9:11 a.m.
Thanks Marek!
Problem was solved! I was using a wrong filter. So this is ok.
So, my problem for now is related to password. So, my LDAP is configured
with MD5 hash algorithm. So, would be possible keycloak set hash password,
for that? And how the application set the password in the LDAP repo?
Here is my error below when I try to change the password:
Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]
2017-03-15 10:52:58,541 WARN [org.keycloak.events] (default task-14)
type=UPDATE_PASSWORD_ERROR, realmId=myRealm, clientId=teste-portal,
userId=b18dd5a7-3c60-4470-ab9c-ac0f00920b29, ipAddress=xxx.xxx.xxx.xx,
error=password_rejected, reason='Could not modify attribute for DN
[uid=xxxxxxx,dc=tt,dc=zz,dc=br]', auth_method=openid-connect,
custom_required_action=UPDATE_PASSWORD, response_type=code, redirect_uri=
http://127.0.0.1:8080/teste-portal/,
code_id=e5fd81e1-fde6-4b35-a08e-5fe5c982e416, username=xxxxxxx,
response_mode=query
Also, my LDAP doesn't have 'userPassword' attribute, and this not being set
by Keycloak. How set this attibute using keycloak register?
Thanks!
2017-03-14 16:47 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
On 14/03/17 18:50, Celso Agra wrote:
Hi all,
I saw an example about LDAP and Keycloak integration here
<https://github.com/keycloak/keycloak/tree/master/examples/ldap>;.
So, it is running with ApacheDS LDAP server. I was thinking, would be
possible run this integration with *slapd* tool? Also, I'm using schema
instead of ldif structure. It could be a problem?
This example is just a "quickstart" to quickly show LDAP in action. It
uses ApacheDS just because it's Java based LDAP, which easily runs
everywhere just by executing "mvn exec:java" without additional steps
needed and without a need to install something at OS level etc.
I never tried this example with slapd. I think the most things will work,
but devil is in details, so not sure at 100%.
Marek
Thanks!
2017-03-10 10:40 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
> I'm using slapd.
>
> Here is the object classes that I'm using: top, inetOrgPerson, person,
> organizationalPerson, phpgwAccount, shadowAccount
>
>
> 2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>
>> This looks like bad LDAP mapping for username and UUID. Which LDAP are
>> you using btv?
>>
>> Marek
>>
>>
>> On 09/03/17 16:03, Celso Agra wrote:
>>
>> Hi,
>>
>> I solved this error, just removing the MSAD account controls, but now
>> I'm getting a new error, when I finished my registration:
>> here is the log:
>>
>> 2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
>>> UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
>>> org.jboss.resteasy.spi.UnhandledException:
>>> java.lang.NullPointerException
>>> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationEx
>>> ception(ExceptionHandler.java:76)
>>> at org.jboss.resteasy.core.ExceptionHandler.handleException(Exc
>>> eptionHandler.java:212)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.writeException
>>> (SynchronousDispatcher.java:168)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:411)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:202)
>>> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDi
>>> spatcher.service(ServletContainerDispatcher.java:221)
>>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>> her.service(HttpServletDispatcher.java:56)
>>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>> her.service(HttpServletDispatcher.java:51)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(Se
>>> rvletHandler.java:85)
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>> oFilter(FilterHandler.java:129)
>>> at org.keycloak.services.filters.KeycloakSessionServletFilter.d
>>> oFilter(KeycloakSessionServletFilter.java:90)
>>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte
>>> r.java:60)
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>> oFilter(FilterHandler.java:131)
>>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(Fil
>>> terHandler.java:84)
>>> at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
>>> dler.handleRequest(ServletSecurityRoleHandler.java:62)
>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.handl
>>> eRequest(ServletDispatchingHandler.java:36)
>>> at org.wildfly.extension.undertow.security.SecurityContextAssoc
>>> iationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.servlet.handlers.security.SSLInformationAssociat
>>> ionHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>> at io.undertow.servlet.handlers.security.ServletAuthenticationC
>>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>> at io.undertow.servlet.handlers.security.ServletConfidentiality
>>> ConstraintHandler.handleRequest(ServletConfidentialityConstr
>>> aintHandler.java:64)
>>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> at io.undertow.security.handlers.NotificationReceiverHandler.ha
>>> ndleRequest(NotificationReceiverHandler.java:50)
>>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>>> Handler.java:43)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>>> ndler.handleRequest(JACCContextIdHandler.java:61)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>>> stRequest(ServletInitialHandler.java:284)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>>> equest(ServletInitialHandler.java:263)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>>> 0(ServletInitialHandler.java:81)
>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>>> equest(ServletInitialHandler.java:174)
>>> at io.undertow.server.Connectors.executeRootHandler(Connectors.
