Hi,

for servers like OpenLDAP it's supposed that "uid" contains username of the user (and I think that if you change "Vendor" combobox to "Other", it will also change the "Username LDAP Attribute" too). Using "cn" is supposed to be used mainly for servers like Active Directory.

The root issue is, that right now we don't support dynamic mapping of LDAP attributes to attributes of user account. For servers like OpenLDAP we have some hard-coded mapping (like "cn" from LDAP is mapped to user's firstName in Keycloak, "sn" from LDAP is mapped to user's lastName in Keycloak and "mail" from LDAP is mapped to user's email in KC).

We have plan to support dynamic attributes mapping in the future, so you will be able to configure that for example: "cn" is mapped to Keycloak username, "givenName" is mapped to firstName, "sn" to lastName etc. JIRA is already created https://issues.jboss.org/browse/KEYCLOAK-599 but right now, it's maybe not the biggest priority (feel free to vote in JIRA if you want prioritize)

Marek

On 29.10.2014 19:54, robinfernandes . wrote:
Hi,

We are also testing with the same OpenLDAP version and the connection is not a problem. The "Test Authentication" and the "Test Connection" works just fine.
Below are the screenshots of my configuration. In the LDAP Provider Settings in Keycloak if we use "Username LDAP attribute = uid" it works well. However if we use "Username LDAP attribute = cn" it fails to authenticate. Have u faced a similar problem?

Inline image 1



Inline image 2

On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda@redhat.com> wrote:
Hi,

we are testing with OpenLDAP 2.4 and works fine. Are you using different version?

Also can't be problem in the slow connection to LDAP server? On LDAP configuration screen in Keycloak admin console, you can try "Test Connection" or "Test Authentication" . Works this well for you?

If connection is not a problem, maybe you can send exception stacktrace and your LDAP configuration (Once you configure LDAP, there should be message in server.log like "INFO [org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating new LDAP based partition manager for the Federation provider...." with details about LDAP configuration. It may help if you send it here as well)

Thanks,
Marek


On 23.10.2014 17:13, robinfernandes . wrote:
Hi guys,

I am using Keycloak 1.0.1 final and I have integrated it with OpenLDAP.
When I try to authenticate the user which is in LDAP, it is not able to authenticate it and the exception that comes up is "org.h2.jdbc.JdbcSQLException: Timeout trying to lock table "USER_ENTITY" ; "

Is there anyone who has faced this problem? Is there a way to set the lock table timeout to be more than what it is by default?

The other thing is, I tried authenticating with Active Directory and it works just fine. So I am guessing the problem is limited to OpenLDAP.

Any help would be appreciated.

Thanks,
Robin



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user