Hi everyone, When I configure an LDAP Role Mapper for Active Directory the Default Roles of the Realm are not set anymore when a user registers himself or if I create one via the Keycloak Admin Console. Configuration: Mapper type: role-ldap-mapper LDAP Roles DN: subtree in AD Role LDAP Attribute: cn Role Object Classes: group Membership LDAP Attribute: member Membership Attribute Type: DN Membership User LDAP Attribute: uid Mode: LDAP_ONLY User Roles Retrieve Strategy: LOAD_ROLES_BY_MEMBER_Attribute Use Realm Roles Mapping: ON Does anyone have a solution, or should I create a Jira Issue for that? Best regards, Adrian

JIRA already exists for this issue :/ You can find it in KEYCLOAK project in component "Federation - LDAP". Feel free to add a vote. Marek On 07/06/17 13:22, Adrian Matei wrote: > I forgot to mention - this is valid for both 2.5.1 and 3.1 Versions > > Best regards, > Adrian > > On Wed, Jun 7, 2017 at 1:11 PM, Adrian Matei <adrianmatei(a)gmail.com&gt; > wrote: > > Hi everyone, >> >> When I configure an LDAP Role Mapper for Active Directory the Default >> Roles of the Realm are not set anymore when a user registers himself or >> if >> I create one via the Keycloak Admin Console. >> >> Configuration: >> >> Mapper type: role-ldap-mapper >> LDAP Roles DN: subtree in AD >> Role LDAP Attribute: cn >> Role Object Classes: group >> Membership LDAP Attribute: member >> Membership Attribute Type: DN >> Membership User LDAP Attribute: uid >> Mode: LDAP_ONLY >> User Roles Retrieve Strategy: LOAD_ROLES_BY_MEMBER_Attribute >> Use Realm Roles Mapping: ON >> >> >> Does anyone have a solution, or should I create a Jira Issue for that? >> >> Best regards, >> Adrian >> >> >> _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >