In that case, I would likely use Keycloak with LDAP federation provider,
which will point to some LDAP server in your environment. KC Federation
provider needs to be declared with editMode "WRITABLE", so all users
created through Keycloak will be synced to LDAP server as well including
their password. Then the legacy product compatible just with LDAP will
authenticate users against this LDAP server.
Marek
On 15/10/15 11:41, Valerij Timofeev wrote:
Hi all,
we are interested to know if it is possible to authenticate users of
pure LDAP client against Keycloak?
Why? We are planning to migrate legacy user storage to Keycloak and
we'd like to avoid dead end if for example some product (e.g. SaaS)
does not support user authentication against Keycloak, but does
against standard LDAP server.
If it is impossible, has anybody succeeded to implement reverted
direction of user federation synchronization (all users data from
Keycloak should be copied to a fresh LDAP server installation)?
Answers to these questions may be decisive for the Keycloak usage in
our organization.
Thank you in advance
Valerij Timofeev
Software Engineer
Trusted Shops GmbH
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user