Re: [keycloak-user] can't resolve groups from multiple group mappers
Hm, I wrote this down the wrong way, apologies. What I meant to say was
that the *access* groups don't have any members, which they should have
from the user groups. Looks like my issue is
https://issues.jboss.org/browse/KEYCLOAK-1797. Nested groups are quite
common in Active Directory, it would be nice if this issue could receive
some attention.
On 28 September 2017 at 09:41, Marek Posolda <mposolda(a)redhat.com> wrote:
Not expected. It should work and our tests are passing. Looks like
some
mis-configuration or something. We have an example in keycloak-examples
distribution called "ldap" . Here you can see some example how can LDAP
role be configured (no example for group-mapper yet, but it's quite similar
to role mapper)
Marek
On 26/09/17 12:04, Tiemen Ruiten wrote:
> Hello,
>
> I'm testing with the following setup:
>
> In our Active Directory, which is federated to Keycloak, we have a
> container with 'access' groups (groups that are used to give access to
> certain applications, akin to Keycloak roles) and a container for 'user'
> groups (eg. sales, it, marketing etc.). Users are always only direct
> members of a user group. The access groups can only have user groups as
> members, never users.
>
> In Keycloak, I have created two LDAP-group-mappers for both containers,
> but
> unfortunately, none of the user groups show any members. Is this expected?
>
> Using Keycloak 3.2.1 Final.
>
>
--
Tiemen Ruiten
Systems Engineer
R&D Media