6:32 a.m.
Hello everyone,
im using e-directory federation ldap provider and came to this bug
KEYCLOAK-3099 <https://issues.jboss.org/browse/KEYCLOAK-3099> as i was
experiencing the same problem.
e-Directory sends guid attribute as byte[] so it needs to be declared as
binary the same way as its done for activeDirectory.
Sending simple diff to fix this issue if you consider this as helpfull.
Novell was acquired by microfocus and their product has been renamed to
netIQ eDirectory so i incorporated that change as well.
Another thing i noted were 2 incorrect attribute mappings in administration
console.
"username" -> "uid"
correct as long as users are enabled for linux (not default) otherwise cn.
So cn should work for more cases than uid.
"firstname" -> "cn"
wrong, should be "givenname"
Cheers
Tom
3:29 a.m.
On 24/11/16 13:32, Tomas Tikovsky wrote:
Hello everyone,
im using e-directory federation ldap provider and came to this bug
KEYCLOAK-3099 <https://issues.jboss.org/browse/KEYCLOAK-3099> as i was
experiencing the same problem.
e-Directory sends guid attribute as byte[] so it needs to be declared as
binary the same way as its done for activeDirectory.
Sending simple diff to fix this issue if you consider this as helpfull.
Novell was acquired by microfocus and their product has been renamed to
netIQ eDirectory so i incorporated that change as well.
Currently we don't have
any support for netIQ eDirectory and we never
tested with it. Novell eDirectory was community contribution.
Btv. If it uses the guid attribute in same way like activeDirectory,
then maybe you can just select vendor: "Active Directory" and then just
change name of UUID attribute manually?
Another thing i noted were 2 incorrect attribute mappings in administration
console.
"username" -> "uid"
correct as long as users are enabled for linux (not default) otherwise cn.
So cn should work for more cases than uid.
"firstname" -> "cn"
wrong, should be "givenname"
There is some best effort to create mappers
according to which vendor
you choose. So for example if you select "Active Directory" it already
uses "cn" for username by default. For "OpenLDAP" it uses
"uid" for
username etc. But all things can be configured/changed manually and you
have possibility to configure mappers exactly according to your LDAP
environments. (eg. change firstName to "givenName" etc)
Marek
Cheers
Tom
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3419
days inactive
3420
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Tomas Tikovsky