Re: [keycloak-user] Handling disabled users from LDAP
I think you will need to implement your own LDAP mapper for this. You
can take a look at some existing mappers for inspiration (For example
MSADUserAccountControlStorageMapper)
Marek
Dne 10.4.2018 v 18:06 Dockendorf, Trey napsal(a):
With either approach it sounds like what your describing is getting
the loginDisabled attribute into Keycloak. Once that attribute is stored, how would I go
about telling Keycloak to disallow access based on the attribute's value?
Below is an example of LDAP record where login should be disabled.
Thanks,
- Trey
dn: cn=<username>,ou=People,<base DN>
displayName: first last
employeeType: REGULAR
gecos: first last
ou: OSC Operations
cn: <username>
employeeStatus: ACTIVE
gidNumber: 103
company: Ohio Supercomputer Center
uid: <username>
mail: <email>
homeDirectory: /users/<username>
title: Employee
uidNumber: 20821
sn: lastname
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: oscUser
objectClass: shadowAccount
givenName: firstname
jobCode: FALSE
loginDisabled: TRUE
loginShell: /bin/bash