Hi,
I've got Keycloak 4.5.0.Final setup to talk to an AWS instance of
their Simple AD - which is Samba 4 behind the scenes. Connectivity and
authentication works ok, as does the initial sync all users.
However, when I create a new user through Keycloak, I get an error
"Error! Could not create user" in the UI and the following logs:
keycloak_1 | 20:45:52,571 WARN
[org.keycloak.services.resources.admin.UsersResource] (default
task-17) Could not create user: org.keycloak.models.ModelException:
Could not modify attribute for DN
[cn=example12,CN=Users,DC=ad,DC=example,DC=com]
keycloak_1 | Caused by: javax.naming.NameNotFoundException: [LDAP:
error code 32 - 00002030: No such Base DN:
cn=example12,CN=Users,DC=ad,DC=example,DC=com]; remaining name
'cn=example12,CN=Users,DC=ad,DC=example,DC=com'
The full stack trace is here
https://gist.githubusercontent.com/rk295/a8ada3cd79212e73d2e55215e4d53e34...
What is interesting is the user is created successfully in LDAP.
ldif
https://gist.githubusercontent.com/rk295/0bde9a03f057dea09ea08f7f0050785e...
However in this ldif, is the following fields show "IA==" rather than
the value I entered (example12 in both cases)
sn:: IA==
givenName:: IA==
I have both the firstname and lastname mappers setup to map the
following fields:
usermodel attribute firstName -> ldap givenName
usermodel attribute lastName -> ldap sn
Both setup with RO false, always read from LDAP true, is mandatory
true, is binary false.
If I hit the button to resync changed (or all) users, the user shows
in the Keycloak admin, but the fields above missing.
Hope somebody can help!
r.