[keycloak-dev] Incorrect parsing of GUID from eDirectory

[Sven-Torben Janus]

Hey all!

one of my customers wants to implement user federation with eDirectory as LDAP server in place. Everything works fine as long as "Import users" is deactivated.
When activating the import, users can no longer be imported. The import fails with the exception shown in https://issues.jboss.org/browse/KEYCLOAK-10942 when "UUID LDAP attribute" is set to "guid".
The exception seems to come from incorrect parsing of the guid attribute in LDAP. The guid attribute in eDirectory is binary, but is not parsed as such.

I have prepared a PR https://github.com/keycloak/keycloak/pull/6251 to fix this.

However, I am unsure about the current state of support for eDirectory. I have seen these PRs and tickets which indicate eDirectory is supported:

  *   https://github.com/keycloak/keycloak/pull/1154
  *   https://lists.jboss.org/pipermail/keycloak-user/2015-April/002023.html
I can also choose "Novell eDirectory" from the Vendor list, so I assume it is supported.

In contrast I see tickets like this one, where it states that it isn't supported.

  *   https://issues.jboss.org/browse/KEYCLOAK-3099 (btw: that seems to be the same issue as described in KEYCLOAK-10942)

And there has been a discussion around a similar (the same?) issue, years ago: https://lists.jboss.org/pipermail/keycloak-user/2016-November/008428.html

Can anyone please clarify on the current state of eDirectory support and whether my fix has a chance be released?

Regards
Sven-Torben

--
Sven-Torben Janus
Senior Software Architect (Dipl.-Inf.), iSAQB® CPSA-A

Conciso GmbH | Westfalendamm 251 | 44141 Dortmund

E sven-torben.janus at conciso.de
W https://conciso.de


Rechtlicher Hinweis/Legal notice:

Sitz der Gesellschaft/Registered Office: Dortmund
Amtsgericht/Trade Register: Dortmund, HRB 28364
Geschäftsführer/Managing Directors: Sebastian Neus, Dr. Georg Pietrek, Jens Trompeter