[keycloak-user] Handling disabled users from LDAP
Michael Ströder
michael at stroeder.com
Wed Apr 11 03:47:21 EDT 2018
Dockendorf, Trey wrote:
> With either approach it sounds like what your describing is getting
> the loginDisabled attribute into Keycloak. Once that attribute is
> stored, how would I go about telling Keycloak to disallow access
> based on the attribute's value?
With OpenLDAP's ACLs you should grant auth access to 'userPassword' for
anonymous based on value of your custom loginDisabled attribute. With
such an ACL keycloak does not have to know about that attribute at all.
And all LDAP-enabled applications will behave the same without
reconfiguration.
OpenLDAP details are off-topic here.
You could ask for ACL details on the openldap-technical mailing list.
Ciao, Michael.
More information about the keycloak-user
mailing list