[keycloak-user] LDAP configuration
Ayrton Araújo
ayrton at ubuntu.com
Mon Jun 8 15:58:19 EDT 2015
Okay,
as your suggestion I changed to the complete DN, but now I get this:
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501:
Could not query IdentityType using query
[org.picketlink.idm.query.internal.D
efaultIdentityQuery at 69d4fcb8].
at
org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:236)
at
org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:190)
... 57 more
Caused by: org.picketlink.idm.IdentityManagementException: Could not
populate attribute type org.picketlink.idm.model.basic.User at 8665a20.
at
org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:815)
at
org.picketlink.idm.ldap.internal.LDAPIdentityStore.populateAttributedType(LDAPIdentityStore.java:682)
at
org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231)
... 58 more
Caused by: java.lang.NullPointerException
Em quinta-feira, 21 de maio de 2015, Marek Posolda <mposolda at redhat.com>
escreveu:
> On 20.5.2015 22:00, Ayrton Araújo wrote:
>
> I'm trying do add a new user federation provider for integrate keycloak
> with a ldap server.
>
> The parameters:
> Console display name -> Active Directory
> Priority -> 0
> Edit Mode -> READ_ONLY
> Sync Registrations -> OFF
> Vendor -> Active Directory
> Username LDAP attribute -> sAMAccountName
> User Object Classes -> person, organizationPerson, user
> Connection URL -> ldap://dom.example.com:389
> Base DN -> DC=dom,DC=example,DC=com
> User DN Suffix -> CN=Users
> Bind DN -> CN=Keycloak.LDAP;CN=Users;DC=dom,DC=example,DC=com
> Bind Credential -> ********
> Connection pooling -> ON
> Pagination -> ON
> Enable Account After Password Update -> OFF
> Batch Size -> 100
> Periodic Full Sync -> OFF
> Periodic changed users sync -> ON
> Changed users sync period -> 86400
>
> I tried change User DN Suffix to only Users, but it not works. The log
> always saying:
> LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012
> (DIR_ERROR)
> And it says this when it tries to parse the User DN Suffix.
>
> Currently "User DN Suffix" is supposed to contain whole DN. So in your
> case it should be probably something like: CN=Users,DC=dom,DC=example,DC=com
>
> I agree that name of the parameter "User DN Suffix" is misleading. It will
> be improved in next version ( 1.3.0.Beta1 ) and also it will be possible to
> configure more User DNs to search for users.
>
> Marek
>
>
> Theres something wrong with my conf?
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.org <javascript:_e(%7B%7D,'cvml','keycloak-user at lists.jboss.org');>https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
--
Ayrton Araújo
"If you can tell the false from the true you are already a scientist."
--
http://ayr-ton.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150608/8286b9b5/attachment-0001.html
More information about the keycloak-user
mailing list