6:06 a.m.
Hi Jan,
Thank you very much for the reply. Sorry, I think I didn't clearly state my
doubt.
I wanted to write my own mapper "custom-ldap-attribute-mapper" like
"user-ldap-attribute-mapper". How can I do this?
The problem I am facing is:
I am trying to find a way to populate the uidNumber when a user is created
in LDAP via Keycloak. I don’t want to use hardcoded-attribute-mapper as it
would put the same value to all the users. Is there is a way to populate
these values when a user is created at the Keycloak side?
For “posixAccount” in LDAP these are MUST be present attributes and LDAP
throws error if these values are not present when a user is created.
Eagerly waiting for your reply.
Thanks,
Shiva
On Wed, Sep 4, 2019 at 1:06 PM Jan Lieskovsky <jlieskov(a)redhat.com> wrote:
Hey Shiva,
On Wed, Sep 4, 2019 at 10:01 AM Shiva Prasad Thagadur Prakash <
shivaprasadtp8(a)gmail.com> wrote:
> Hi Guys,
> Any suggestions on this? Eagerly waiting for your reply.
>
> Thanks,
> Shiva
>
> On Mon, Sep 2, 2019 at 12:15 PM Shiva Prasad Thagadur Prakash <
> shivaprasadtp8(a)gmail.com> wrote:
>
> > Hi Guys,
> > I want to add a custom LDAP user attribute mapper to Keycloak. How can I
> > do this?
>
You would do as usual:
- Add new LDAP federation provider first (User Federation -> Add
Provider, choose 'ldap' & setup / provide the necessary bits (Vendor,
Connection URL, ..., click 'Save' once done), then click 'Mappers'
tab,
click 'Create', add some name to it & choose
'user-attribute-ldap-mapper',
specify the name of the attribute, you want to be stored in Keycloak DB in
the 'User Model Attribute' field, and specify the name of the attribute, as
already exists in LDAP in the 'LDAP Attribute' field. Customize / set up
the other options ('Read Only', 'Always Read Value from LDAP', ... as
needed), then click 'Save'.
Yet, it should be verified, if there already isn't an existing
'user-ldap-attribute-mapper', mapping the same attribute, but having
different settings, so those two wouldn't conflict.
>
> > Actually I wanted to have an LDAP attribute mapper which would have some
> > initial value hardcoded for an LDAP attribute but the attribute value
> can
> > be edited/changed later.
>
Initial name of the user attribute to map from LDAP to Keycloak would be
initially hardcoded, but it might change later?
If that's the case, once the name of the LDAP attribute changed, you would
either:
- Go to the admin console and perform User Federation ->
previously_created_provider_name -> Mappers tab -> choose the custom user
attribute mapper created before, change the respective field (LDAP
attribute or even User Model attribute if needed), click 'Save' again)
- Or this can be (AFAICT) performed also in a programmed way using the
REST API (get the realm in question, get it's mappers, then update the
mapper with the new 'User Model attribute' value). See the available REST
API methods, if interested in pursuing this way.
Though if you are searching for some "inotify" based functionality (IOW
the mapper itself to realize the name of the attribute changed in LDAP, and
to have some automated way how this would update itself based on the
changed attribute name -- from the original name to the updated one), I am
not aware of a way, on how this could be achieved. But maybe others can
suggest an approach..
HTH
> >
> > Thanks,
> > Shiva
> >
>
Regards, Jan
--
Jan iankko Lieskovsky
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>