Re: [keycloak-user] Multiple LDAP Providers
On 21/07/17 13:48, Dmitry Repchevsky wrote:
Hello,
Is there any way to define different user profiles to be stored in LDAP?
I would like to distinguish between local users and users that come from
Google.
The user groups should be different (with different attributes). For
instance local users have "homeDirectory" and "google" ones are
treated
as "guests".
If I define two LDAP "WRITABLE" providers the attempt to write the new
user to LDAP is done by priority order, right?
Yes, right. It all depends on
priority right now.
We have opened JIRA for the case when you want to add social users
locally or to specified user Storage provider (not the default one with
biggest priority). It's not yet available OOTB. However you can achieve
something if you define firstBrokerLogin flow and replace
IdpCreateUserIfUniqueAuthenticator with something else, which will
register user either locally or to different LDAP provider that the one
with biggest priority. But you would need to code that.
Marek
I mean if I define a mandatory "homeDirectory" attribute
and "google"
user has no this attribute, the user is stored in the second provider?
Thank you in advance,
Dmitry
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user