[keycloak-user] How to configure new params and edit them with Keycloak and LDAP integration

Celso Agra celso.agra at gmail.com
Wed Mar 15 10:11:33 EDT 2017


Thanks Marek!

Problem was solved! I was using a wrong filter. So this is ok.

So, my problem for now is related to password. So, my LDAP is configured
with MD5 hash algorithm. So, would be possible keycloak set hash password,
for that? And how the application set the password in the LDAP repo?

Here is my error below when I try to change the password:

Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]

2017-03-15 10:52:58,541 WARN  [org.keycloak.events] (default task-14)
type=UPDATE_PASSWORD_ERROR, realmId=myRealm, clientId=teste-portal,
userId=b18dd5a7-3c60-4470-ab9c-ac0f00920b29, ipAddress=xxx.xxx.xxx.xx,
error=password_rejected, reason='Could not modify attribute for DN
[uid=xxxxxxx,dc=tt,dc=zz,dc=br]', auth_method=openid-connect,
custom_required_action=UPDATE_PASSWORD, response_type=code, redirect_uri=
http://127.0.0.1:8080/teste-portal/,
code_id=e5fd81e1-fde6-4b35-a08e-5fe5c982e416, username=xxxxxxx,
response_mode=query

Also, my LDAP doesn't have 'userPassword' attribute, and this not being set
by Keycloak. How set this attibute using keycloak register?

Thanks!



2017-03-14 16:47 GMT-03:00 Marek Posolda <mposolda at redhat.com>:

