I'm trying do add a new user federation provider for integrate keycloak with a ldap server.

The parameters:

Console display name -> Active Directory

Priority -> 0

Edit Mode -> READ_ONLY

Sync Registrations -> OFF

Vendor -> Active Directory

Username LDAP attribute -> sAMAccountName

User Object Classes -> person, organizationPerson, user

Connection URL -> ldap://dom.example.com:389

Base DN -> DC=dom,DC=example,DC=com

User DN Suffix -> CN=Users

Bind DN -> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com

Bind Credential -> ********

Connection pooling -> ON

Pagination -> ON

Enable Account After Password Update -> OFF

Batch Size -> 100

Periodic Full Sync -> OFF

Periodic changed users sync -> ON

Changed users sync period -> 86400

I tried change User DN Suffix to only Users, but it not works. The log always saying:

LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR)

And it says this when it tries to parse the User DN Suffix.

Theres something wrong with my conf?