[keycloak-user] Creating new user throws error when using AWS Simple AD
Robin Kearney
robin at kearney.co.uk
Tue Oct 23 07:01:13 EDT 2018
Hi, I'm just bumping this again because I still have the problem, does
anybody know what might be wrong here?
r.
On Wed, Oct 17, 2018 at 10:06 PM Robin Kearney <robin at kearney.co.uk> wrote:
>
> Hi,
>
> I've got Keycloak 4.5.0.Final setup to talk to an AWS instance of
> their Simple AD - which is Samba 4 behind the scenes. Connectivity and
> authentication works ok, as does the initial sync all users.
>
> However, when I create a new user through Keycloak, I get an error
> "Error! Could not create user" in the UI and the following logs:
>
> keycloak_1 | 20:45:52,571 WARN
> [org.keycloak.services.resources.admin.UsersResource] (default
> task-17) Could not create user: org.keycloak.models.ModelException:
> Could not modify attribute for DN
> [cn=example12,CN=Users,DC=ad,DC=example,DC=com]
>
> keycloak_1 | Caused by: javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 00002030: No such Base DN:
> cn=example12,CN=Users,DC=ad,DC=example,DC=com]; remaining name
> 'cn=example12,CN=Users,DC=ad,DC=example,DC=com'
>
> The full stack trace is here
>
> https://gist.githubusercontent.com/rk295/a8ada3cd79212e73d2e55215e4d53e34/raw/37aac21a5c7dd3d3423aa9ae2456068c2c1170ec/keycloak-error.log
>
> What is interesting is the user is created successfully in LDAP.
>
> ldif https://gist.githubusercontent.com/rk295/0bde9a03f057dea09ea08f7f0050785e/raw/7dc63b208d95dc2160ed8cdbed87d55e52fb4b53/key-example.ldiff
>
> However in this ldif, is the following fields show "IA==" rather than
> the value I entered (example12 in both cases)
>
> sn:: IA==
> givenName:: IA==
>
> I have both the firstname and lastname mappers setup to map the
> following fields:
>
> usermodel attribute firstName -> ldap givenName
> usermodel attribute lastName -> ldap sn
>
> Both setup with RO false, always read from LDAP true, is mandatory
> true, is binary false.
>
> If I hit the button to resync changed (or all) users, the user shows
> in the Keycloak admin, but the fields above missing.
>
> Hope somebody can help!
>
> r.
More information about the keycloak-user
mailing list