> On 14/03/17 18:50, Celso Agra wrote:
>
> Hi all,
>
> I saw an example about LDAP and Keycloak integration here
> <https://github.com/keycloak/keycloak/tree/master/examples/ldap>.
>
> So, it is running with ApacheDS LDAP server. I was thinking, would be
> possible run this integration with *slapd* tool? Also, I'm using schema
> instead of ldif structure. It could be a problem?
>
> This example is just a "quickstart" to quickly show LDAP in action. It
> uses ApacheDS just because it's Java based LDAP, which easily runs
> everywhere just by executing "mvn exec:java" without additional steps
> needed and without a need to install something at OS level etc.
>
> I never tried this example with slapd. I think the most things will work,
> but devil is in details, so not sure at 100%.
>
> Marek
>
>
> Thanks!
>
> 2017-03-10 10:40 GMT-03:00 Celso Agra <celso.agra at gmail.com>:
>
>> I'm using slapd.
>>
>> Here is the object classes that I'm using: top, inetOrgPerson, person,
>> organizationalPerson, phpgwAccount, shadowAccount
>>
>>
>> 2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>>
>>> This looks like bad LDAP mapping for username and UUID. Which LDAP are
>>> you using btv?
>>>
>>> Marek
>>>
>>>
>>> On 09/03/17 16:03, Celso Agra wrote:
>>>
>>> Hi,
>>>
>>> I solved this error, just removing the MSAD account controls, but now
>>> I'm getting a new error, when I finished my registration:
>>> here is the log:
>>>
>>> 2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
>>>> UT005023: Exception handling request to /auth/realms/myrealm/login-actions/required-action:
>>>> org.jboss.resteasy.spi.UnhandledException:
>>>> java.lang.NullPointerException
>>>>         at org.jboss.resteasy.core.ExceptionHandler.handleApplicationEx
>>>> ception(ExceptionHandler.java:76)
>>>>         at org.jboss.resteasy.core.ExceptionHandler.handleException(Exc
>>>> eptionHandler.java:212)
>>>>         at org.jboss.resteasy.core.SynchronousDispatcher.writeException
>>>> (SynchronousDispatcher.java:168)
>>>>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>>> nousDispatcher.java:411)
>>>>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>>> nousDispatcher.java:202)
>>>>         at org.jboss.resteasy.plugins.server.servlet.ServletContainerDi
>>>> spatcher.service(ServletContainerDispatcher.java:221)
>>>>         at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>>> her.service(HttpServletDispatcher.java:56)
>>>>         at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>>> her.service(HttpServletDispatcher.java:51)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>         at io.undertow.servlet.handlers.ServletHandler.handleRequest(Se
>>>> rvletHandler.java:85)
>>>>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>>> oFilter(FilterHandler.java:129)
>>>>         at org.keycloak.services.filters.KeycloakSessionServletFilter.d
>>>> oFilter(KeycloakSessionServletFilter.java:90)
>>>>         at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte
>>>> r.java:60)
>>>>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>>> oFilter(FilterHandler.java:131)
>>>>         at io.undertow.servlet.handlers.FilterHandler.handleRequest(Fil
>>>> terHandler.java:84)
>>>>         at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
>>>> dler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>>         at io.undertow.servlet.handlers.ServletDispatchingHandler.handl
>>>> eRequest(ServletDispatchingHandler.java:36)
>>>>         at org.wildfly.extension.undertow.security.SecurityContextAssoc
>>>> iationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>>> redicateHandler.java:43)
>>>>         at io.undertow.servlet.handlers.security.SSLInformationAssociat
>>>> ionHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>>         at io.undertow.servlet.handlers.security.ServletAuthenticationC
>>>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>>> redicateHandler.java:43)
>>>>         at io.undertow.security.handlers.AbstractConfidentialityHandler
>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>         at io.undertow.servlet.handlers.security.ServletConfidentiality
>>>> ConstraintHandler.handleRequest(ServletConfidentialityConstr
>>>> aintHandler.java:64)
>>>>         at io.undertow.security.handlers.AuthenticationMechanismsHandle
>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>         at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>>>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>>         at io.undertow.security.handlers.NotificationReceiverHandler.ha
>>>> ndleRequest(NotificationReceiverHandler.java:50)
>>>>         at io.undertow.security.handlers.AbstractSecurityContextAssocia
>>>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>>>> Handler.java:43)
>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>>> redicateHandler.java:43)
>>>>         at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>>>> ndler.handleRequest(JACCContextIdHandler.java:61)
>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>>> redicateHandler.java:43)
