10:13 a.m.
Hi guys,
I am using *Keycloak 1.0.1* final and I have integrated it with *OpenLDAP*.
When I try to authenticate the user which is in LDAP, it is not able to
authenticate it and the exception that comes up is "
*org.h2.jdbc.JdbcSQLException: Timeout trying to lock table "USER_ENTITY" ;
"*
Is there anyone who has faced this problem? Is there a way to set the lock
table timeout to be more than what it is by default?
The other thing is, I tried authenticating with *Active Directory *and it
works just fine. So I am guessing the problem is limited to OpenLDAP.
Any help would be appreciated.
Thanks,
Robin
1:52 a.m.
Hi,
we are testing with OpenLDAP 2.4 and works fine. Are you using different
version?
Also can't be problem in the slow connection to LDAP server? On LDAP
configuration screen in Keycloak admin console, you can try "Test
Connection" or "Test Authentication" . Works this well for you?
If connection is not a problem, maybe you can send exception stacktrace
and your LDAP configuration (Once you configure LDAP, there should be
message in server.log like "INFO
[org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating new
LDAP based partition manager for the Federation provider...." with
details about LDAP configuration. It may help if you send it here as well)
Thanks,
Marek
On 23.10.2014 17:13, robinfernandes . wrote:
Hi guys,
I am using *Keycloak 1.0.1* final and I have integrated it with
*OpenLDAP*.
When I try to authenticate the user which is in LDAP, it is not able
to authenticate it and the exception that comes up is
"*/org.h2.jdbc.JdbcSQLException: Timeout trying to lock table
"USER_ENTITY" ; "
/*
Is there anyone who has faced this problem? Is there a way to set the
lock table timeout to be more than what it is by default?
The other thing is, I tried authenticating with *Active Directory *and
it works just fine. So I am guessing the problem is limited to OpenLDAP.
Any help would be appreciated.
Thanks,
Robin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:54 p.m.
Hi,
We are also testing with the same OpenLDAP version and the connection is
not a problem. The "Test Authentication" and the "Test Connection"
works
just fine.
Below are the screenshots of my configuration. In the LDAP Provider
Settings in Keycloak if we use "*Username LDAP attribute = uid*" it works
well. However if we use "*Username LDAP attribute = cn*" it fails to
authenticate. Have u faced a similar problem?
[image: Inline image 1]
[image: Inline image 2]
On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
Hi,
we are testing with OpenLDAP 2.4 and works fine. Are you using different
version?
Also can't be problem in the slow connection to LDAP server? On LDAP
configuration screen in Keycloak admin console, you can try "Test
Connection" or "Test Authentication" . Works this well for you?
If connection is not a problem, maybe you can send exception stacktrace
and your LDAP configuration (Once you configure LDAP, there should be
message in server.log like "INFO
[org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating new LDAP
based partition manager for the Federation provider...." with details about
LDAP configuration. It may help if you send it here as well)
Thanks,
Marek
On 23.10.2014 17:13, robinfernandes . wrote:
Hi guys,
I am using *Keycloak 1.0.1* final and I have integrated it with *OpenLDAP*
.
When I try to authenticate the user which is in LDAP, it is not able to
authenticate it and the exception that comes up is "
*org.h2.jdbc.JdbcSQLException: Timeout trying to lock table "USER_ENTITY"
; " *
Is there anyone who has faced this problem? Is there a way to set the lock
table timeout to be more than what it is by default?
The other thing is, I tried authenticating with *Active Directory *and it
works just fine. So I am guessing the problem is limited to OpenLDAP.
Any help would be appreciated.
Thanks,
Robin
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
4:41 a.m.
Hi,
for servers like OpenLDAP it's supposed that "uid" contains username of
the user (and I think that if you change "Vendor" combobox to "Other",
it will also change the "Username LDAP Attribute" too). Using "cn" is
supposed to be used mainly for servers like Active Directory.
The root issue is, that right now we don't support dynamic mapping of
LDAP attributes to attributes of user account. For servers like OpenLDAP
we have some hard-coded mapping (like "cn" from LDAP is mapped to user's
firstName in Keycloak, "sn" from LDAP is mapped to user's lastName in
Keycloak and "mail" from LDAP is mapped to user's email in KC).
We have plan to support dynamic attributes mapping in the future, so you
will be able to configure that for example: "cn" is mapped to Keycloak
username, "givenName" is mapped to firstName, "sn" to lastName etc.
JIRA
is already created https://issues.jboss.org/browse/KEYCLOAK-599 but
right now, it's maybe not the biggest priority (feel free to vote in
JIRA if you want prioritize)
Marek
On 29.10.2014 19:54, robinfernandes . wrote:
Hi,
We are also testing with the same OpenLDAP version and the connection
is not a problem. The "Test Authentication" and the "Test Connection"
works just fine.
