[keycloak-user] How to retrieve Organiational Unit from LDAP?

Marek Posolda mposolda at redhat.com
Fri Mar 31 02:44:40 EDT 2017 

Yes, I would likely create subclass of this one and override some 
method, so the attribute value is just your ou and not full DN. Just a 
note that LDAP Mapper SPI is unsupported and some method signatures can 
change in the future etc.

Marek

On 31/03/17 02:44, Celso Agra wrote:
> Maybe this class could help me to create a new Mapper:
>
> https://github.com/keycloak/keycloak/blob/94afba91a0d3f51021e036796c536747cc33796e/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java
>
> 2017-03-30 21:31 GMT-03:00 Celso Agra <celso.agra at gmail.com 
> <mailto:celso.agra at gmail.com>>:
>
>     Thanks Marek! For now, I'm using the (a) option!
>
>     But I think would be possible to implement an LDAP Mapper in the
>     future. just to get the "ou" info.
>     I'll take a look in the code and try to add a new Mapper Type.
>
>     Thanks again! This is a really great tool!
>
>     2017-03-30 16:33 GMT-03:00 Marek Posolda <mposolda at redhat.com
>     <mailto:mposolda at redhat.com>>:
>
>         There is no built-in support for this. However you can achieve
>         it by doing any of:
>
>         a) Map the LDAP_ENTRY_DN as attribute in your token and then
>         have some logic in your application (or whenever it is needed)
>         that will just parse name of the OU from the full DN.
>         b) Create the custom LDAP mapper, which will do the above.
>         Then it will be available in user attributes
>         c) Create protocol mapper, which will do the above. User
>         attribute will still contain just LDAP_ENTRY_DN, but you will
>         have claim in the token with the value of your OU.
>
>         I would personally go with (a) and handle it in your app if
>         possible. That's the easiest path IMO.
>
>         Marek
>
>
>         On 30/03/17 20:20, Celso Agra wrote:
>
>             Hi all,
>
>             I'd like to retrieve the organizational unit (ou) from
>             LDAP Mapper and set
>             this in the User Attributes.
>
>             When I get a user from LDAP, it set an attribute called
>             LDAP_ENTRY_DN, with
>             value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
>
>             So, I'd like to retrieve just the ou info "group", and set
>             this to the user
>             attribute.
>             Would be possible to do that? Is there some mapper type
>             just to retrieve
>             this information?
>
>             Best Regards,
>
>
>
>
>
>     -- 
>     ---
>     *Celso Agra*
>
>
>
>
> -- 
> ---
> *Celso Agra*

More information about the keycloak-user mailing list