Hi,
Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique
ID of a user and not Keycloak’s internal user ID.
However it seems that it is not possible to retrieve users based on the LDAP_ID attribute
using the Keycloak admin API?
There is:
GET /admin/realms/{realm}/users/{id}
but this uses the internal Keycloak user ID which we cannot use (if only because sometimes
we wipe out the Keycloak database and re-import all users from MSAD/LDAP)
and:
GET /admin/realms/{realm}/users
only allows searching on a very limited number of standard user attributes
How should we go about solving this? Does it make sense to create a feature request in
JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for
example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps?
cheers