You mean that only users from the group "CN=Group,OU=Users,DC=company,DC=de" should be recognized by keycloak and all other users from your LDAP, which are not members of that group, should be ignored?

That should be doable by writing your own LDAPFederationMapper and implement "beforeQuery" so that you add the condition for "member=CN=Group,OU=Users,DC=company,DC=de" to the query. So you will need to write your own code for it.

I am not sure if we should provide the functionality like this by default in Keycloak, as your usecase seems to be quite uncommon to me. Maybe I am wrong, but didn't here about similar usecase so far.

Marek

On 08/09/15 15:27, Kevin Hirschmann wrote:

Hello,

I want to synch from an active directory. But the selection should

be limited to users which are members in a specific group.

CN=Group, OU=Users,DC=company,DC=de gives no result.

Is this possible? If so, which keycloak version supports this?

Thx for your help.

Kind regards

Kevin Hirschmann

HUEBINET Informationsmanagement GmbH & Co. KG

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken. Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch Dritte nicht ausgeschlossen werden kann.

Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is only intended to provide information of a general kind, and shall not be used for any statement with binding contents in respect to legal relations. It is not totally possible to prevent a third party from manipulating emails and email contents.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user