yes, it makes sense to have Object classes mandatory in UI. I've fixed
it (also change the tooltip), will be available in next version.
On 4.11.2014 22:38, Patrick V. Madden wrote:
Wow! I was about to give up and then I decided to try to enter
information into the field for User Object Classes. I was leaving that
blank as it shows not required and tip seems to indicate it is for
creating LDAP users via KeyCloak. I noticed in my LDAP Browser that
among many others, it had 4 rows named objectClass as follows:
Attribute Name Value
Once I added these as "top,person,organizationalPerson,user" into User
Object Classes field in LDAP Provider Settings it worked!!!!
I was literally writing a response to say nope can't get it to work.
Divine intervention made me try one more thing.
This may be helpful to others.
Thanks for your help.
*From: *"Marek Posolda" <mposolda(a)redhat.com>
*To: *"Patrick V. Madden" <pmadden(a)tomsawyer.com>,
*Sent: *Tuesday, November 4, 2014 1:58:31 PM
*Subject: *Re: [keycloak-user] Active Directory Realm question.
after "Synchronize all users" you should be able to see all users from
LDAP, not just those which already authenticated in Keycloak. For your
LDAP tree, I believe that Base DN should be "DC=acme,DC=com" and User
DN should be "OU=acmeUsers,DC=acme,DC=com" . Please let me know if it
On 4.11.2014 14:58, Patrick V. Madden wrote:
Hope this doesn't post twice....
I am running a local 1.0.4.Final build on my local machine to do
I have a quick question regarding an Active Directory Realm that I
am trying to configure. I am able to successfully test the
connection and test authentication using Bind DN and Bind
Credential and Connection URL.
I can connect via an external LDAP browser using same credential
and browse the directory.
When I click Synchronize all users button it says it is
successful. However, when I go back to search page I get nothing
when I enter a username. When I click show all users it shows
nothing. I was hoping it would show me a list of all users in the
search tree based on my settings.
Lets assume my company is acme.com
. When I look at browser it shows:
I want the users to be in OU=acmeUsers,DC=acme,DC=com
And yes OU=acmeUsers is what I need...
So what would I put in for Base DN and User DN Suffix to get it to
show a list of all users in the directory?
Or does it only show users that have logged into the Realm via a
Hope this makes sense.
Principal Design Engineer
*Tom Sawyer Software <http://www.tomsawyer.com/>*
1997 El Dorado Avenue
Berkeley, CA 94707
Cell: +1 (845) 416-4629 <callto:+1%20%28845%29%20416-4629>
E-mail: pmadden(a)tomsawyer.com <mailto:email@example.com>
keycloak-user mailing list