Just to understand, did you already combined both things together? I
mean the scenario like:
1) You setup LDAP with import on
2) Then you login some LDAP user "joe" and imported him
3) Then you switched import off
4) Then login again as the LDAP user "joe" and saw the error?
If yes, I suspect this won't work.
I think you need to decide from the beginning if you want import or not.
If you don't want import, it will likely good to start from clean DB, so
the scenario will be like:
1) You setup LDAP with import off
2) You login as "joe" and it will work.
Marek
On 01/09/17 15:23, felix.straub(a)kaufland.com wrote:
Hello together,
I have to following issue:
I added LDAP/AD User federation to my keycloak server version 3.2.0.Final.
So far so good everything is working I can import all the users and then
can validate the users against the LDAP.
But the target is that no user gets imported to keycloak. Thats working,
too. Just switched off the import button.
If I try to login now with my LDAP-credentials an error comes up. The error
on the keycloak login page says: "Unexpected error when handling
authentication request to identity provider".
In the keycloak log it throws a "ReadOnlyException".
But if I look into the sessions there is an active session with the user I
tried to login.
Did I miss any settings that keycloak can authenticate the user against
LDAP/AD without importing all the users?
Thank you for your help.
Mit freundlichen Grüßen
Felix Straub
+49 7132 94 920297
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74172 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user