hallo marek,
im talking about ldap as authentication protocol.
atm available auth protocols are SAMl and OpenID (this one is used to
authenticate against a docker registry as well afaik).
my usecase is:
- we have an internal ldap/ad server in the company
- we want to be independent at a later stage of this
- until then we want to setup keycloak as "man in the middle" (ldap proxy
so to say)
- we would like to enrich the user database on our keycloak with own
technical users for ci/cd components like jenkins, nexus, u name it...
- we would like to use keycloaks SSO posibilities
- now: some cicd backends do not support SAML or OpenID - what if we could
talk to keycloak via LDAP authentication protocol instead of using the one
company AD (which does not know yet about the technical users)
do you get my point?
thanks,
tobias
--------------------------------
Tobias Herrmann Hinz
mobil: 01522 1940 885
--------------------------------
On 11 October 2017 at 14:41, Marek Posolda <mposolda(a)redhat.com> wrote:
We have support for LDAP. It's documented here [1] . Keycloak is
able to
lookup users from the LDAP and login users with their LDAP
username/passwords + bunch of other things (Attribute mappings, role/group
mappings, writable or read-only etc).
Or did I misunderstood what usecase exactly you mean?
[1]
http://www.keycloak.org/docs/latest/server_admin/topics/user
-federation/ldap.html
Marek
On 11/10/17 00:12, Herrmann Hinz wrote:
> hello all,
>
> afaik at the moment its not possible to authenticate against an keycloak
> installation via ldap/s protocol. is this correct?
>
> if so: any plans on integrating it? is there any work done already?
>
> would be very helpful to have this integrated into keycloak. would it even
> complete more.
>
> thanks for your answers in ahead,
>
> tobias
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>