
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">Hi,<br>

      <br>

      The easiest to achieve this would be to create your own

      LDAPFederationMapper instead of subclassing

      LDAPFederationProviderFactory. <br>

      <br>

      I've actually already though about have it available in Keycloak

      by default. (In other words, having "hardcoded role mapper", which

      will put users synced from LDAP into some configured role) Feel

      free to create JIRA if you didn't yet figure it out and I can try

      to put it into 1.5 release.<br>

      <br>

      Other possibility is to use "Default role" feature, which Keycloak

      has by default, but this will put all newly created/registered

      users into this role (not just those synced from LDAP). So if you

      want just LDAP users to have the default role available, this

      won't work for you.<br>

      <br>

      Marek<br>

      <br>

      On 26/08/15 09:17, Kevin Hirschmann wrote:<br>

    </div>

    <blockquote

cite="mid:0C86A20DBF72724B8781471E2418911E258ADF@gimli.mittelerde.intern"

      type="cite">

      <meta http-equiv="Content-Type" content="text/html;

        charset=windows-1252">

      <meta name="Generator" content="Microsoft Word 14 (filtered

        medium)">

      <style><!--

/* Font Definitions */

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Consolas;

        panose-1:2 11 6 9 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.E-MailFormatvorlage17

        {mso-style-type:personal-compose;

        font-family:"Calibri","sans-serif";

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri","sans-serif";

        mso-fareast-language:EN-US;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:70.85pt 70.85pt 2.0cm 70.85pt;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

      <div class="WordSection1">

        <p class="MsoNormal">Hello,<o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <p class="MsoNormal"><span lang="EN-US">I am using the LDAP

            Federation Provider to sync users from an AD server and

            keycloak (unidirectional AD =&gt; keycload).<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">For every newly imported

            user I want to auto-add one keycloak role. What is the

            recommended way to implement this?<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">Should I write a second

            Provider/ ProviderFactory and do a second sync run ?<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">Subclassing </span><span

style="font-size:10.0pt;font-family:Consolas;color:black;background:silver;mso-highlight:silver"

            lang="EN-US">LDAPFederationProviderFactory</span><span

            style="font-size:10.0pt;font-family:Consolas;color:black"

            lang="EN-US"> doesn’t have the desired result, since the

            administration doesn’t show the ldap properties.<o:p></o:p></span></p>

        <p class="MsoNormal"><span

            style="font-size:10.0pt;font-family:Consolas;color:black"

            lang="EN-US">I can only assume, that there is some special

            treatment for the LDAPFederationProviderFactory (the buttons

            to check the connection indicate that).</span><span

            lang="EN-US"><o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">Kind regards<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE">Kevin

            Hirschmann<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE">HUEBINET

            Informationsmanagement GmbH &amp; Co. KG<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"> <o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE">----------------------------------------------------------------------------------------------------------------------------------------------------------------------<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"> <o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE">Der

            Nachrichtenaustausch mit HUEBINET Informationsmanagement

            GmbH &amp; Co. KG, Koblenz via E-Mail dient lediglich zu

            Informationszwecken. Rechtsgeschäftliche Erklärungen mit

            verbindlichem Inhalt können über dieses Medium nicht

            ausgetauscht werden, da die Manipulation von E-Mails durch

            Dritte nicht ausgeschlossen werden kann.<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;mso-fareast-language:DE"

            lang="EN-US">Email communication with HUEBINET

            Informationsmanagement GmbH &amp; Co. KG is only intended to

            provide information of a general kind, and shall not be used

            for any statement with binding contents in respect to legal

            relations. It is not totally possible to prevent a third

            party from manipulating emails and email contents.<o:p></o:p></span></p>

        <p class="MsoNormal"><span style="mso-fareast-language:DE"

            lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span style="mso-fareast-language:DE"

            lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

  </body>

</html>