[keycloak-user] Assign Roles to an LDAP user in Read only mode
Harish Tammireddygari
harish.tammireddygari at broadcom.com
Mon Sep 9 11:50:42 EDT 2019
Hi,
I am aware that if "Import users" is enabled, the users will be
automatically imported from LDAP into Keycloak and I can go to a user's
settings, and add roles to that user as needed. But in my case, I don't
want the users to be imported automatically and get access to the
application. I would like to restrict the access to a few LDAP users by
manually adding/importing LDAP users and assign roles to them.
I managed to create my own Rest endpoint to import the selected LDAP user
into Keycloak DB as a local user by adding the Federation link and required
LDAP attributes to the user. It is working fine. But the problem comes when
I assign a client level role to this imported user. It throws "Read-only
Mode" exception because "Import Users" is set to OFF in LDAP configuration.
I tried the below code to grant the roles to the user which works only
after the service. Is there a better way to assign the roles to an LDAP
user?
UserModel user = keycloakSession.userLocalStorage().getUserById(userId,
realm);
RoleModel roleModel = client.getRole(role.getName());
user.grantRole(roleModel);
Thanks.
More information about the keycloak-user
mailing list