Hello, I want to synch from an active directory. But the selection should be limited to users which are members in a specific group. CN=Group, OU=Users,DC=company,DC=de gives no result. Is this possible? If so, which keycloak version supports this? Thx for your help. Kind regards Kevin Hirschmann HUEBINET Informationsmanagement GmbH & Co. KG ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken. Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch Dritte nicht ausgeschlossen werden kann. Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is only intended to provide information of a general kind, and shall not be used for any statement with binding contents in respect to legal relations. It is not totally possible to prevent a third party from manipulating emails and email contents. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi! On Wed, Sep 9, 2015 at 11:13 AM, Marek Posolda <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote: You mean that only users from the group "CN=Group,OU=Users,DC=company,DC=de" should be recognized by keycloak and all other users from your LDAP, which are not members of that group, should be ignored?Hi,Hi, +1 I can definitely see this as a useful feature for AD users, and actually quite common in application configuration to be able to restrict users. Best regards, Thomas