Re: [keycloak-user] Multiple LDAP Providers

Hello Marek, Thank you for the prompt answer. My current idea is to make first LDAP expect a "social" attribute which I hardcode for "google" provider. Other users (registered via cli or rest) will fail on it and move to the second LDAP which is for the local users. Dmitry On 7/21/2017 4:42 PM, Marek Posolda wrote: > On 21/07/17 13:48, Dmitry Repchevsky wrote: >> Hello, >> >> Is there any way to define different user profiles to be stored in >> LDAP? >> I would like to distinguish between local users and users that come >> from >> Google. >> The user groups should be different (with different attributes). For >> instance local users have "homeDirectory" and "google" ones are treated >> as "guests". >> >> If I define two LDAP "WRITABLE" providers the attempt to write the new >> user to LDAP is done by priority order, right? > Yes, right. It all depends on priority right now. > > We have opened JIRA for the case when you want to add social users > locally or to specified user Storage provider (not the default one > with biggest priority). It's not yet available OOTB. However you can > achieve something if you define firstBrokerLogin flow and replace > IdpCreateUserIfUniqueAuthenticator with something else, which will > register user either locally or to different LDAP provider that the > one with biggest priority. But you would need to code that. > > Marek >> I mean if I define a mandatory "homeDirectory" attribute and "google" >> user has no this attribute, the user is stored in the second provider? >> >> Thank you in advance, >> >> Dmitry >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >