[keycloak-user] Apply group membership filter on ldap login
Marek Posolda
mposolda at redhat.com
Tue Dec 8 06:37:23 EST 2015
For 1.8, I plan to add the custom LDAP filter for user searching, so you
will have possibility to filter users found from LDAP by "memberOf"
value or any other custom filter (so far, they are filtered just by
objectClass ). More people asked for that already.
If you need it already for 1.7, you will need to create UserAttribute
LDAP mapper for "memberOf" attribute and then write the custom auth flow
extension as Bill mentioned.
Marek
On 08/12/15 00:14, Bill Burke wrote:
> You want to allow login only for users that belong to a specific group?
> We don't have any nice way of doing that. You'd have to write an auth
> flow extension.
>
> On 12/7/2015 2:48 PM, internet media wrote:
>> I am using keycloak 1.6.1.Final with Active Directory/LDAP. I am have
>> not seen any examples of authenticating users within a group membership
>> (memberOf). I also looked at the tests but no luck. Any help will be
>> appreciated. I just need to be able to set up a user federation using
>> ldap/AD and restrict only to users of a certain group.
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
More information about the keycloak-user
mailing list