[keycloak-dev] Community driven documentation for unsupported LDAP vendors

Marek Posolda mposolda at redhat.com
Wed Jan 11 04:49:23 EST 2017

I've created https://issues.jboss.org/browse/KEYCLOAK-4186 and 
preliminary set fix version to 3.0.0 . We can start with adding MSAD LDS 
and then maybe continue with other vendors asked by more people. We 
already have questions and also PRs for various vendors. So hopefully 
this notes in the docs will rather simplify things instead of complicate 
them even more ;)

My take is, that if someone asks for unsupported vendor, we claim: "No 
sorry. We don't test and support this vendor. You can try to have it 
working by yourself and then send PR to the docs (and maybe to the main 
codebase if something like new mapper is needed)" .

If it's some obscure old thing, we can just: "No sorry. We don't test 
and support this vendor. You can try to have it working by yourself "

If someone asks that vendor in the docs doesn't work we claim: "No 
sorry. We don't test and support this vendor. You can try to fix it by 
yourself and update docs or wait if someone else from community answers 
you" .

I also suppose that we will have nightly builds for the supported LDAP 
vendors (We already have them in jenkins, but we want to migrate to new 
testsuite and then hopefully move to Central CI). So in theory, if some 
community PR breaks some supported vendors, we can immediately identify 
and revert that change.


On 10/01/17 15:09, Stian Thorgersen wrote:
> My only worry would be that we get more and more questions about 
> various LDAP vendors as well as PRs that has to be reviewed. There's 
> also a fair chance that PRs for a vendor we don't support can impact 
> vendors we do support.
> I'd be happy with adding the section in the docs, but we should be 
> slightly careful about which vendors we list. They should be popular 
> vendors that we imagine we will potentially support at some point, 
> rather than obscure old things only used by a select few.
> On 10 January 2017 at 13:50, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>     We support and test just with few known LDAP server vendors. However
>     there are lots of questions from the community related to other
>     various
>     LDAP servers (eg. MSAD LDS, Samba4 AD, Novell eDirectory). There are
>     also some community contributions. For example we have the user,
>     who did
>     the integration with MSAD LDS and he contributed the
>     MSADLDSUserAccountControlStorageMapper for that.
>     I was thinking whether it's good to have community-driven
>     documentation
>     with the notes about how to integrate with various external LDAP
>     servers. We will just add the sub-chapter like "LDAP server vendors
>     specific configurations" to our LDAP documentation. At the
>     beginning, we
>     will add the Warning paragraph with the text like:
>     "These LDAP servers are not tested and officially supported by the
>     Keycloak team. It is all driven by the community. So be aware that
>     provided informations are not guaranteed to be 100% up-to-date."
>     And then paragraphs with the needed steps how to configure LDAP
>     StorageProvider and mappers when you want to integrate with the
>     particular LDAP vendor. For example something like this for MSAD LDS:
>     https://issues.jboss.org/browse/KEYCLOAK-4009?focusedCommentId=13333341&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13333341
>     <https://issues.jboss.org/browse/KEYCLOAK-4009?focusedCommentId=13333341&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13333341>
>     Marek
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>

More information about the keycloak-dev mailing list