<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">You are right – I found a dummy test account that had the same email address on it. My bad ;-)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">And it’s still an open issue to support non-unique email addresses on accounts I see:
<a href="https://issues.jboss.org/browse/KEYCLOAK-2141">https://issues.jboss.org/browse/KEYCLOAK-2141</a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
-Jason<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">Marek Posolda <mposolda@redhat.com><br>
<b>Date: </b>Sunday, May 15, 2016 at 11:33 PM<br>
<b>To: </b>Jason Axley <jaxley@expedia.com>, "keycloak-user@lists.jboss.org" <keycloak-user@lists.jboss.org><br>
<b>Subject: </b>Re: [keycloak-user] Two realms; one LDAP; one namespace?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">On 13/05/16 16:58, Jason Axley wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Just configured two different realms pointing to the same LDAP directory. Logged into master via LDAP the first time. The second time, logged into another realm with the same user and got an error “Email
already exists.”</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Shouldn’t the realms be independent of one another? It seems like there is a universal namespace for users that crosses realms. Is that intended? What is the “Keycloak way” to handle this situation if it’s
by design?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-family:"Times New Roman"">yes, realms should be independent on each other. And AFAIK they are. I've just tried the scenario you described and wasn't able to reproduce with steps you provided. I have user "john" successfully
imported from same LDAP in both "realm-a" and "realm-b".<br>
<br>
The fact that you had "Email already exists" in "realm-b" is maybe not related to the fact that you previously logged to "realm-a". You can try to see admin console and list of users in "realm-b" and doublecheck if there is really not a already existing user
with the conflicting email. <br>
<br>
Marek<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;color:black">-Jason</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>keycloak-user mailing list<o:p></o:p></pre>
<pre><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre>
<pre><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
</div>
</div>
</body>
</html>