[keycloak-user] [keycloak-dev] How to add custom LDAP attribute mapper
Shiva Prasad Thagadur Prakash
shivaprasadtp8 at gmail.com
Wed Sep 4 07:06:57 EDT 2019
Hi Jan,
Thank you very much for the reply. Sorry, I think I didn't clearly state my
doubt.
I wanted to write my own mapper "custom-ldap-attribute-mapper" like
"user-ldap-attribute-mapper". How can I do this?
The problem I am facing is:
I am trying to find a way to populate the uidNumber when a user is created
in LDAP via Keycloak. I don’t want to use hardcoded-attribute-mapper as it
would put the same value to all the users. Is there is a way to populate
these values when a user is created at the Keycloak side?
For “posixAccount” in LDAP these are MUST be present attributes and LDAP
throws error if these values are not present when a user is created.
Eagerly waiting for your reply.
Thanks,
Shiva
On Wed, Sep 4, 2019 at 1:06 PM Jan Lieskovsky <jlieskov at redhat.com> wrote:
> Hey Shiva,
>
> On Wed, Sep 4, 2019 at 10:01 AM Shiva Prasad Thagadur Prakash <
> shivaprasadtp8 at gmail.com> wrote:
>
>> Hi Guys,
>> Any suggestions on this? Eagerly waiting for your reply.
>>
>> Thanks,
>> Shiva
>>
>> On Mon, Sep 2, 2019 at 12:15 PM Shiva Prasad Thagadur Prakash <
>> shivaprasadtp8 at gmail.com> wrote:
>>
>> > Hi Guys,
>> > I want to add a custom LDAP user attribute mapper to Keycloak. How can I
>> > do this?
>>
>
> You would do as usual:
>
> - Add new LDAP federation provider first (User Federation -> Add
> Provider, choose 'ldap' & setup / provide the necessary bits (Vendor,
> Connection URL, ..., click 'Save' once done), then click 'Mappers' tab,
> click 'Create', add some name to it & choose 'user-attribute-ldap-mapper',
> specify the name of the attribute, you want to be stored in Keycloak DB in
> the 'User Model Attribute' field, and specify the name of the attribute, as
> already exists in LDAP in the 'LDAP Attribute' field. Customize / set up
> the other options ('Read Only', 'Always Read Value from LDAP', ... as
> needed), then click 'Save'.
>
> Yet, it should be verified, if there already isn't an existing
> 'user-ldap-attribute-mapper', mapping the same attribute, but having
> different settings, so those two wouldn't conflict.
>
>
> >
>> > Actually I wanted to have an LDAP attribute mapper which would have some
>> > initial value hardcoded for an LDAP attribute but the attribute value
>> can
>> > be edited/changed later.
>>
>
> Initial name of the user attribute to map from LDAP to Keycloak would be
> initially hardcoded, but it might change later?
>
> If that's the case, once the name of the LDAP attribute changed, you would
> either:
>
> - Go to the admin console and perform User Federation ->
> previously_created_provider_name -> Mappers tab -> choose the custom user
> attribute mapper created before, change the respective field (LDAP
> attribute or even User Model attribute if needed), click 'Save' again)
> - Or this can be (AFAICT) performed also in a programmed way using the
> REST API (get the realm in question, get it's mappers, then update the
> mapper with the new 'User Model attribute' value). See the available REST
> API methods, if interested in pursuing this way.
>
> Though if you are searching for some "inotify" based functionality (IOW
> the mapper itself to realize the name of the attribute changed in LDAP, and
> to have some automated way how this would update itself based on the
> changed attribute name -- from the original name to the updated one), I am
> not aware of a way, on how this could be achieved. But maybe others can
> suggest an approach..
>
> HTH
>
>
>> >
>> > Thanks,
>> > Shiva
>> >
>>
>
> Regards, Jan
> --
> Jan iankko Lieskovsky
>
>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list