[keycloak-user] Suggestions and fix for e-directory user federation provider

Tomas Tikovsky tikovsky.tomas at gmail.com
Thu Nov 24 07:32:54 EST 2016

Hello everyone,

im using e-directory federation ldap provider and came to this bug
KEYCLOAK-3099 <https://issues.jboss.org/browse/KEYCLOAK-3099> as i was
experiencing the same problem.
e-Directory sends guid attribute as byte[] so it needs to be declared as
binary the same way as its done for activeDirectory.
Sending simple diff to fix this issue if you consider this as helpfull.

Novell was acquired by microfocus and their product has been renamed to
netIQ eDirectory so i incorporated that change as well.

Another thing i noted were 2 incorrect attribute mappings in administration

"username" -> "uid"
correct as long as users are enabled for linux (not default) otherwise cn.
So cn should work for more cases than uid.

"firstname" -> "cn"
wrong, should be "givenname"



More information about the keycloak-user mailing list