No, Keycloak itself doesn't talking with the applications through the
LDAP protocol.
I suggest to take a look at ApacheDS for this. It is written in Java and
allows you to plug the "source" of identities like users etc. Maybe
there is a way to connect it somehow to Keycloak DB and take users from
there, but it will be lots of coding needed though. We are using
ApacheDS in our testsuite, you can take a look for inspiration:
https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#ldap-s...
Marek
On 11/10/17 14:49, Herrmann Hinz wrote:
hallo marek,
im talking about ldap as authentication protocol.
atm available auth protocols are SAMl and OpenID (this one is used to
authenticate against a docker registry as well afaik).
my usecase is:
- we have an internal ldap/ad server in the company
- we want to be independent at a later stage of this
- until then we want to setup keycloak as "man in the middle" (ldap
proxy so to say)
- we would like to enrich the user database on our keycloak with own
technical users for ci/cd components like jenkins, nexus, u name it...
- we would like to use keycloaks SSO posibilities
- now: some cicd backends do not support SAML or OpenID - what if we
could talk to keycloak via LDAP authentication protocol instead of
using the one company AD (which does not know yet about the technical
users)
do you get my point?
thanks,
tobias
--------------------------------
Tobias Herrmann Hinz
mobil: 01522 1940 885
--------------------------------
On 11 October 2017 at 14:41, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
We have support for LDAP. It's documented here [1] . Keycloak is
able to lookup users from the LDAP and login users with their LDAP
username/passwords + bunch of other things (Attribute mappings,
role/group mappings, writable or read-only etc).
Or did I misunderstood what usecase exactly you mean?
[1]
http://www.keycloak.org/docs/latest/server_admin/topics/user-federation/l...
<
http://www.keycloak.org/docs/latest/server_admin/topics/user-federation/l...
Marek
On 11/10/17 00:12, Herrmann Hinz wrote:
hello all,
afaik at the moment its not possible to authenticate against
an keycloak
installation via ldap/s protocol. is this correct?
if so: any plans on integrating it? is there any work done
already?
would be very helpful to have this integrated into keycloak.
would it even
complete more.
thanks for your answers in ahead,
tobias
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>