Re: [keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB

That's strange. The role-kdap-mapper should ensure that roles from LDAP are available in Keycloak and also that they are assigned to users in Keycloak. So Keycloak should be able to see the role mappings based on the role mappings in LDAP. It's just a matter of correct configuration. You can take a look at "keycloak-examples" distribution and the example "ldap" to see how to configure things. Marek On 18/05/18 10:11, valsaraj pv wrote: > Yes, 'role-ldap-mapper created & those roles appeared in Keyclock client > set in mapper. But these roles were not assigned to users. For that need > to > open user from admin cosole & select client abd set client roles. I am > checking how to automate this. > > On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa(a)worteks.com&gt; > wrote: > > Can't you just create 'role-ldap-mapper' in your ldap user federation so >> it reflects your ldap roles to keycloak realm or client roles ? >> >> Assuming that roles in your local LDAP are the same (name) than the one >> you use in keycloak. >> >> >> Le 18/05/2018 à 08:32, valsaraj pv a écrit : >> >>> Got this sample: >>> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b >>> >>> On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi < >>> subodhcjoshi82(a)gmail.com >>> >>> wrote: >>> >>> You have to write script to run admin-cli commands >>>> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html >>>> >>>> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv(a)gmail.com&gt; >>>> >>> wrote: >> >>> Do you have any links that will be helpful? >>>>> >>>>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82(a)gmail.com&gt; >>>>> wrote: >>>>> >>>>> I think admin-cli will help you regarding this but issue is >>>>>> >>>>> documetation >> >>> is not that good. >>>>>> >>>>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv(a)gmail.com&gt; >>>>>> wrote: >>>>>> >>>>>> Hi, >>>>>>> >>>>>>> Here is the scenario: >>>>>>> Java web application client registers users to local LDAP/DB and >>>>>>> sets >>>>>>> roles. >>>>>>> These users are periodically synced to Keycloak. Roles are also >>>>>>> >>>>>> synced >> >>> once >>>>>>> as it not changed more often. >>>>>>> So when a user registered in local LDAP via application, they are >>>>>>> >>>>>> also >> >>> reflected in Keycloak but they can't access web application after >>>>>>> >>>>>> login >> >>> via >>>>>>> Keycloak. >>>>>>> The new users can access only after setting client roles manually. >>>>>>> What is the best option to automate this. Is there is any API to set >>>>>>> client >>>>>>> roles? >>>>>>> If available, we can't write code to set role in registration method >>>>>>> since >>>>>>> the users will be synced to Keycloak only on next sync. Then option >>>>>>> >>>>>> is a >> >>> delayed call which first ensures that the user reached Keycloak DB >>>>>>> >>>>>> and >> >>> then >>>>>>> set role. >>>>>>> Please share your thoughts! >>>>>>> >>>>>>> Thanks! >>>>>>> _______________________________________________ >>>>>>> keycloak-user mailing list >>>>>>> keycloak-user(a)lists.jboss.org >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>> >>>>>>> -- >>>> Subodh Chandra Joshi >>>> subodh1_joshi82(a)yahoo.co.in >>>> http://www.trendsinnews.com >>>> >>>> >>> -- >> Raphaël HOAREAU | Support & Hosting Solutions Manager >> >> raphael.hoareau(a)worteks.com >> +33 7 72 37 59 82 >> >> Worteks | https://www.worteks.com >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> > >