Re: [keycloak-user] Can no longer create users in Active Directory from Keycloak

Hi Marek, Sorry, never mind. We were missing the ‘cn’ user attribute mapper for some reason.. Adding this mapper fixes the issue. I did manage to reproduce the issue by debugging (using my IDE) the Keycloak source code in LDAPUtils#addUserToLDAP In UsersResource#createUser a ModelException is caught but never logged so this information gets lost completely: catch (ModelException me){ if (session.getTransaction().isActive()) { session.getTransaction().setRollbackOnly(); } return ErrorResponse.exists("Could not create user"); } It would be great if some exception logging could be added to this class to help in troubleshooting. cheers Edgar On 09 Aug 2016, at 15:07, Marek Posolda <mposolda@redhat.com<mailto:mposolda@redhat.com>> wrote: Maybe enable LDAP logging will help? You can enable TRACE logging for "org.keycloak.federation.ldap" in standalone.xml and see what's logged into server.log when you try to create Keycloak user? Marek On 09/08/16 10:18, Edgar Vonk - Info.nl<http://info.nl> wrote: Hi, We no longer seem to be able to create new users in Keycloak with the LDAP/MSAD User Federation set up with ‘Sync Registrations’ turned on. I think this is since we migrated to Keycloak 2.0.0.Final (not 100% sure). When I try to create a new user from Keycloak (Manage - Users) I only see the error message ‘Error! Could not create user’ but nothing else. Nothing in the logs unfortunately. Not even at the debug level. Any pointers on where to start looking for a solution? I have the Keycloak source code available. cheers Edgar _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user