okay thank you. what a pitty.
like i said: feature-request ;D
--------------------------------
Tobias Herrmann Hinz
mobil: 01522 1940 885
--------------------------------
On 11 October 2017 at 14:59, Marek Posolda <mposolda(a)redhat.com> wrote:
No, Keycloak itself doesn't talking with the applications through
the LDAP
protocol.
I suggest to take a look at ApacheDS for this. It is written in Java and
allows you to plug the "source" of identities like users etc. Maybe there
is a way to connect it somehow to Keycloak DB and take users from there,
but it will be lots of coding needed though. We are using ApacheDS in our
testsuite, you can take a look for inspiration:
https://github.com/keycloak/keycloak/blob/master/misc/
Testsuite.md#ldap-server
Marek
On 11/10/17 14:49, Herrmann Hinz wrote:
hallo marek,
im talking about ldap as authentication protocol.
atm available auth protocols are SAMl and OpenID (this one is used to
authenticate against a docker registry as well afaik).
my usecase is:
- we have an internal ldap/ad server in the company
- we want to be independent at a later stage of this
- until then we want to setup keycloak as "man in the middle" (ldap proxy
so to say)
- we would like to enrich the user database on our keycloak with own
technical users for ci/cd components like jenkins, nexus, u name it...
- we would like to use keycloaks SSO posibilities
- now: some cicd backends do not support SAML or OpenID - what if we could
talk to keycloak via LDAP authentication protocol instead of using the one
company AD (which does not know yet about the technical users)
do you get my point?
thanks,
tobias
--------------------------------
Tobias Herrmann Hinz
mobil: 01522 1940 885 <01522%201940885>
--------------------------------
On 11 October 2017 at 14:41, Marek Posolda <mposolda(a)redhat.com> wrote:
> We have support for LDAP. It's documented here [1] . Keycloak is able to
> lookup users from the LDAP and login users with their LDAP
> username/passwords + bunch of other things (Attribute mappings, role/group
> mappings, writable or read-only etc).
>
> Or did I misunderstood what usecase exactly you mean?
>
> [1]
http://www.keycloak.org/docs/latest/server_admin/topics/user
> -federation/ldap.html
>
> Marek
>
>
> On 11/10/17 00:12, Herrmann Hinz wrote:
>
>> hello all,
>>
>> afaik at the moment its not possible to authenticate against an keycloak
>> installation via ldap/s protocol. is this correct?
>>
>> if so: any plans on integrating it? is there any work done already?
>>
>> would be very helpful to have this integrated into keycloak. would it
>> even
>> complete more.
>>
>> thanks for your answers in ahead,
>>
>> tobias
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>