[keycloak-user] Can Keycloak simulate LDAP server?

Valerij Timofeev valerij.timofeev at gmail.com
Fri Oct 16 08:31:57 EDT 2015

I suppose that implementing LDAP server in Keycloak is not an option for RH
because there is already FreeIPA ;-)
But unfortunately 389-DS does not support PBKDF2 algorithm and as far as I
know there are no plans for that:
Are there any plans to make hash algorithms in Keycloak pluggable, in order
for example to ensure compatibility with FreeIPA and thus ease migration
- search for *passwordStorageScheme*

Instead of "exposing the whole LDAP server" would it be feasible for
Keycloak to implement SASL for using in LDAP servers instead?

Should I better ask these questions on the Keycloak developers list?


2015-10-15 12:42 GMT+02:00 Marek Posolda <mposolda at redhat.com>:

> In that case, I would likely use Keycloak with LDAP federation provider,
> which will point to some LDAP server in your environment. KC Federation
> provider needs to be declared with editMode "WRITABLE", so all users
> created through Keycloak will be synced to LDAP server as well including
> their password. Then the legacy product compatible just with LDAP will
> authenticate users against this LDAP server.
> Marek
> On 15/10/15 11:41, Valerij Timofeev wrote:
> Hi all,
> we are interested to know if it is possible to authenticate users of pure
> LDAP client against Keycloak?
> Why? We are planning to migrate legacy user storage to Keycloak and we'd
> like to avoid dead end if for example some product (e.g. SaaS) does not
> support user authentication against Keycloak, but does against standard
> LDAP server.
> If it is impossible, has anybody succeeded to implement reverted direction
> of user federation synchronization (all users data from Keycloak should be
> copied to a fresh LDAP server installation)?
> Answers to these questions may be decisive for the Keycloak usage in our
> organization.
> Thank you in advance
> Valerij Timofeev
> Software Engineer
> Trusted Shops GmbH
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151016/29721812/attachment.html 

More information about the keycloak-user mailing list