Re: [keycloak-user] Unable to Store and Retrieve Group-Role relationship in LDAP
Thanks Marek.
Is it possible by writing a *custom ldap mapper* and deploy in Keycloak for
this scenario.
We am using *MSAD *as our LDAP provider.
If yes, do you have any example implementation for the same.
I also found that there is some SPI for User Federation Mapper SPI.
https://keycloak.gitbooks.io/server-developer-guide/content/v/2.2/topics/...
*- Best Regards*
Abhishek Raghav
On Fri, Mar 10, 2017 at 4:32 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
Yes, you're right. This is not available ATM. What is available
is the
support for Keycloak group inheritance to be mapped for LDAP groups. But
mapping for:
- Groups-roles membership mappings
- Roles to composite roles membership mappings
is not available now.
Feel free to create JIRA. But not sure if we ever go into it...
Marek
On 10/03/17 11:31, abhishek raghav wrote:
> Hi
>
> I have a set of* Realm Roles* that is mapped to an certain *OU=Roles* in
> an
> *MSAD*. Similar is the case for a set of *Groups*.
>
> But when I *assign a group with a certain role, the assignment is visible
> in Keycloak. But the same is not reflected on the AD.*
> I mean, this mapping of role and group is *not stored in the "member" or
> "memberof" attributes of either the respective group or the role*.
>
> Please suggest is this functionality available using any mapper from
> Keycloak to AD? Or do we need to create our own Custom Mapper? If yes,
> how?
>
>
> *- Best Regards*
> Abhishek Raghav
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>