>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>>> redicateHandler.java:43)
>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>>>> stRequest(ServletInitialHandler.java:284)
>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>>>> equest(ServletInitialHandler.java:263)
>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>>>> 0(ServletInitialHandler.java:81)
>>>>         at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>>>> equest(ServletInitialHandler.java:174)
>>>>         at io.undertow.server.Connectors.executeRootHandler(Connectors.
>>>> java:202)
>>>>         at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>>>> ge.java:793)
>>>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>> Executor.java:1142)
>>>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>> lExecutor.java:617)
>>>>         at java.lang.Thread.run(Thread.java:745)
>>>> Caused by: java.lang.NullPointerException
>>>>         at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
>>>>         at org.keycloak.services.resources.LoginActionsService.initEven
>>>> t(LoginActionsService.java:815)
>>>>         at org.keycloak.services.resources.LoginActionsService.access$5
>>>> 00(LoginActionsService.java:88)
>>>>         at org.keycloak.services.resources.LoginActionsService$Checks.v
>>>> erifyRequiredAction(LoginActionsService.java:297)
>>>>         at org.keycloak.services.resources.LoginActionsService.processR
>>>> equireAction(LoginActionsService.java:853)
>>>>         at org.keycloak.services.resources.LoginActionsService.required
>>>> ActionGET(LoginActionsService.java:846)
>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>>> ssorImpl.java:62)
>>>>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>>> thodAccessorImpl.java:43)
>>>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>>>         at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInje
>>>> ctorImpl.java:139)
>>>>         at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>>>> (ResourceMethodInvoker.java:295)
>>>>         at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(Resourc
>>>> eMethodInvoker.java:249)
>>>>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge
>>>> tObject(ResourceLocatorInvoker.java:138)
>>>>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour
>>>> ceLocatorInvoker.java:101)
>>>>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>>> nousDispatcher.java:395)
>>>>         ... 37 more
>>>
>>>
>>>
>>>
>>>
>>> 2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra at gmail.com>:
>>>
>>>> Got it!
>>>>
>>>> But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using
>>>> the "Edit Mode" as WRITABLE, but I'm not setting this attribute.
>>>> Here is my attributes:
>>>>
>>>>> cn
>>>>> MSAD account controls
>>>>> cpf
>>>>> creation date
>>>>> email
>>>>> first name
>>>>> last name
>>>>> modify date
>>>>> phpgwAccountStatus
>>>>> username
>>>>
>>>>
>>>> Thanks!!
>>>>
>>>> Best Regards,
>>>>
>>>> Celso Agra
>>>>
>>>> 2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>> The error may indicate that you configured "pwdLastSet" attribute
>>>>> mapper in Keycloak to write into the LDAP, but it looks that writing this
>>>>> attribute is unsupported. Maybe switch this mapper to read-only will help?
>>>>>
>>>>> Marek
>>>>>
>>>>>
>>>>> On 08/03/17 15:29, Celso Agra wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I'm trying to configure KC with LDAP, but some errors are occurring.
>>>>>> First, I configured my LDAP to write in the LDAP server, but for some
>>>>>> reasons I got this error when I try to register an user:
>>>>>>
>>>>>> 2017-03-08 11:05:28,862 WARN  [org.keycloak.services] (default task-6)
>>>>>>
>>>>>>> KC-SERVICES0013: Failed authentication:
>>>>>>> org.keycloak.models.ModelException:
>>>>>>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,d
>>>>>>> c=aa]
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.i
>>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>>
>>>>>>> modifyAttributes(LDAPOperationManager.java:410)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.i
>>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>>
>>>>>>> modifyAttributes(LDAPOperationManager.java:104)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>>
>>>>>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.mappers.msad.
>>>>>>
>>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>>> edAction(
>>>>>>> MSADUserAccountControlMapper.java:235)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.mappers.msad.
>>>>>>
>>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>>> edAction(
>>>>>>> MSADUserAccountControlMapper.java:220)
>>>>>>>
>>>>>>          at org.keycloak.models.utils.User
>>>>>> ModelDelegate.addRequiredAction(
>>>>>>
>>>>>>> UserModelDelegate.java:112)
>>>>>>>
>>>>>>          at org.keycloak.authentication.forms.RegistrationPassword.
>>>>>>
>>>>>>> success(RegistrationPassword.java:101)
>>>>>>>
>>>>>>          at org.keycloak.authentication.Fo
>>>>>> rmAuthenticationFlow.processAction(
>>>>>>
>>>>>>> FormAuthenticationFlow.java:234)
>>>>>>>
