btv. Found a typo when test ldap searching. Not sure if it's ok to commit at this stage, so just send PR for that https://github.com/keycloak/keycloak/pull/590 .* The semantics of "searchForUser" is a bit different for FederationProviders and our model implementations. For example, if you have user "John Doe" and you search for "ohn Do" in admin console, then both JPA and Mongo local providers will return you "John Doe" as they add % at the beginning/end. However federation providers are looking exactly for FirstName: "ohn" , LastName: "Do", so if "John Doe" exists in LDAP, he won't be returned.Can we do anything about that? Does LDAP have a "like"?yes, LDAP has * . Workaround, which works for me is to put directly search string like: *ohn Do* into admin console, but this is not pretty and is LDAP specific though.