[keycloak-user] Obtain user from Keycloak admin API using LDAP_ID

Edgar Vonk - Info.nl Edgar at info.nl
Thu Mar 17 06:54:35 EDT 2016


Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique ID of a user and not Keycloak’s internal user ID.

However it seems that it is not possible to retrieve users based on the LDAP_ID attribute using the Keycloak admin API?

There is:

GET /admin/realms/{realm}/users/{id}

but this uses the internal Keycloak user ID which we cannot use (if only because sometimes we wipe out the Keycloak database and re-import all users from MSAD/LDAP)


GET /admin/realms/{realm}/users

only allows searching on a very limited number of standard user attributes

How should we go about solving this? Does it make sense to create a feature request in JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps?


More information about the keycloak-user mailing list