This is not supported OOTB. You can do it manually. You may need to
create your own REST endpoint implementation, which will somehow allow
to link existing users to LDAP users. KC users linked to LDAP should
have "Federation Link" and also some attributes (you can doublecheck
them by looking at some LDAP user and his tab "Attributes" in Keycloak
admin console).
Marek
Dne 5.4.2018 v 01:09 Mike Wakim napsal(a):
Hello,
I have a small question regarding a specific use case with user federation, that I am
hoping someone can help with. I set up a small LDAP server using the example given in the
Keycloak Git repo. I imported the LDAP realm into Keycloak and did the following:
1. Turn the "enabled" setting off in user federation (temporarily).
2. Turn the "import" setting off in user federation.
3. Turn the "sync registrations" setting off in user federation.
My use case is the following:
I would like to create a user (e.g. bwilson) manually in Keycloak, and I would like to
assign to that user custom roles as needed. However, this user (e.g. bwilson), is a user
that already exists in my LDAP server. If I enable user federation, and try to log in
using this user, Keycloak by default will only check the Keycloak DB, and will not try to
authenticate this username through user federation. Is there anyway for me to link the
manually created "bwilson" user, with the "bwilson" user that already
exists in LDAP? I'm mainly interested in linking the roles that appear in the Keycloak
DB, I would like the user to log in using his LDAP credentials.
I am aware that if I "import" users from LDAP into Keycloak, I can go to a
user's settings, and add roles to that user as needed. However if I have a
pre-existing user in the Keycloak DB, can I link this user to the user with the same
username in LDAP (without importing)? Any assistance would be much appreciated!
Thanks,
Mike
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user