>>>>>>          at org.keycloak.authentication.DefaultAuthenticationFlow.
>>>>>>
>>>>>>> processAction(DefaultAuthenticationFlow.java:76)
>>>>>>>
>>>>>>          at org.keycloak.authentication.AuthenticationProcessor.
>>>>>>
>>>>>>> authenticationAction(AuthenticationProcessor.java:759)
>>>>>>>
>>>>>>          at org.keycloak.services.resource
>>>>>> s.LoginActionsService.processFlow(
>>>>>>
>>>>>>> LoginActionsService.java:356)
>>>>>>>
>>>>>>          at org.keycloak.services.resources.LoginActionsService.
>>>>>>
>>>>>>> processRegistration(LoginActionsService.java:477)
>>>>>>>
>>>>>>          at org.keycloak.services.resources.LoginActionsService.
>>>>>>
>>>>>>> processRegister(LoginActionsService.java:535)
>>>>>>>
>>>>>>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>> Method)
>>>>>>
>>>>>>          at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>>>>
>>>>>>> NativeMethodAccessorImpl.java:62)
>>>>>>>
>>>>>>          at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>>>>
>>>>>>> DelegatingMethodAccessorImpl.java:43)
>>>>>>>
>>>>>>          at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>
>>>>>>          at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>>>>>
>>>>>>> MethodInjectorImpl.java:139)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.Resour
>>>>>> ceMethodInvoker.invokeOnTarget(
>>>>>>
>>>>>>> ResourceMethodInvoker.java:295)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>>>>>
>>>>>>> ResourceMethodInvoker.java:249)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>>>>>
>>>>>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>>>>>
>>>>>>> ResourceLocatorInvoker.java:101)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>>
>>>>>>> SynchronousDispatcher.java:395)
>>>>>>>
>>>>>>          at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>>
>>>>>>> SynchronousDispatcher.java:202)
>>>>>>>
>>>>>>          at org.jboss.resteasy.plugins.server.servlet.
>>>>>>
>>>>>>> ServletContainerDispatcher.service(ServletContainerDispatche
>>>>>>> r.java:221)
>>>>>>>
>>>>>>          at org.jboss.resteasy.plugins.server.servlet.
>>>>>>
>>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>>>
>>>>>>          at org.jboss.resteasy.plugins.server.servlet.
>>>>>>
>>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>>>
>>>>>>          at javax.servlet.http.HttpServlet
>>>>>> .service(HttpServlet.java:790)
>>>>>>
>>>>>>          at io.undertow.servlet.handlers.S
>>>>>> ervletHandler.handleRequest(
>>>>>>
>>>>>>> ServletHandler.java:85)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.F
>>>>>> ilterHandler$FilterChainImpl.
>>>>>>
>>>>>>> doFilter(FilterHandler.java:129)
>>>>>>>
>>>>>>          at org.keycloak.services.filters.
>>>>>> KeycloakSessionServletFilter.
>>>>>>
>>>>>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>>>>>
>>>>>>          at io.undertow.servlet.core.ManagedFilter.doFilter(
>>>>>>
>>>>>>> ManagedFilter.java:60)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.F
>>>>>> ilterHandler$FilterChainImpl.
>>>>>>
>>>>>>> doFilter(FilterHandler.java:131)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>>>>>
>>>>>>> FilterHandler.java:84)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.s
>>>>>> ecurity.ServletSecurityRoleHandler.
>>>>>>
>>>>>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>>>>>
>>>>>>> handleRequest(ServletDispatchingHandler.java:36)
>>>>>>>
>>>>>>          at org.wildfly.extension.undertow.security.
>>>>>>
>>>>>>> SecurityContextAssociationHandler.handleRequest(
>>>>>>> SecurityContextAssociationHandler.java:78)
>>>>>>>
>>>>>>          at io.undertow.server.handlers.Pr
>>>>>> edicateHandler.handleRequest(
>>>>>>
>>>>>>> PredicateHandler.java:43)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.security.
>>>>>>
>>>>>>> SSLInformationAssociationHandler.handleRequest(
>>>>>>> SSLInformationAssociationHandler.java:131)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.security.
>>>>>>
>>>>>>> ServletAuthenticationCallHandler.handleRequest(
>>>>>>> ServletAuthenticationCallHandler.java:57)
>>>>>>>
>>>>>>          at io.undertow.server.handlers.Pr
>>>>>> edicateHandler.handleRequest(
>>>>>>
>>>>>>> PredicateHandler.java:43)
>>>>>>>
>>>>>>          at io.undertow.security.handlers.
>>>>>> AbstractConfidentialityHandler
>>>>>>
>>>>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.security.
>>>>>>
>>>>>>> ServletConfidentialityConstraintHandler.handleRequest(
>>>>>>> ServletConfidentialityConstraintHandler.java:64)
>>>>>>>
>>>>>>          at io.undertow.security.handlers.
>>>>>> AuthenticationMechanismsHandle
>>>>>>
>>>>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.security.
>>>>>>
>>>>>>> CachedAuthenticatedSessionHandler.handleRequest(
>>>>>>> CachedAuthenticatedSessionHandler.java:77)
>>>>>>>
>>>>>>          at io.undertow.security.handlers.
>>>>>> NotificationReceiverHandler.
>>>>>>
>>>>>>> handleRequest(NotificationReceiverHandler.java:50)
>>>>>>>
>>>>>>          at io.undertow.security.handlers.
>>>>>> AbstractSecurityContextAssocia
>>>>>>
