST endpoint implementation, which will somehow allow 
to link existing users to LDAP users. KC users linked to LDAP should 
have "Federation Link" and also some attributes (you can doublecheck 
them by looking at some LDAP user and his tab "Attributes" in Keycloak 
admin console).

Marek

Dne 5.4.2018 v 01:09 Mike Wakim napsal(a):
> Hello,
>
> I have a small question regarding a specific use case with user federation, that I am hoping someone can help with. I set up a small LDAP server using the example given in the Keycloak Git repo. I imported the LDAP realm into Keycloak and did the following:
>
> 1. Turn the "enabled" setting off in user federation (temporarily).
> 2. Turn the "import" setting off in user federation.
> 3. Turn the "sync registrations" setting off in user federation.
>
> My use case is the following:
>
> I would like to create a user (e.g. bwilson) manually in Keycloak, and I would like to assign to that user custom roles as needed. However, this user (e.g. bwilson), is a user that already exists in my LDAP server. If I enable user federation, and try to log in using this user, Keycloak by default will only check the Keycloak DB, and will not try to authenticate this username through user federation. Is there anyway for me to link the manually created "bwilson" user, with the "bwilson" user that already exists in LDAP? I'm mainly interested in linking the roles that appear in the Keycloak DB, I would like the user to log in using his LDAP credentials.
>
> I am aware that if I "import" users from LDAP into Keycloak, I can go to a user's settings, and add roles to that user as needed. However if I have a pre-existing user in the Keycloak DB, can I link this user to the user with the same username in LDAP (without importing)? Any assistance would be much appreciated!
>
> Thanks,
>
> Mike
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list