5:14 p.m.
I configured "mail" as "Username LDAP Attribute" and "uid"
as "RDN LDAP
Attribute" and set some configs on LDAP Mapper.
but I got an error:
Could not create user: org.keycloak.models.ModelException: RDN Attribute
[uid] is not filled. Filled attributes: {mail=[], cn=[ ], sn=[ ],
createTimestamp=[], modifyTimestamp=[]}
maybe, change username could be a bad practice. Could be better if I set a
special number on username, such as timestamp. This could solve my issue
Thanks Marek
2017-10-10 9:08 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
Thanks.
I see it probably doesn't work as you have email as username and "uid" is
used as both username attribute and RDN attribute. When you're changing
email of user in Keycloak, it is trying to change "uid" in LDAP, but
that's
not allowed.
I can imagine that things might work if you configure "mail" as "Username
LDAP Attribute" and "uid" as "RDN LDAP Attribute", but you
probably need to
do some tricks with mappers and maybe implement your own LDAP mapper. If
you don't manage to have this working, feel free to create JIRA.
Marek
On 09/10/17 18:54, Celso Agra wrote:
Thanks for your answer, Marek!
Here is some of my configs. In addition, I put the same values to username
and e-mail.
Here is my User Representation:
> UserRepresentation user = new UserRepresentation();
> user.setUsername(email);
> user.setFirstName(firstName;
> user.setLastName(lastName);
> user.setEnabled(true);
> user.setEmail(email);
Best regards,
Celso Agra
2017-10-09 10:37 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
> We didn't try to test this use-case though. But it may work as long as
> things are configured correctly. Maybe I would re-create the LDAP provider
> with the "Username LDAP attribute" be set to "mail", but the
"RDN LDAP
> Attribute" to "uid" . Is this the configuration you're using?
>
> If things still doesn't work, you can possibly create JIRA . Ideally with
> the details of the configuration of your LDAP provider, realm (whether
> 'username as email' is enabled etc) and how LDAP users looks like and how
> you expect them to look like after.
>
> Regards,
> Marek
>
>
> On 04/10/17 15:45, Celso Agra wrote:
>
>> Hi all,
>>
>> I'm getting a strange behavior.
>>
>> My LDAP (openldap) is configured as writable in my User Federation. So, I
>> can create user from my Keycloak, but when I change the username, the
>> user
>> disappear from my user's list.
>>
>> I check the LDAP and the user still there, with the 'old' username. So,
>> is
>> there some way to change the username without disappear from the keycloak
>> user's list?
>>
>> This occurs because in my case, username as the same of email. So, If the
>> user changes email, I have to change the username also.
>>
>> I'm using version 3.0.0.Final
>>
>>
>> Best regards
>>
>
>
>
--
---
*Celso Agra*
--
---
*Celso Agra*