>>> java:202)
>>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>>> ge.java:793)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>> Executor.java:1142)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>> lExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.lang.NullPointerException
>>> at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
>>> at org.keycloak.services.resources.LoginActionsService.initEven
>>> t(LoginActionsService.java:815)
>>> at org.keycloak.services.resources.LoginActionsService.access$5
>>> 00(LoginActionsService.java:88)
>>> at org.keycloak.services.resources.LoginActionsService$Checks.v
>>> erifyRequiredAction(LoginActionsService.java:297)
>>> at org.keycloak.services.resources.LoginActionsService.processR
>>> equireAction(LoginActionsService.java:853)
>>> at org.keycloak.services.resources.LoginActionsService.required
>>> ActionGET(LoginActionsService.java:846)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInje
>>> ctorImpl.java:139)
>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>>> (ResourceMethodInvoker.java:295)
>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(Resourc
>>> eMethodInvoker.java:249)
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge
>>> tObject(ResourceLocatorInvoker.java:138)
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour
>>> ceLocatorInvoker.java:101)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:395)
>>> ... 37 more
>>
>>
>>
>>
>>
>> 2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
>>
>>> Got it!
>>>
>>> But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using
>>> the "Edit Mode" as WRITABLE, but I'm not setting this
attribute.
>>> Here is my attributes:
>>>
>>>> cn
>>>> MSAD account controls
>>>> cpf
>>>> creation date
>>>> email
>>>> first name
>>>> last name
>>>> modify date
>>>> phpgwAccountStatus
>>>> username
>>>
>>>
>>> Thanks!!
>>>
>>> Best Regards,
>>>
>>> Celso Agra
>>>
>>> 2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>>>
>>>> Hi,
>>>>
>>>> The error may indicate that you configured "pwdLastSet"
attribute
>>>> mapper in Keycloak to write into the LDAP, but it looks that writing
this
>>>> attribute is unsupported. Maybe switch this mapper to read-only will
help?
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 08/03/17 15:29, Celso Agra wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I'm trying to configure KC with LDAP, but some errors are
occurring.
>>>>> First, I configured my LDAP to write in the LDAP server, but for
some
>>>>> reasons I got this error when I try to register an user:
>>>>>
>>>>> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default
task-6)
>>>>>
>>>>>> KC-SERVICES0013: Failed authentication:
>>>>>> org.keycloak.models.ModelException:
>>>>>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,d
>>>>>> c=aa]
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:410)
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:104)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>>>>
>>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>>
>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>> edAction(
>>>>>> MSADUserAccountControlMapper.java:235)
>>>>>>
>>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>>
>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>> edAction(
>>>>>> MSADUserAccountControlMapper.java:220)
>>>>>>
>>>>> at org.keycloak.models.utils.User
>>>>> ModelDelegate.addRequiredAction(
>>>>>
>>>>>> UserModelDelegate.java:112)
>>>>>>
>>>>> at org.keycloak.authentication.forms.RegistrationPassword.
