[keycloak-user] ldap synch filtered by group membership
Marek Posolda
mposolda at redhat.com
Wed Sep 9 04:13:04 EDT 2015
You mean that only users from the group
"CN=Group,OU=Users,DC=company,DC=de" should be recognized by keycloak
and all other users from your LDAP, which are not members of that group,
should be ignored?
That should be doable by writing your own LDAPFederationMapper and
implement "beforeQuery" so that you add the condition for
"member=CN=Group,OU=Users,DC=company,DC=de" to the query. So you will
need to write your own code for it.
I am not sure if we should provide the functionality like this by
default in Keycloak, as your usecase seems to be quite uncommon to me.
Maybe I am wrong, but didn't here about similar usecase so far.
Marek
On 08/09/15 15:27, Kevin Hirschmann wrote:
>
> Hello,
>
> I want to synch from an active directory. But the selection should
>
> be limited to users which are members in a specific group.
>
> CN=Group, OU=Users,DC=company,DC=de gives no result.
>
> Is this possible? If so, which keycloak version supports this?
>
> Thx for your help.
>
> Kind regards
>
> Kevin Hirschmann
>
> HUEBINET Informationsmanagement GmbH & Co. KG
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH &
> Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken.
> Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über
> dieses Medium nicht ausgetauscht werden, da die Manipulation von
> E-Mails durch Dritte nicht ausgeschlossen werden kann.
>
> Email communication with HUEBINET Informationsmanagement GmbH & Co. KG
> is only intended to provide information of a general kind, and shall
> not be used for any statement with binding contents in respect to
> legal relations. It is not totally possible to prevent a third party
> from manipulating emails and email contents.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150909/0584229a/attachment.html
More information about the keycloak-user
mailing list