I understand. And typically this would indeed by what you want. However in our specific case groups are not part of our realm data as such but belong to our run-time data and are managed in exactly the same way as our users, role mappings and group mappings. But I guess you cannot cater for all needs so it’s ok.

Another, probably related thing, is that with the LDAP group synching (using the user federation group mapper) groups synched from LDAP to Keycloak are never removed from Keycloak. When a group is deleted from LDAP and the sync is done again the group remains in Keycloak. Not what you want but I guess the issue is that Keycloak cannot make the distinction between a group synched from LDAP versus a group created from Keycloak itself? The LDAP group mapping is set up quite different from the user synching of course.

On 02 Mar 2016, at 13:25, Stian Thorgersen <sthorger@redhat.com> wrote:

Roles and groups should be exported to the realm export, while role mappings and group mappings should be exported to the user export.

On 2 March 2016 at 13:15, Edgar Vonk - Info.nl <Edgar@info.nl> wrote:

Hi,

We notice that when we export our custom realm to a JSON file (to a directory) that this file also contains all User Groups. We do not want this as we synchronise these User Groups from AD/LDAP just like our users. We want to have realm configuration in the realm JSON file only and not any ‘run-time’ managed data such as users and user groups.

Currently only users are exported to a different JSON file (http://keycloak.github.io/docs/userguide/keycloak-server/html/export-import.html) but groups are not. Does it make sense to create a feature request to also export user groups separately?

We have hundreds of groups in AD/LDAP which we sync to Keycloak so we really do not want these in the realm JSON.

cheers

Edgar

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user