Okay,<div><br></div><div>as your suggestion I changed to the complete DN, but now I get this:</div><div><br></div><div><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.D</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">efaultIdentityQuery@69d4fcb8].</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:236)</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:190)</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> ... 57 more</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: org.picketlink.idm.IdentityManagementException: Could not populate attribute type org.picketlink.idm.model.basic.User@8665a20.</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:815)</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:682)</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231)</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"> ... 58 more</span><br style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:'Roboto Slab','Times New Roman',serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: java.lang.NullPointerException</span></div><div><br><br>Em quinta-feira, 21 de maio de 2015, Marek Posolda <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>> escreveu:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 20.5.2015 22:00, Ayrton Araújo
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra"><span style="font-size:12.8000001907349px">I'm trying do add a new
user federation provider for integrate keycloak with a ldap
server.</span>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">The parameters:</div>
<span style="font-size:12.8000001907349px">Console display
name -> Active Directory</span>
<div style="font-size:12.8000001907349px">Priority -> 0</div>
<div style="font-size:12.8000001907349px">Edit Mode ->
READ_ONLY</div>
<div style="font-size:12.8000001907349px">Sync Registrations
-> OFF</div>
<div style="font-size:12.8000001907349px">Vendor -> Active
Directory</div>
<div style="font-size:12.8000001907349px">Username LDAP
attribute -> sAMAccountName</div>
<div style="font-size:12.8000001907349px">User Object Classes
-> person, organizationPerson, user</div>
<div style="font-size:12.8000001907349px">Connection URL ->
<a>ldap://</a><a href="http://dom.example.com:389/" target="_blank">dom.example.com:389</a></div>
<div style="font-size:12.8000001907349px">Base DN ->
DC=dom,DC=example,DC=com</div>
<div style="font-size:12.8000001907349px">User DN Suffix ->
CN=Users</div>
<div style="font-size:12.8000001907349px">Bind DN
-> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com</div>
<span style="font-size:12.8000001907349px">Bind Credential
-> ********</span>
<div style="font-size:12.8000001907349px">Connection pooling
-> ON</div>
<div style="font-size:12.8000001907349px">Pagination -> ON</div>
<div style="font-size:12.8000001907349px">Enable Account After
Password Update -> OFF</div>
<div style="font-size:12.8000001907349px">Batch Size -> 100</div>
<div style="font-size:12.8000001907349px">Periodic Full Sync
-> OFF</div>
<div style="font-size:12.8000001907349px">Periodic changed
users sync -> ON</div>
<div style="font-size:12.8000001907349px">Changed users sync
period -> 86400</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">I tried change User
DN Suffix to only Users, but it not works. The log always
saying:</div>
<div style="font-size:12.8000001907349px">LDAP: error code 1 -
000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR)</div>
<div style="font-size:12.8000001907349px">And it says this
when it tries to parse the User DN Suffix.</div>
</div>
</div>
</blockquote>
Currently "User DN Suffix" is supposed to contain whole DN. So in
your case it should be probably something like:
CN=Users,DC=dom,DC=example,DC=com<br>
<br>
I agree that name of the parameter "User DN Suffix" is misleading.
It will be improved in next version ( 1.3.0.Beta1 ) and also it will
be possible to configure more User DNs to search for users.<br>
<br>
Marek<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">Theres something
wrong with my conf?</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="javascript:_e(%7B%7D,'cvml','keycloak-user@lists.jboss.org');" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br><br>-- <br><div dir="ltr">Ayrton Araújo<br><div><font face="'trebuchet ms', sans-serif"><font size="1">"If you can tell the false from the true </font><span style="font-size:x-small">you are already a scientist."</span></font></div><div><br></div><div>--<br><div><a href="http://ayr-ton.net/" target="_blank">http://ayr-ton.net/</a></div></div></div><br>