>>>>>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>>>>>> tionHandler.java:43)
>>>>>>>
>>>>>>          at io.undertow.server.handlers.Pr
>>>>>> edicateHandler.handleRequest(
>>>>>>
>>>>>>> PredicateHandler.java:43)
>>>>>>>
>>>>>>          at org.wildfly.extension.undertow.security.jacc.
>>>>>>
>>>>>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>>>
>>>>>>          at io.undertow.server.handlers.Pr
>>>>>> edicateHandler.handleRequest(
>>>>>>
>>>>>>> PredicateHandler.java:43)
>>>>>>>
>>>>>>          at io.undertow.server.handlers.Pr
>>>>>> edicateHandler.handleRequest(
>>>>>>
>>>>>>> PredicateHandler.java:43)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>>
>>>>>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>>
>>>>>>> dispatchRequest(ServletInitialHandler.java:263)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.S
>>>>>> ervletInitialHandler.access$
>>>>>>
>>>>>>> 000(ServletInitialHandler.java:81)
>>>>>>>
>>>>>>          at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>>>>>
>>>>>>> handleRequest(ServletInitialHandler.java:174)
>>>>>>>
>>>>>>          at io.undertow.server.Connectors.
>>>>>> executeRootHandler(Connectors.
>>>>>>
>>>>>>> java:202)
>>>>>>>
>>>>>>          at io.undertow.server.HttpServerExchange$1.run(
>>>>>>
>>>>>>> HttpServerExchange.java:793)
>>>>>>>
>>>>>>          at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>
>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>
>>>>>>          at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>
>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>
>>>>>>          at java.lang.Thread.run(Thread.java:745)
>>>>>>
>>>>>> Caused by: javax.naming.directory.Invalid
>>>>>> AttributeIdentifierException:
>>>>>>
>>>>>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined];
>>>>>>> remaining
>>>>>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>>>>>
>>>>>>          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>>>>>
>>>>>>          at com.sun.jndi.ldap.LdapCtx.proc
>>>>>> essReturnCode(LdapCtx.java:3082)
>>>>>>
>>>>>>          at com.sun.jndi.ldap.LdapCtx.proc
>>>>>> essReturnCode(LdapCtx.java:2888)
>>>>>>
>>>>>>          at com.sun.jndi.ldap.LdapCtx.c_mo
>>>>>> difyAttributes(LdapCtx.java:1475)
>>>>>>
>>>>>>          at com.sun.jndi.toolkit.ctx.Compo
>>>>>> nentDirContext.p_modifyAttributes(
>>>>>>
>>>>>>> ComponentDirContext.java:277)
>>>>>>>
>>>>>>          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>>
>>>>>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>>>>>
>>>>>>          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>>
>>>>>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>>>>>
>>>>>>          at javax.naming.directory.Initial
>>>>>> DirContext.modifyAttributes(
>>>>>>
>>>>>>> InitialDirContext.java:167)
>>>>>>>
>>>>>>          at javax.naming.directory.Initial
>>>>>> DirContext.modifyAttributes(
>>>>>>
>>>>>>> InitialDirContext.java:167)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>>
>>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>>
>>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>>
>>>>>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>>>>>
>>>>>>          at org.keycloak.federation.ldap.i
>>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>>
>>>>>>> modifyAttributes(LDAPOperationManager.java:402)
>>>>>>>
>>>>>>          ... 59 more
>>>>>>
>>>>>> 2017-03-08 11:05:28,865 WARN  [org.keycloak.events] (default task-6)
>>>>>>
>>>>>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal,
>>>>>>> userId=null,
>>>>>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>>>>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>>>>>> http://127.0.0.1:
>>>>>>> 8080/teste-portal/
>>>>>>>
>>>>>>
>>>>>> and then, I got this result in my ldap:
>>>>>>
>>>>>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>>>>>
>>>>>> givenName:: IA==
>>>>>>
>>>>>> uid: 11111111111
>>>>>>
>>>>>> objectClass: top
>>>>>>
>>>>>> objectClass: inetOrgPerson
>>>>>>
>>>>>> objectClass: person
>>>>>>
>>>>>> objectClass: organizationalPerson
>>>>>>
>>>>>> objectClass: phpgwAccount
>>>>>>
>>>>>> objectClass: shadowAccount
>>>>>>
>>>>>> sn:: IA==
>>>>>>
>>>>>> cn:: IA==
>>>>>>
>>>>>> structuralObjectClass: inetOrgPerson
>>>>>>
>>>>>> entryUUID: 07f0e7caxxxxxxxxxxx
>>>>>>
>>>>>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>>
>>>>>> createTimestamp: 20170308140529Z
>>>>>>
>>>>>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>>>>>
>>>>>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>>
>>>>>> modifyTimestamp: 20170308140529Z
>>>>>>
>>>>>>
>>>>>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
>>>>>> givenName as 'IA=='. It looks like some problem occurs in my
>>>>>> configuration.
>>>>>>
>>>>>> please, need help!!
>>>>>>
>>>>>>
>>>>>> Best Regards,
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> ---
>>>> *Celso Agra*
>>>>
>>>
>>>
>>>
>>> --
>>> ---
>>> *Celso Agra*
>>>
>>>
>>>
>>
>>
>> --
>> ---
>> *Celso Agra*
>>
>
>
>
> --
> ---
> *Celso Agra*
>
>
>


-- 
---
*Celso Agra*


More information about the keycloak-user mailing list