10:02 a.m.
Hi,
sorry for late response.
On 30. 08. 19 16:33, Sven-Torben Janus wrote:
Hey all!
one of my customers wants to implement user federation with eDirectory as LDAP server in
place. Everything works fine as long as "Import users" is deactivated.
When activating the import, users can no longer be imported. The import fails with the
exception shown in https://issues.jboss.org/browse/KEYCLOAK-10942 when "UUID LDAP
attribute" is set to "guid".
The exception seems to come from incorrect parsing of the guid attribute in LDAP. The
guid attribute in eDirectory is binary, but is not parsed as such.
I have prepared a PR https://github.com/keycloak/keycloak/pull/6251 to fix this.
Thanks for the PR. Added comment to your PR, but hopefully we can have
it in.
However, I am unsure about the current state of support for eDirectory. I have seen these
PRs and tickets which indicate eDirectory is supported:
* https://github.com/keycloak/keycloak/pull/1154
* https://lists.jboss.org/pipermail/keycloak-user/2015-April/002023.html
I can also choose "Novell eDirectory" from the Vendor list, so I assume it is
supported.
In contrast I see tickets like this one, where it states that it isn't supported.
* https://issues.jboss.org/browse/KEYCLOAK-3099 (btw: that seems to be the same
issue as described in KEYCLOAK-10942)
And there has been a discussion around a similar (the same?) issue, years ago:
https://lists.jboss.org/pipermail/keycloak-user/2016-November/008428.html
Can anyone please clarify on the current state of eDirectory support and whether my fix
has a chance be released?
Keycloak team doesn't test with Novell eDirectory and doesn't officially
support it. It was community contribution. As such, it is not maintained
by Keycloak team and supporting is community "best-effort" . I am even
thinking about removing that vendor from the list to make it more clear
that it is not officially supported. Thanks for fixing the eDirectory
and hope we can have your PR in when it is 100% sure it doesn't break
MSAD (which is far more important for Keycloak than novell eDirectory TBH).
Marek
Regards
Sven-Torben
--
Sven-Torben Janus
Senior Software Architect (Dipl.-Inf.), iSAQB® CPSA-A
Conciso GmbH | Westfalendamm 251 | 44141 Dortmund
E sven-torben.janus(a)conciso.de
W https://conciso.de
Rechtlicher Hinweis/Legal notice:
Sitz der Gesellschaft/Registered Office: Dortmund
Amtsgericht/Trade Register: Dortmund, HRB 28364
Geschäftsführer/Managing Directors: Sebastian Neus, Dr. Georg Pietrek, Jens Trompeter
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev