[keycloak-user] Active Directory Realm question.
Patrick V. Madden
pmadden at tomsawyer.com
Tue Nov 4 16:38:40 EST 2014
Hi Marek,
Wow! I was about to give up and then I decided to try to enter information into the field for User Object Classes. I was leaving that blank as it shows not required and tip seems to indicate it is for creating LDAP users via KeyCloak. I noticed in my LDAP Browser that among many others, it had 4 rows named objectClass as follows:
Attribute Name Value
objectClass top
objectClass person
objectClass organizationalPerson
objectClass user
Once I added these as "top,person,organizationalPerson,user" into User Object Classes field in LDAP Provider Settings it worked!!!!
I was literally writing a response to say nope can't get it to work. Divine intervention made me try one more thing.
This may be helpful to others.
Thanks for your help.
Patrick
From: "Marek Posolda" <mposolda at redhat.com>
To: "Patrick V. Madden" <pmadden at tomsawyer.com>, "keycloack-users" <keycloak-user at lists.jboss.org>
Sent: Tuesday, November 4, 2014 1:58:31 PM
Subject: Re: [keycloak-user] Active Directory Realm question.
Hi,
after "Synchronize all users" you should be able to see all users from LDAP, not just those which already authenticated in Keycloak. For your LDAP tree, I believe that Base DN should be "DC=acme,DC=com" and User DN should be "OU=acmeUsers,DC=acme,DC=com" . Please let me know if it helps.
Marek
On 4.11.2014 14:58, Patrick V. Madden wrote:
Hi,
Hope this doesn't post twice....
I am running a local 1.0.4.Final build on my local machine to do some testing.
I have a quick question regarding an Active Directory Realm that I am trying to configure. I am able to successfully test the connection and test authentication using Bind DN and Bind Credential and Connection URL.
I can connect via an external LDAP browser using same credential and browse the directory.
When I click Synchronize all users button it says it is successful. However, when I go back to search page I get nothing when I enter a username. When I click show all users it shows nothing. I was hoping it would show me a list of all users in the search tree based on my settings.
Lets assume my company is acme.com. When I look at browser it shows:
RootDSE
+---DC=acme,DC=com
+---OU=acmeUsers
+---CN=John Doe
---CN=Jane Doe
---CN=Joe Blow
I want the users to be in OU=acmeUsers,DC=acme,DC=com
And yes OU=acmeUsers is what I need...
So what would I put in for Base DN and User DN Suffix to get it to show a list of all users in the directory?
Or does it only show users that have logged into the Realm via a web app?
Hope this makes sense.
Regards,
Patrick Madden
Principal Design Engineer
Tom Sawyer Software
1997 El Dorado Avenue
Berkeley, CA 94707
Cell: +1 (845) 416-4629
E-mail: pmadden@ tomsawyer.com
_______________________________________________
keycloak-user mailing list keycloak-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141104/c832abbb/attachment-0001.html
More information about the keycloak-user
mailing list