[keycloak-user] Active Directory Realm question.

Marek Posolda mposolda at redhat.com
Thu Nov 6 07:28:18 EST 2014 

Maybe admin console can display count of inserted and updated users 
during sync. So it will display some message like:
"Sync successful! 34 users imported from LDAP and 12 users updated from 
LDAP during synchronization"

What do you think?

I've created JIRA for that https://issues.jboss.org/browse/KEYCLOAK-826 .

Marek

On 6.11.2014 00:52, Patrick V. Madden wrote:
> Thanks Marek,
>
> Much appreciated. One more note that is not critical but perhaps 
> relevant. Even without those Object Classes defined, the synchronize 
> all users result showed success. Now perhaps that means there was no 
> error. Not sure how you want to handle that but perhaps should check 
> for at least one result?
>
> Thanks again.
>
> *Patrick Madden*
> Principal Design Engineer
> *Tom Sawyer Software <http://www.tomsawyer.com/>*
> 1997 El Dorado Avenue
> Berkeley, CA 94707
>
> Cell: +1 (845) 416-4629 <callto:+1%20%28845%29%20416-4629>
> E-mail: pmadden at tomsawyer.com <mailto:pmadden at tomsawyer.com>
>
>
>
> ------------------------------------------------------------------------
> *From: *"Marek Posolda" <mposolda at redhat.com>
> *To: *"Patrick V. Madden" <pmadden at tomsawyer.com>
> *Cc: *"keycloack-users" <keycloak-user at lists.jboss.org>
> *Sent: *Wednesday, November 5, 2014 10:20:38 AM
> *Subject: *Re: [keycloak-user] Active Directory Realm question.
>
> yes, it makes sense to have Object classes mandatory in UI. I've fixed 
> it (also change the tooltip), will be available in next version.
>
> Thanks!
> Marek
>
> On 4.11.2014 22:38, Patrick V. Madden wrote:
>
>     Hi Marek,
>
>     Wow! I was about to give up and then I decided to try to enter
>     information into the field for User Object Classes. I was leaving
>     that blank as it shows not required and tip seems to indicate it
>     is for creating LDAP users via KeyCloak. I noticed in my LDAP
>     Browser that among many others, it had 4 rows named objectClass as
>     follows:
>
>     Attribute Name    Value
>     objectClass                top
>     objectClass                person
>     objectClass organizationalPerson
>     objectClass                user
>
>     Once I added these as "top,person,organizationalPerson,user" into
>     User Object Classes field in LDAP Provider Settings it worked!!!!
>
>     I was literally writing a response to say nope can't get it to
>     work. Divine intervention made me try one more thing.
>
>     This may be helpful to others.
>
>     Thanks for your help.
>
>     Patrick
>
>     ------------------------------------------------------------------------
>     *From: *"Marek Posolda" <mposolda at redhat.com>
>     *To: *"Patrick V. Madden" <pmadden at tomsawyer.com>,
>     "keycloack-users" <keycloak-user at lists.jboss.org>
>     *Sent: *Tuesday, November 4, 2014 1:58:31 PM
>     *Subject: *Re: [keycloak-user] Active Directory Realm question.
>
>     Hi,
>
>     after "Synchronize all users" you should be able to see all users
>     from LDAP, not just those which already authenticated in Keycloak.
>     For your LDAP tree, I believe that Base DN should be
>     "DC=acme,DC=com" and User DN should be
>     "OU=acmeUsers,DC=acme,DC=com" . Please let me know if it helps.
>
>     Marek
>
>     On 4.11.2014 14:58, Patrick V. Madden wrote:
>
>         Hi,
>
>         Hope this doesn't post twice....
>
>         I am running a local 1.0.4.Final build on my local machine to
>         do some testing.
>
>         I have a quick question regarding an Active Directory Realm
>         that I am trying to configure. I am able to successfully test
>         the connection and test authentication using Bind DN and Bind
>         Credential and Connection URL.
>
>         I can connect via an external LDAP browser using same
>         credential and browse the directory.
>
>         When I click Synchronize all users button it says it is
>         successful. However, when I go back to search page I get
>         nothing when I enter a username. When I click show all users
>         it shows nothing. I was hoping it would show me a list of all
>         users in the search tree based on my settings.
>
>         Lets assume my company is acme.com. When I look at browser it
>         shows:
>
>         RootDSE
>             +---DC=acme,DC=com
>                +---OU=acmeUsers
>          +---CN=John Doe
>          ---CN=Jane Doe
>          ---CN=Joe Blow
>
>         I want the users to be in OU=acmeUsers,DC=acme,DC=com
>
>         And yes OU=acmeUsers is what I need...
>
>         So what would I put in for Base DN and User DN Suffix to get
>         it to show a list of all users in the directory?
>
>         Or does it only show users that have logged into the Realm via
>         a web app?
>
>         Hope this makes sense.
>
>         Regards,
>
>         *Patrick Madden*
>         Principal Design Engineer
>         *Tom Sawyer Software <http://www.tomsawyer.com/>*
>         1997 El Dorado Avenue
>
>         Berkeley, CA 94707
>
>
>
>         Cell: +1 (845) 416-4629 <callto:+1%20%28845%29%20416-4629>
>         E-mail: pmadden at tomsawyer.com <mailto:pmadden at tomsawyer.com>
>
>
>
>
>         _______________________________________________
>         keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141106/03ae8fa6/attachment-0001.html

More information about the keycloak-user mailing list