I guess you changed just "Username LDAP attribute" but you didn't change the username mapper? See "mappers" tab under ldap federation provider.

When you create new LDAP federation provider, there are some set of default LDAP mappers automatically created. There is best effort to create set of mappers based on the initial configuration you provided. But once you later update the configuration, the mappers are not updated anymore (because it's chance you already did some changes to mapper configuration in the meantime).

If you can't figure mapper configuration, you can try to create federationProvider from the scratch with the "sAMAccountName" from the start.

Hope it helps,
Marek

On 17/02/16 12:37, Porfyrios Vasileiou wrote:

Hello, i created a new ldap federation in the keycloak settings and imported all users. The thing is that the username attribute was mapped to the ldap cn attribute whereas the username in active directory is sAMAccountName. Therefore i changed the ldapAttribute to that.

Now when i go to my ldap settings page and click on "Synchronize" the users fail to update and i am getting this error:

13:31:53,899 ERROR [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default task-25) Failed during import user from LDAP: org.keycloak.mo

dels.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: cn, user DN

: CN=internal2 lastname,OU=DTPH,DC=dls,DC=lan, attributes from LDAP: {whenChanged=[20160217110433.0Z], whenCreated=[20160217110433.0Z], sAMAccountName

=[internal2], givenName=[internal2], sn=[lastname], userAccountControl=[512], pwdLastSet=[131001806735067575]}

If u put it back to cn it works, but i want to use sAMAccountName for the username.

Why does this happen ?
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user