[keycloak-user] Apply group membership filter on ldap login

Marek Posolda mposolda at redhat.com
Tue Dec 8 06:37:23 EST 2015


For 1.8, I plan to add the custom LDAP filter for user searching, so you 
will have possibility to filter users found from LDAP by "memberOf" 
value or any other custom filter (so far, they are filtered just by 
objectClass ). More people asked for that already.

If you need it already for 1.7, you will need to create UserAttribute 
LDAP mapper for "memberOf" attribute and then write the custom auth flow 
extension as Bill mentioned.

Marek

On 08/12/15 00:14, Bill Burke wrote:
> You want to allow login only for users that belong to a specific group?
>    We don't have any nice way of doing that.  You'd have to write an auth
> flow extension.
>
> On 12/7/2015 2:48 PM, internet media wrote:
>> I am using keycloak 1.6.1.Final with Active Directory/LDAP. I am have
>> not seen any examples of authenticating users within a group membership
>> (memberOf). I also looked at the tests but no luck. Any help will be
>> appreciated. I just need to be able to set up a user federation using
>> ldap/AD and restrict only to users of a certain group.
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>



More information about the keycloak-user mailing list