Some Idm products provide a virtual-directory-like capability where you can manage derived attributes for users regardless of the origin data store.  I could see it be advantageous to be able to layer metadata or other derived data on identities to make things easier to consume in downstream systems.  Would that be feasible in Keycloak?


From: <> on behalf of Bill Burke <>
Date: Friday, February 26, 2016 at 1:00 PM
To: "" <>
Subject: Re: [keycloak-user] user Attribute error

Why do you expect to be able to add an attribute on a read-only LDAP?  I'm confused...

On 2/26/2016 11:03 AM, Gerard Laissard wrote:



I’m using user Federation LDAP. The LDAP is read-only.

When I add a user Attribute, I get ‘Error! user is read-only!’


How can I add specific user attributes?




keycloak-user mailing list

Bill Burke
JBoss, a division of Red Hat