4:41 a.m.
Hi,
for servers like OpenLDAP it's supposed that "uid" contains username of
the user (and I think that if you change "Vendor" combobox to "Other",
it will also change the "Username LDAP Attribute" too). Using "cn" is
supposed to be used mainly for servers like Active Directory.
The root issue is, that right now we don't support dynamic mapping of
LDAP attributes to attributes of user account. For servers like OpenLDAP
we have some hard-coded mapping (like "cn" from LDAP is mapped to user's
firstName in Keycloak, "sn" from LDAP is mapped to user's lastName in
Keycloak and "mail" from LDAP is mapped to user's email in KC).
We have plan to support dynamic attributes mapping in the future, so you
will be able to configure that for example: "cn" is mapped to Keycloak
username, "givenName" is mapped to firstName, "sn" to lastName etc.
JIRA
is already created https://issues.jboss.org/browse/KEYCLOAK-599 but
right now, it's maybe not the biggest priority (feel free to vote in
JIRA if you want prioritize)
Marek
On 29.10.2014 19:54, robinfernandes . wrote:
Hi,
We are also testing with the same OpenLDAP version and the connection
is not a problem. The "Test Authentication" and the "Test Connection"
works just fine.
Below are the screenshots of my configuration. In the LDAP Provider
Settings in Keycloak if we use "*Username LDAP attribute = uid*" it
works well. However if we use "*Username LDAP attribute = cn*" it
fails to authenticate. Have u faced a similar problem?
Inline image 1
Inline image 2
On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Hi,
we are testing with OpenLDAP 2.4 and works fine. Are you using
different version?
Also can't be problem in the slow connection to LDAP server? On
LDAP configuration screen in Keycloak admin console, you can try
"Test Connection" or "Test Authentication" . Works this well for
you?
If connection is not a problem, maybe you can send exception
stacktrace and your LDAP configuration (Once you configure LDAP,
there should be message in server.log like "INFO
[org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating
new LDAP based partition manager for the Federation provider...."
with details about LDAP configuration. It may help if you send it
here as well)
Thanks,
Marek
On 23.10.2014 17:13, robinfernandes . wrote:
> Hi guys,
>
> I am using *Keycloak 1.0.1* final and I have integrated it with
> *OpenLDAP*.
> When I try to authenticate the user which is in LDAP, it is not
> able to authenticate it and the exception that comes up is
> "*/org.h2.jdbc.JdbcSQLException: Timeout trying to lock table
> "USER_ENTITY" ; "
> /*
> Is there anyone who has faced this problem? Is there a way to set
> the lock table timeout to be more than what it is by default?
>
> The other thing is, I tried authenticating with *Active Directory
> *and it works just fine. So I am guessing the problem is limited
> to OpenLDAP.
>
> Any help would be appreciated.
>
> Thanks,
> Robin
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
