[keycloak-user] How to retrieve Organiational Unit from LDAP?

[Celso Agra]

Maybe this class could help me to create a new Mapper:

https://github.com/keycloak/keycloak/blob/94afba91a0d3f51021e036796c536747cc33796e/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java

2017-03-30 21:31 GMT-03:00 Celso Agra <celso.agra at gmail.com>:

> Thanks Marek! For now, I'm using the (a) option!
>
> But I think would be possible to implement an LDAP Mapper in the future.
> just to get the "ou" info.
> I'll take a look in the code and try to add a new Mapper Type.
>
> Thanks again! This is a really great tool!
>
> 2017-03-30 16:33 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>
>> There is no built-in support for this. However you can achieve it by
>> doing any of:
>>
>> a) Map the LDAP_ENTRY_DN as attribute in your token and then have some
>> logic in your application (or whenever it is needed) that will just parse
>> name of the OU from the full DN.
>> b) Create the custom LDAP mapper, which will do the above. Then it will
>> be available in user attributes
>> c) Create protocol mapper, which will do the above. User attribute will
>> still contain just LDAP_ENTRY_DN, but you will have claim in the token with
>> the value of your OU.
>>
>> I would personally go with (a) and handle it in your app if possible.
>> That's the easiest path IMO.
>>
>> Marek
>>
>>
>> On 30/03/17 20:20, Celso Agra wrote:
>>
>>> Hi all,
>>>
>>> I'd like to retrieve the organizational unit (ou) from LDAP Mapper and
>>> set
>>> this in the User Attributes.
>>>
>>> When I get a user from LDAP, it set an attribute called LDAP_ENTRY_DN,
>>> with
>>> value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
>>>
>>> So, I'd like to retrieve just the ou info "group", and set this to the
>>> user
>>> attribute.
>>> Would be possible to do that? Is there some mapper type just to retrieve
>>> this information?
>>>
>>> Best Regards,
>>>
>>>
>>
>
>
> --
> ---
> *Celso Agra*
>



-- 
---
*Celso Agra*