Thanks for the tip Marek. That was the issue. Adding this information as a tooltip will positively help future users. -- Rajat From: Marek Posolda [mailto:mposolda@redhat.com] Sent: Wednesday, July 08, 2015 4:02 PM To: Nair, Rajat; keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Issues syncing users with LDAP (Keycloak v1.3.1/v1.2.0) On 7.7.2015 13:44, Nair, Rajat wrote: Hi, I have setup LDAP server and configured Keycloak (under User Federation) to communicate with LDAP. Test connection and test authentication both work and Keycloak "seems" to be communicating with LDAP successfully, but when I try to sync users, no data is imported to Keycloak. I have tried with Keycloak release 1.3.1 and 1.2.0 Final. Also tried with simple LDAP schema (ou=customers,dc=xyz,dc=com) but still no luck. I'm attaching my LDAP setting (from phpLdap) and my Keycloak settings - could this be configuration issues? Yes, for "User Object classes" you are supposed to enter all values of objectClass attribute of your typical user record in LDAP. For your case, it might be sufficient to enter just value "inetOrgPerson" . In latest master, I've improved the description of User Object classes tooltip a bit to clearify this a bit more. Let me know if still seeing issues. Thanks, Marek On Keycloak logs, I can see - 06:32:57,286 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default task-15) Sync all users from LDAP to local store: realm: 4b921ecb-e068-41d0-956d-fea12f2706cf, federation provider: myldapserver 06:32:57,301 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default task-15) Sync all users finished: 0 imported users, 0 updated users, 0 removed users Any way I can debug further to figure out what is going on? Currently, Keycloak and LDAP are setup on different boxes. -- Rajat _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user