Re: [keycloak-user] Multiple LDAP Providers

On 21/07/17 13:48, Dmitry Repchevsky wrote: > Hello, > > Is there any way to define different user profiles to be stored in LDAP? > I would like to distinguish between local users and users that come from > Google. > The user groups should be different (with different attributes). For > instance local users have "homeDirectory" and "google" ones are treated > as "guests". > > If I define two LDAP "WRITABLE" providers the attempt to write the new > user to LDAP is done by priority order, right? Yes, right. It all depends on priority right now. We have opened JIRA for the case when you want to add social users locally or to specified user Storage provider (not the default one with biggest priority). It's not yet available OOTB. However you can achieve something if you define firstBrokerLogin flow and replace IdpCreateUserIfUniqueAuthenticator with something else, which will register user either locally or to different LDAP provider that the one with biggest priority. But you would need to code that. Marek > I mean if I define a mandatory "homeDirectory" attribute and "google" > user has no this attribute, the user is stored in the second provider? > > Thank you in advance, > > Dmitry > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user