Hi,
Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique
ID of a user and not Keycloak’s internal user ID.
However it seems that it is not possible to retrieve users based on the LDAP_ID attribute
using the Keycloak admin API?
There is:
GET /admin/realms/{realm}/users/{id}
but this uses the internal Keycloak user ID which we cannot use (if only because sometimes
we wipe out the Keycloak database and re-import all users from MSAD/LDAP)
and:
GET /admin/realms/{realm}/users
only allows searching on a very limited number of standard user attributes
How should we go about solving this? Does it make sense to create a feature request in
JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for
example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps?
cheers
Show replies by date