[keycloak-user] Synchronization Issue on Periodic Full Sync
Bill Burke
bburke at redhat.com
Tue Jan 10 10:43:38 EST 2017
Do you have a role mapper created in ldap config?
On 1/10/17 10:26 AM, Sumit Das wrote:
> Hi
>
> I have kept the "Periodic Full Sync" on during creation of an LDAP
> federation with an Active Directory instance. When I am creating a new
> user, the sync works and I am able to view the same user on the AD
> instance. But when I am creating any new role or group, the same is not
> reflected on the AD instance. I have refreshed the respective folders on
> the AD instance but still I am not able to view the updated Groups and
> Roles.
>
> But when I am assigning these roles or groups to any user, and then when
> the periodic sync triggers, at that moment I am able to view that
> respective Group or Role on the AD instance and the association with the
> user is also reflected.
>
> So newly created roles and groups are not reflected on the AD instance but
> when associated with a user, the syncing is reflected.
>
> Can you please guide me if I am doing something wrong or is this how the
> Keycloak LDAP Federation is supposed to work
>
More information about the keycloak-user
mailing list