Below are the screenshots of my configuration. In the LDAP Provider
Settings in Keycloak if we use "*Username LDAP attribute = uid*" it
works well. However if we use "*Username LDAP attribute = cn*" it
fails to authenticate. Have u faced a similar problem?
Inline image 1
Inline image 2
On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Hi,
we are testing with OpenLDAP 2.4 and works fine. Are you using
different version?
Also can't be problem in the slow connection to LDAP server? On
LDAP configuration screen in Keycloak admin console, you can try
"Test Connection" or "Test Authentication" . Works this well for
you?
If connection is not a problem, maybe you can send exception
stacktrace and your LDAP configuration (Once you configure LDAP,
there should be message in server.log like "INFO
[org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating
new LDAP based partition manager for the Federation provider...."
with details about LDAP configuration. It may help if you send it
here as well)
Thanks,
Marek
On 23.10.2014 17:13, robinfernandes . wrote:
> Hi guys,
>
> I am using *Keycloak 1.0.1* final and I have integrated it with
> *OpenLDAP*.
> When I try to authenticate the user which is in LDAP, it is not
> able to authenticate it and the exception that comes up is
> "*/org.h2.jdbc.JdbcSQLException: Timeout trying to lock table
> "USER_ENTITY" ; "
> /*
> Is there anyone who has faced this problem? Is there a way to set
> the lock table timeout to be more than what it is by default?
>
> The other thing is, I tried authenticating with *Active Directory
> *and it works just fine. So I am guessing the problem is limited
> to OpenLDAP.
>
> Any help would be appreciated.
>
> Thanks,
> Robin
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
8:36 a.m.
Hi,
Thanks Marek for the clarity on the mapping of LDAP attributes to
attributes of user account. It gives us more confidence now moving forward
with our implementation.
Thanks,
Robin
On Fri, Oct 31, 2014 at 5:41 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
Hi,
for servers like OpenLDAP it's supposed that "uid" contains username of
the user (and I think that if you change "Vendor" combobox to
"Other", it
will also change the "Username LDAP Attribute" too). Using "cn" is
supposed
to be used mainly for servers like Active Directory.
The root issue is, that right now we don't support dynamic mapping of LDAP
attributes to attributes of user account. For servers like OpenLDAP we have
some hard-coded mapping (like "cn" from LDAP is mapped to user's firstName
in Keycloak, "sn" from LDAP is mapped to user's lastName in Keycloak and
"mail" from LDAP is mapped to user's email in KC).
We have plan to support dynamic attributes mapping in the future, so you
will be able to configure that for example: "cn" is mapped to Keycloak
username, "givenName" is mapped to firstName, "sn" to lastName etc.
JIRA is
already created https://issues.jboss.org/browse/KEYCLOAK-599 but right
now, it's maybe not the biggest priority (feel free to vote in JIRA if you
want prioritize)
Marek
On 29.10.2014 19:54, robinfernandes . wrote:
Hi,
We are also testing with the same OpenLDAP version and the connection is
not a problem. The "Test Authentication" and the "Test Connection"
works
just fine.
Below are the screenshots of my configuration. In the LDAP Provider
Settings in Keycloak if we use "*Username LDAP attribute = uid*" it works
well. However if we use "*Username LDAP attribute = cn*" it fails to
authenticate. Have u faced a similar problem?
[image: Inline image 1]
[image: Inline image 2]
On Fri, Oct 24, 2014 at 2:52 AM, Marek Posolda <mposolda(a)redhat.com>
wrote:
> Hi,
>
> we are testing with OpenLDAP 2.4 and works fine. Are you using different
> version?
>
> Also can't be problem in the slow connection to LDAP server? On LDAP
> configuration screen in Keycloak admin console, you can try "Test
> Connection" or "Test Authentication" . Works this well for you?
>
> If connection is not a problem, maybe you can send exception stacktrace
> and your LDAP configuration (Once you configure LDAP, there should be
> message in server.log like "INFO
> [org.keycloak.picketlink.ldap.PartitionManagerRegistry] Creating new LDAP
> based partition manager for the Federation provider...." with details about
> LDAP configuration. It may help if you send it here as well)
>
> Thanks,
> Marek
>
>
> On 23.10.2014 17:13, robinfernandes . wrote:
>
> Hi guys,
>
> I am using *Keycloak 1.0.1* final and I have integrated it with
> *OpenLDAP*.
> When I try to authenticate the user which is in LDAP, it is not able to
> authenticate it and the exception that comes up is "
> *org.h2.jdbc.JdbcSQLException: Timeout trying to lock table "USER_ENTITY"
> ; " *
> Is there anyone who has faced this problem? Is there a way to set the
> lock table timeout to be more than what it is by default?
>
> The other thing is, I tried authenticating with *Active Directory *and
> it works just fine. So I am guessing the problem is limited to OpenLDAP.
>
> Any help would be appreciated.
>
> Thanks,
> Robin
>
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
3704
days inactive
3712
days old
4 comments
2 participants
participants (2)
-
Marek Posolda -
robinfernandes .