Okay,<div><br></div><div>as your suggestion I changed to the complete DN, but now I get this:</div><div><br></div><div><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.D</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">efaultIdentityQuery@69d4fcb8].</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:236)</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:190)</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        ... 57 more</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: org.picketlink.idm.IdentityManagementException: Could not populate attribute type org.picketlink.idm.model.basic.User@8665a20.</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:815)</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:682)</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231)</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">        ... 58 more</span><br style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)"><span style="color:rgba(0,0,0,0.8);font-family:&#39;Roboto Slab&#39;,&#39;Times New Roman&#39;,serif;font-size:14px;line-height:19px;white-space:pre-wrap;background-color:rgb(255,255,255)">Caused by: java.lang.NullPointerException</span></div><div><br><br>Em quinta-feira, 21 de maio de 2015, Marek Posolda &lt;<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>&gt; escreveu:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>On 20.5.2015 22:00, Ayrton Araújo
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_extra"><span style="font-size:12.8000001907349px">I&#39;m trying do add a new
            user federation provider for integrate keycloak with a ldap
            server.</span>
          <div style="font-size:12.8000001907349px"><br>
          </div>
          <div style="font-size:12.8000001907349px">The parameters:</div>
          <span style="font-size:12.8000001907349px">Console display
            name -&gt; Active Directory</span>
          <div style="font-size:12.8000001907349px">Priority -&gt; 0</div>
          <div style="font-size:12.8000001907349px">Edit Mode -&gt;
            READ_ONLY</div>
          <div style="font-size:12.8000001907349px">Sync Registrations
            -&gt; OFF</div>
          <div style="font-size:12.8000001907349px">Vendor -&gt; Active
            Directory</div>
          <div style="font-size:12.8000001907349px">Username LDAP
            attribute -&gt; sAMAccountName</div>
          <div style="font-size:12.8000001907349px">User Object Classes
            -&gt; person, organizationPerson, user</div>
          <div style="font-size:12.8000001907349px">Connection URL -&gt;
            <a>ldap://</a><a href="http://dom.example.com:389/" target="_blank">dom.example.com:389</a></div>
          <div style="font-size:12.8000001907349px">Base DN -&gt;
            DC=dom,DC=example,DC=com</div>
          <div style="font-size:12.8000001907349px">User DN Suffix -&gt;
            CN=Users</div>
          <div style="font-size:12.8000001907349px">Bind DN
            -&gt; CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com</div>
          <span style="font-size:12.8000001907349px">Bind Credential
            -&gt; ********</span>
          <div style="font-size:12.8000001907349px">Connection pooling
            -&gt; ON</div>
          <div style="font-size:12.8000001907349px">Pagination -&gt; ON</div>
          <div style="font-size:12.8000001907349px">Enable Account After
            Password Update -&gt; OFF</div>
          <div style="font-size:12.8000001907349px">Batch Size -&gt; 100</div>
          <div style="font-size:12.8000001907349px">Periodic Full Sync
            -&gt; OFF</div>
          <div style="font-size:12.8000001907349px">Periodic changed
            users sync -&gt; ON</div>
          <div style="font-size:12.8000001907349px">Changed users sync
            period -&gt; 86400</div>
          <div style="font-size:12.8000001907349px"><br>
          </div>
          <div style="font-size:12.8000001907349px">I tried change User
            DN Suffix to only Users, but it not works. The log always
            saying:</div>
          <div style="font-size:12.8000001907349px">LDAP: error code 1 -
            000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR)</div>
          <div style="font-size:12.8000001907349px">And it says this
            when it tries to parse the User DN Suffix.</div>
        </div>
      </div>
    </blockquote>
    Currently &quot;User DN Suffix&quot; is supposed to contain whole DN. So in
    your case it should be probably something like:
    CN=Users,DC=dom,DC=example,DC=com<br>
    <br>
    I agree that name of the parameter &quot;User DN Suffix&quot; is misleading.
    It will be improved in next version ( 1.3.0.Beta1 ) and also it will
    be possible to configure more User DNs to search for users.<br>
    <br>
    Marek<br>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div style="font-size:12.8000001907349px"><br>
          </div>
          <div style="font-size:12.8000001907349px">Theres something
            wrong with my conf?</div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
keycloak-user mailing list
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;keycloak-user@lists.jboss.org&#39;);" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </div>

</blockquote></div><br><br>-- <br><div dir="ltr">Ayrton Araújo<br><div><font face="&#39;trebuchet ms&#39;, sans-serif"><font size="1">&quot;If you can tell the false from the true </font><span style="font-size:x-small">you are already a scientist.&quot;</span></font></div><div><br></div><div>--<br><div><a href="http://ayr-ton.net/" target="_blank">http://ayr-ton.net/</a></div></div></div><br>