3:44 p.m.
Yes, I would likely create subclass of this one and override some
method, so the attribute value is just your ou and not full DN. Just a
note that LDAP Mapper SPI is unsupported and some method signatures can
change in the future etc.
Marek
On 31/03/17 02:44, Celso Agra wrote:
Maybe this class could help me to create a new Mapper:
https://github.com/keycloak/keycloak/blob/94afba91a0d3f51021e036796c53674...
2017-03-30 21:31 GMT-03:00 Celso Agra <celso.agra(a)gmail.com
<mailto:celso.agra@gmail.com>>:
Thanks Marek! For now, I'm using the (a) option!
But I think would be possible to implement an LDAP Mapper in the
future. just to get the "ou" info.
I'll take a look in the code and try to add a new Mapper Type.
Thanks again! This is a really great tool!
2017-03-30 16:33 GMT-03:00 Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>>:
There is no built-in support for this. However you can achieve
it by doing any of:
a) Map the LDAP_ENTRY_DN as attribute in your token and then
have some logic in your application (or whenever it is needed)
that will just parse name of the OU from the full DN.
b) Create the custom LDAP mapper, which will do the above.
Then it will be available in user attributes
c) Create protocol mapper, which will do the above. User
attribute will still contain just LDAP_ENTRY_DN, but you will
have claim in the token with the value of your OU.
I would personally go with (a) and handle it in your app if
possible. That's the easiest path IMO.
Marek
On 30/03/17 20:20, Celso Agra wrote:
Hi all,
I'd like to retrieve the organizational unit (ou) from
LDAP Mapper and set
this in the User Attributes.
When I get a user from LDAP, it set an attribute called
LDAP_ENTRY_DN, with
value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
So, I'd like to retrieve just the ou info "group", and set
this to the user
attribute.
Would be possible to do that? Is there some mapper type
just to retrieve
this information?
Best Regards,
--
---
*Celso Agra*
--
---
*Celso Agra*