[keycloak-user] Renaming a user in Keycloak does not change the user's DN when using LDAP federation provider
Marek Posolda
mposolda at redhat.com
Tue Feb 23 03:09:10 EST 2016
Yes, feel free to create JIRA. You can link with your other bit similar
JIRA you already created for CN based on firstName + lastName.
However I don't know when we fix it (likely not earlier then in Keycloak
2.0) as renaming DN is not very trivial change and may have various
implications, so it would need to be properly tested.
Marek
On 22/02/16 17:08, Edgar Vonk - Info.nl wrote:
> Hi,
>
> Just checking if I have got this right. Our scenario is that we have set up an LDAP user federation from Keycloak to Active Directory. We map the username in Keycloak to the userPrincipalName attribute in MSAD.
>
> As is common the full DN in MSAD starts with the username. E.g. CN=edgar at info.nl,OU=Users,OU=Customers,DC=hf,DC=info,DC=nl
>
> Now when I change the username from Keycloak I see that the userPrincipalName attribute is updated, however the DN remains the same. If I look in the Keycloak source code it seems indeed that a user DN is only set once on creation of the user (LDAPUtils#addUserToLDAP).
>
> We would like renaming of the user in Keycloak to result in a renaming of the DN in MSAD/LDAP as well. Shall I create a JIRA feature request for this?
>
> cheers
>
> Edgar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list