[keycloak-user] How to retrieve Organiational Unit from LDAP?
Marek Posolda
mposolda at redhat.com
Thu Mar 30 15:33:32 EDT 2017
There is no built-in support for this. However you can achieve it by
doing any of:
a) Map the LDAP_ENTRY_DN as attribute in your token and then have some
logic in your application (or whenever it is needed) that will just
parse name of the OU from the full DN.
b) Create the custom LDAP mapper, which will do the above. Then it will
be available in user attributes
c) Create protocol mapper, which will do the above. User attribute will
still contain just LDAP_ENTRY_DN, but you will have claim in the token
with the value of your OU.
I would personally go with (a) and handle it in your app if possible.
That's the easiest path IMO.
Marek
On 30/03/17 20:20, Celso Agra wrote:
> Hi all,
>
> I'd like to retrieve the organizational unit (ou) from LDAP Mapper and set
> this in the User Attributes.
>
> When I get a user from LDAP, it set an attribute called LDAP_ENTRY_DN, with
> value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
>
> So, I'd like to retrieve just the ou info "group", and set this to the user
> attribute.
> Would be possible to do that? Is there some mapper type just to retrieve
> this information?
>
> Best Regards,
>
More information about the keycloak-user
mailing list