Do you have a role mapper created in ldap config?
On 1/10/17 10:26 AM, Sumit Das wrote:
Hi
I have kept the "Periodic Full Sync" on during creation of an LDAP
federation with an Active Directory instance. When I am creating a new
user, the sync works and I am able to view the same user on the AD
instance. But when I am creating any new role or group, the same is not
reflected on the AD instance. I have refreshed the respective folders on
the AD instance but still I am not able to view the updated Groups and
Roles.
But when I am assigning these roles or groups to any user, and then when
the periodic sync triggers, at that moment I am able to view that
respective Group or Role on the AD instance and the association with the
user is also reflected.
So newly created roles and groups are not reflected on the AD instance but
when associated with a user, the syncing is reflected.
Can you please guide me if I am doing something wrong or is this how the
Keycloak LDAP Federation is supposed to work