On 16/06/16 07:25, Arjan Schaaf wrote:
Hi there,
I’m integrating Keycloak in an environment where a have a couple of ‘legacy’ applications
that allow for LDAP based external authentication, but do not support Keycloak or oauth /
OpenID connect out-of-the-box.
So I’m creating a setup where I use Keycloak as the primary repository for storing users
and groups/roles, but I connect a LDAP server that is kept in sync with Keycloak and bind
these applications to the LDAP service.
That setup works decent enough: newly created users in keycloak are synced to LDAP and so
on.
However syncing Keycloak roles to LDAP doesn’t seem to work as convenient. I’ve created a
User Federation Mapper of type Role mappings and when I use the “Sync Keycloak Roles To
LDAP” button, the roles are synced with LDAP. Great!
But when I create a new role in Keycloak I expected it to be synced automatically, just
like a new Keycloak user is synced directly to LDAP. I need to use the “Sync Keycloak
Roles To LDAP” manually again to update LDAP. Is this how it is designed to work or is
there are way to update LDAP directly after changing something to Keycloak roles?
yes, ATM it's not done immediately. Feel free to create JIRA for this.
Currently to propagate creation of role to LDAP, you need to either:
- Click "Sync Keycloak role to LDAP" as you mentioned
- In keycloak admin console, assign some LDAP mapped user to this role.
In this case, role will be created in LDAP and role mapping for the user
will created as well. Is it sufficient for your usecase?
Marek
Cheers,
Arjan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user