<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 13/05/16 16:58, Jason Axley wrote:<br>
</div>
<blockquote
cite="mid:F8C491CD-4078-4EF9-A6B6-2FC6B86B2E2E@expedia.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:Calibri;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Just
configured two different realms pointing to the same LDAP
directory. Logged into master via LDAP the first time. The
second time, logged into another realm with the same user
and got an error “Email already exists.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Shouldn’t
the realms be independent of one another? It seems like
there is a universal namespace for users that crosses
realms. Is that intended? What is the “Keycloak way” to
handle this situation if it’s by design?</span></p>
</div>
</blockquote>
yes, realms should be independent on each other. And AFAIK they are.
I've just tried the scenario you described and wasn't able to
reproduce with steps you provided. I have user "john" successfully
imported from same LDAP in both "realm-a" and "realm-b".<br>
<br>
The fact that you had "Email already exists" in "realm-b" is maybe
not related to the fact that you previously logged to "realm-a". You
can try to see admin console and list of users in "realm-b" and
doublecheck if there is really not a already existing user with the
conflicting email. <br>
<br>
Marek<br>
<blockquote
cite="mid:F8C491CD-4078-4EF9-A6B6-2FC6B86B2E2E@expedia.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;color:black">-Jason<o:p></o:p></span></p>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>