10:18 a.m.
Hi,
We no longer seem to be able to create new users in Keycloak with the LDAP/MSAD User
Federation set up with ‘Sync Registrations’ turned on.
I think this is since we migrated to Keycloak 2.0.0.Final (not 100% sure).
When I try to create a new user from Keycloak (Manage - Users) I only see the error
message ‘Error! Could not create user’ but nothing else. Nothing in the logs
unfortunately. Not even at the debug level.
Any pointers on where to start looking for a solution? I have the Keycloak source code
available.
cheers
Edgar
3:07 p.m.
Maybe enable LDAP logging will help? You can enable TRACE logging for
"org.keycloak.federation.ldap" in standalone.xml and see what's logged
into server.log when you try to create Keycloak user?
Marek
On 09/08/16 10:18, Edgar Vonk - Info.nl wrote:
Hi,
We no longer seem to be able to create new users in Keycloak with the LDAP/MSAD User
Federation set up with ‘Sync Registrations’ turned on.
I think this is since we migrated to Keycloak 2.0.0.Final (not 100% sure).
When I try to create a new user from Keycloak (Manage - Users) I only see the error
message ‘Error! Could not create user’ but nothing else. Nothing in the logs
unfortunately. Not even at the debug level.
Any pointers on where to start looking for a solution? I have the Keycloak source code
available.
cheers
Edgar
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:56 p.m.
Hi Marek,
Sorry, never mind. We were missing the ‘cn’ user attribute mapper for some reason.. Adding
this mapper fixes the issue. I did manage to reproduce the issue by debugging (using my
IDE) the Keycloak source code in LDAPUtils#addUserToLDAP
In UsersResource#createUser a ModelException is caught but never logged so this
information gets lost completely:
catch (ModelException me){
if (session.getTransaction().isActive()) {
session.getTransaction().setRollbackOnly();
}
return ErrorResponse.exists("Could not create user");
}
It would be great if some exception logging could be added to this class to help in
troubleshooting.
cheers
Edgar
On 09 Aug 2016, at 15:07, Marek Posolda
<mposolda@redhat.com<mailto:mposolda@redhat.com>> wrote:
Maybe enable LDAP logging will help? You can enable TRACE logging for
"org.keycloak.federation.ldap" in standalone.xml and see what's logged into
server.log when you try to create Keycloak user?
Marek
On 09/08/16 10:18, Edgar Vonk - Info.nl<http://info.nl> wrote:
Hi,
We no longer seem to be able to create new users in Keycloak with the LDAP/MSAD User
Federation set up with ‘Sync Registrations’ turned on.
I think this is since we migrated to Keycloak 2.0.0.Final (not 100% sure).
When I try to create a new user from Keycloak (Manage - Users) I only see the error
message ‘Error! Could not create user’ but nothing else. Nothing in the logs
unfortunately. Not even at the debug level.
Any pointers on where to start looking for a solution? I have the Keycloak source code
available.
cheers
Edgar
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:17 a.m.
Could you please create JIRA for this?
Thanks,
Marek
On 09/08/16 15:56, Edgar Vonk - Info.nl wrote:
Hi Marek,
Sorry, never mind. We were missing the ‘cn’ user attribute mapper for
some reason.. Adding this mapper fixes the issue. I did manage to
reproduce the issue by debugging (using my IDE) the Keycloak source
code in LDAPUtils#addUserToLDAP
In UsersResource#createUser a ModelException is caught but never
logged so this information gets lost completely:
catch (ModelException me){
if (session.getTransaction().isActive()) {
session.getTransaction().setRollbackOnly();
}
return ErrorResponse.exists("Could not create user");
}
It would be great if some exception logging could be added to this
class to help in troubleshooting.
cheers
Edgar
> On 09 Aug 2016, at 15:07, Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>> wrote:
>
> Maybe enable LDAP logging will help? You can enable TRACE logging for
> "org.keycloak.federation.ldap" in standalone.xml and see what's
> logged into server.log when you try to create Keycloak user?
>
> Marek
>
> On 09/08/16 10:18, Edgar Vonk - Info.nl <http://info.nl> wrote:
>> Hi,
>>
>> We no longer seem to be able to create new users in Keycloak with the LDAP/MSAD
User Federation set up with ‘Sync Registrations’ turned on.
>>
>> I think this is since we migrated to Keycloak 2.0.0.Final (not 100% sure).
>>
>> When I try to create a new user from Keycloak (Manage - Users) I only see the
error message ‘Error! Could not create user’ but nothing else. Nothing in the logs
unfortunately. Not even at the debug level.
>>
>> Any pointers on where to start looking for a solution? I have the Keycloak source
code available.
>>
>> cheers
>>
>> Edgar
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3090
days inactive
3091
days old
3 comments
2 participants
participants (2)
-
Edgar Vonk - Info.nl -
Marek Posolda