You did not include whole exception though. Especially you omit on which line NullPointerException is thrown, which is most important here. Could you also please enable TRACE logging for org.picketlink.idm.ldap.internal.LDAPIdentityStore and send some log snippet with few lines before this exception is thrown?

Thanks,
Marek

On 8.6.2015 21:58, Ayrton Araújo wrote:
Okay,

as your suggestion I changed to the complete DN, but now I get this:

Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.D
efaultIdentityQuery@69d4fcb8].
at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:236)
at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:190)
... 57 more
Caused by: org.picketlink.idm.IdentityManagementException: Could not populate attribute type org.picketlink.idm.model.basic.User@8665a20.
at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:815)
at org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:682)
at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231)
... 58 more
Caused by: java.lang.NullPointerException


Em quinta-feira, 21 de maio de 2015, Marek Posolda <mposolda@redhat.com> escreveu:
On 20.5.2015 22:00, Ayrton Araújo wrote:
I'm trying do add a new user federation provider for integrate keycloak with a ldap server.

The parameters:
Console display name -> Active Directory
Priority -> 0
Edit Mode -> READ_ONLY
Sync Registrations -> OFF
Vendor -> Active Directory
Username LDAP attribute -> sAMAccountName
User Object Classes -> person, organizationPerson, user
Connection URL -> ldap://dom.example.com:389
Base DN -> DC=dom,DC=example,DC=com
User DN Suffix -> CN=Users
Bind DN -> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com
Bind Credential -> ********
Connection pooling -> ON
Pagination -> ON
Enable Account After Password Update -> OFF
Batch Size -> 100
Periodic Full Sync -> OFF
Periodic changed users sync -> ON
Changed users sync period -> 86400

I tried change User DN Suffix to only Users, but it not works. The log always saying:
LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR)
And it says this when it tries to parse the User DN Suffix.
Currently "User DN Suffix" is supposed to contain whole DN. So in your case it should be probably something like: CN=Users,DC=dom,DC=example,DC=com

I agree that name of the parameter "User DN Suffix" is misleading. It will be improved in next version ( 1.3.0.Beta1 ) and also it will be possible to configure more User DNs to search for users.

Marek

Theres something wrong with my conf?


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Ayrton Araújo
"If you can tell the false from the true you are already a scientist."

--
http://ayr-ton.net/