>>>>>
>>>>>> success(RegistrationPassword.java:101)
>>>>>>
>>>>> at org.keycloak.authentication.Fo
>>>>> rmAuthenticationFlow.processAction(
>>>>>
>>>>>> FormAuthenticationFlow.java:234)
>>>>>>
>>>>> at org.keycloak.authentication.DefaultAuthenticationFlow.
>>>>>
>>>>>> processAction(DefaultAuthenticationFlow.java:76)
>>>>>>
>>>>> at org.keycloak.authentication.AuthenticationProcessor.
>>>>>
>>>>>> authenticationAction(AuthenticationProcessor.java:759)
>>>>>>
>>>>> at org.keycloak.services.resource
>>>>> s.LoginActionsService.processFlow(
>>>>>
>>>>>> LoginActionsService.java:356)
>>>>>>
>>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>>
>>>>>> processRegistration(LoginActionsService.java:477)
>>>>>>
>>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>>
>>>>>> processRegister(LoginActionsService.java:535)
>>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>> Method)
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>>>
>>>>>> NativeMethodAccessorImpl.java:62)
>>>>>>
>>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>>>
>>>>>> DelegatingMethodAccessorImpl.java:43)
>>>>>>
>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>
>>>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>>>>
>>>>>> MethodInjectorImpl.java:139)
>>>>>>
>>>>> at org.jboss.resteasy.core.Resour
>>>>> ceMethodInvoker.invokeOnTarget(
>>>>>
>>>>>> ResourceMethodInvoker.java:295)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>>>>
>>>>>> ResourceMethodInvoker.java:249)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>>>>
>>>>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>>>>
>>>>>> ResourceLocatorInvoker.java:101)
>>>>>>
>>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>
>>>>>> SynchronousDispatcher.java:395)
>>>>>>
>>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>
>>>>>> SynchronousDispatcher.java:202)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> ServletContainerDispatcher.service(ServletContainerDispatche
>>>>>> r.java:221)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>>
>>>>> at javax.servlet.http.HttpServlet
>>>>> .service(HttpServlet.java:790)
>>>>>
>>>>> at io.undertow.servlet.handlers.S
>>>>> ervletHandler.handleRequest(
>>>>>
>>>>>> ServletHandler.java:85)
>>>>>>
>>>>> at io.undertow.servlet.handlers.F
>>>>> ilterHandler$FilterChainImpl.
>>>>>
>>>>>> doFilter(FilterHandler.java:129)
>>>>>>
>>>>> at org.keycloak.services.filters.
>>>>> KeycloakSessionServletFilter.
>>>>>
>>>>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>>>>
>>>>> at io.undertow.servlet.core.ManagedFilter.doFilter(
>>>>>
>>>>>> ManagedFilter.java:60)
>>>>>>
>>>>> at io.undertow.servlet.handlers.F
>>>>> ilterHandler$FilterChainImpl.
>>>>>
>>>>>> doFilter(FilterHandler.java:131)
>>>>>>
>>>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>>>>
>>>>>> FilterHandler.java:84)
>>>>>>
>>>>> at io.undertow.servlet.handlers.s
>>>>> ecurity.ServletSecurityRoleHandler.
>>>>>
>>>>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>>>>
>>>>>> handleRequest(ServletDispatchingHandler.java:36)
>>>>>>
>>>>> at org.wildfly.extension.undertow.security.
>>>>>
>>>>>> SecurityContextAssociationHandler.handleRequest(
>>>>>> SecurityContextAssociationHandler.java:78)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> SSLInformationAssociationHandler.handleRequest(
>>>>>> SSLInformationAssociationHandler.java:131)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> ServletAuthenticationCallHandler.handleRequest(
>>>>>> ServletAuthenticationCallHandler.java:57)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AbstractConfidentialityHandler
>>>>>
>>>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> ServletConfidentialityConstraintHandler.handleRequest(
>>>>>> ServletConfidentialityConstraintHandler.java:64)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AuthenticationMechanismsHandle
>>>>>
>>>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> CachedAuthenticatedSessionHandler.handleRequest(
>>>>>> CachedAuthenticatedSessionHandler.java:77)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> NotificationReceiverHandler.
