<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 20.5.2015 22:00, Ayrton Araújo
wrote:<br>
</div>
<blockquote
cite="mid:CALqxV3d19wZU-UcOrGdjj+6JGc4aiG4HfVhzKn6sdMUzQwTB-A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><span
style="font-size:12.8000001907349px">I'm trying do add a new
user federation provider for integrate keycloak with a ldap
server.</span>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">The parameters:</div>
<span style="font-size:12.8000001907349px">Console display
name -> Active Directory</span>
<div style="font-size:12.8000001907349px">Priority -> 0</div>
<div style="font-size:12.8000001907349px">Edit Mode ->
READ_ONLY</div>
<div style="font-size:12.8000001907349px">Sync Registrations
-> OFF</div>
<div style="font-size:12.8000001907349px">Vendor -> Active
Directory</div>
<div style="font-size:12.8000001907349px">Username LDAP
attribute -> sAMAccountName</div>
<div style="font-size:12.8000001907349px">User Object Classes
-> person, organizationPerson, user</div>
<div style="font-size:12.8000001907349px">Connection URL ->
<a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://dom.example.com:389/" target="_blank">dom.example.com:389</a></div>
<div style="font-size:12.8000001907349px">Base DN ->
DC=dom,DC=example,DC=com</div>
<div style="font-size:12.8000001907349px">User DN Suffix ->
CN=Users</div>
<div style="font-size:12.8000001907349px">Bind DN
-> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com</div>
<span style="font-size:12.8000001907349px">Bind Credential
-> ********</span>
<div style="font-size:12.8000001907349px">Connection pooling
-> ON</div>
<div style="font-size:12.8000001907349px">Pagination -> ON</div>
<div style="font-size:12.8000001907349px">Enable Account After
Password Update -> OFF</div>
<div style="font-size:12.8000001907349px">Batch Size -> 100</div>
<div style="font-size:12.8000001907349px">Periodic Full Sync
-> OFF</div>
<div style="font-size:12.8000001907349px">Periodic changed
users sync -> ON</div>
<div style="font-size:12.8000001907349px">Changed users sync
period -> 86400</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">I tried change User
DN Suffix to only Users, but it not works. The log always
saying:</div>
<div style="font-size:12.8000001907349px">LDAP: error code 1 -
000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR)</div>
<div style="font-size:12.8000001907349px">And it says this
when it tries to parse the User DN Suffix.</div>
</div>
</div>
</blockquote>
Currently "User DN Suffix" is supposed to contain whole DN. So in
your case it should be probably something like:
CN=Users,DC=dom,DC=example,DC=com<br>
<br>
I agree that name of the parameter "User DN Suffix" is misleading.
It will be improved in next version ( 1.3.0.Beta1 ) and also it will
be possible to configure more User DNs to search for users.<br>
<br>
Marek<br>
<blockquote
cite="mid:CALqxV3d19wZU-UcOrGdjj+6JGc4aiG4HfVhzKn6sdMUzQwTB-A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">Theres something
wrong with my conf?</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>