10:48 a.m.
Hi all,
One more thing to keep in mind is that Keycloak only allows an email address to be used
once in every realm. So if a user has the same email address across several ldap servers,
it might cause you some problems if all users are in the same realm. I presume the same
limitation goes for user names.
Cheers
/Daniel
_______________________________________________________________________
Daniel Hammarberg
Managing Delivery Architect | Application Services
Capgemini Sweden | Göteborg
www.capgemini.com
_______________________________________________________________________
Connect with Capgemini:
-----Original Message-----
From: Stian Thorgersen <sthorger(a)redhat.com>
Sent: den 14 juni 2018 14:35
To: Filipe Abrahao
Cc: keycloak-user
Subject: Re: [keycloak-user] Will Keycloak scale to handle hundreads of LDAP
integrations?
Are you planning to have a single realm?
The way users are retrieved when there is multiple LDAP servers is currently quite
limited. It will simply search through them in order until the user is found. Once found a
user with the link to the correct LDAP will be setup. With hundreds of LDAP connections
this will most likely be rather slow.
It's also not a scenario we've tested so you would have to test and experiment
with this yourself.
On 14 June 2018 at 14:30, Filipe Abrahao <lfa(a)doodle.com> wrote:
Hi everyone,
I work at Doodle, an online platform to help people to schedule
meetings and social events, we have around 28m people that use our
product every month and we are in the process of splitting our monolith.
We have been experimenting with Keycloak as our auth service, and so
far we are pretty happy with it, we just making sure it fulfils all
our requirements, but we have one that we are not sure if it would
work with
Keycloak:
Some of our bigger users, like universities and big corporations
require to manage their users via LDAP. We know that Keycloak can integrate with LDAP.
But my question is if creating one LDAP configuration for each client
is the right way to do it.
If we have to configure one LDAP integration for each client that
requires it, we potentially will end-up with hundreds (perhaps thousands) of them.
Will it scale? Will Keycloak be able to handle that?
many thanks,
Filipe A
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Capgemini is a trading name used by the Capgemini Group of companies which includes
Capgemini Sverige AB, a company registered in Sweden (number 556092-3053) whose registered
office is at Gustavslundsvägen 131 Box 825 – S-161 24 Bromma.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.