>>>>>
>>>>>> handleRequest(NotificationReceiverHandler.java:50)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AbstractSecurityContextAssocia
>>>>>
>>>>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>>>>> tionHandler.java:43)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at org.wildfly.extension.undertow.security.jacc.
>>>>>
>>>>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>
>>>>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>
>>>>>> dispatchRequest(ServletInitialHandler.java:263)
>>>>>>
>>>>> at io.undertow.servlet.handlers.S
>>>>> ervletInitialHandler.access$
>>>>>
>>>>>> 000(ServletInitialHandler.java:81)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>>>>
>>>>>> handleRequest(ServletInitialHandler.java:174)
>>>>>>
>>>>> at io.undertow.server.Connectors.
>>>>> executeRootHandler(Connectors.
>>>>>
>>>>>> java:202)
>>>>>>
>>>>> at io.undertow.server.HttpServerExchange$1.run(
>>>>>
>>>>>> HttpServerExchange.java:793)
>>>>>>
>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>
>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>
>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>
>>>>>> ThreadPoolExecutor.java:617)
>>>>>>
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>
>>>>> Caused by: javax.naming.directory.Invalid
>>>>> AttributeIdentifierException:
>>>>>
>>>>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined];
>>>>>> remaining
>>>>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>>>>
>>>>> at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>>> essReturnCode(LdapCtx.java:3082)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>>> essReturnCode(LdapCtx.java:2888)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.c_mo
>>>>> difyAttributes(LdapCtx.java:1475)
>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.Compo
>>>>> nentDirContext.p_modifyAttributes(
>>>>>
>>>>>> ComponentDirContext.java:277)
>>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>
>>>>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>
>>>>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>>>>
>>>>> at javax.naming.directory.Initial
>>>>> DirContext.modifyAttributes(
>>>>>
>>>>>> InitialDirContext.java:167)
>>>>>>
>>>>> at javax.naming.directory.Initial
>>>>> DirContext.modifyAttributes(
>>>>>
>>>>>> InitialDirContext.java:167)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:402)
>>>>>>
>>>>> ... 59 more
>>>>>
>>>>> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>>>>>
>>>>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal,
>>>>>> userId=null,
>>>>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>>>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>>>>> http://127.0.0.1:
>>>>>> 8080/teste-portal/
>>>>>>
>>>>>
>>>>> and then, I got this result in my ldap:
>>>>>
>>>>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> givenName:: IA==
>>>>>
>>>>> uid: 11111111111
>>>>>
>>>>> objectClass: top
>>>>>
>>>>> objectClass: inetOrgPerson
>>>>>
>>>>> objectClass: person
>>>>>
>>>>> objectClass: organizationalPerson
>>>>>
>>>>> objectClass: phpgwAccount
>>>>>
>>>>> objectClass: shadowAccount
>>>>>
>>>>> sn:: IA==
>>>>>
>>>>> cn:: IA==
>>>>>
>>>>> structuralObjectClass: inetOrgPerson
>>>>>
>>>>> entryUUID: 07f0e7caxxxxxxxxxxx
>>>>>
>>>>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> createTimestamp: 20170308140529Z
>>>>>
>>>>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>>>>
>>>>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> modifyTimestamp: 20170308140529Z
>>>>>
>>>>>
>>>>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn
and
>>>>> givenName as 'IA=='. It looks like some problem occurs in my
>>>>> configuration.
>>>>>
>>>>> please, need help!!
>>>>>
>>>>>
>>>>> Best Regards,
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> ---
>>> *Celso Agra*
>>>
>>
>>
>>
>> --
>> ---
>> *Celso Agra*
>>
>>
>>
>
>
> --
> ---
> *Celso Agra*
>
--
---
*Celso Agra*
--
---
*Celso Agra*