Yes, you're right. This is not available ATM. What is available is the
support for Keycloak group inheritance to be mapped for LDAP groups. But
mapping for:
- Groups-roles membership mappings
- Roles to composite roles membership mappings
is not available now.
Feel free to create JIRA. But not sure if we ever go into it...
Marek
On 10/03/17 11:31, abhishek raghav wrote:
Hi
I have a set of* Realm Roles* that is mapped to an certain *OU=Roles* in an
*MSAD*. Similar is the case for a set of *Groups*.
But when I *assign a group with a certain role, the assignment is visible
in Keycloak. But the same is not reflected on the AD.*
I mean, this mapping of role and group is *not stored in the "member" or
"memberof" attributes of either the respective group or the role*.
Please suggest is this functionality available using any mapper from
Keycloak to AD? Or do we need to create our own Custom Mapper? If yes, how?
*- Best Regards*
Abhishek Raghav
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user