[keycloak-user] Obtain user from Keycloak admin API using LDAP_ID

Thomas Darimont thomas.darimont at googlemail.com
Thu Mar 17 07:32:15 EDT 2016

Hello Edgar,

I'd be also interesed in a way to do this.

Currently keycloak doesn't provide a mechanism to register additional rest
endpoints, however one could probably introduce a way to do so.
Dispatcher) ` seems to be the place where the major JAX-RS Resources are

I think this could be extended with an SPI to easily add custom Resources.
This resources could then use DI or manual Lookups to access the Keycloak


2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar at info.nl>:

> Hi,
> Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for
> us the unique ID of a user and not Keycloak’s internal user ID.
> However it seems that it is not possible to retrieve users based on the
> LDAP_ID attribute using the Keycloak admin API?
> There is:
> GET /admin/realms/{realm}/users/{id}
> but this uses the internal Keycloak user ID which we cannot use (if only
> because sometimes we wipe out the Keycloak database and re-import all users
> from MSAD/LDAP)
> and:
> GET /admin/realms/{realm}/users
> only allows searching on a very limited number of standard user attributes
> How should we go about solving this? Does it make sense to create a
> feature request in JIRA to extend the /users API endpoint to allow
> searching on arbitrary user attributes for example? Or is it feasible to
> add our own endpoint to Keycloak’s REST API perhaps?
> cheers
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160317/dacec47b/attachment.html 

More information about the keycloak-user mailing list