[keycloak-user] Group-Mapping
Marek Posolda
mposolda at redhat.com
Tue May 22 03:28:42 EDT 2018
- You can try to manually clear the user cache in Keycloak admin
console. If the users are correctly updated after clearing the cache,
then you know it's the cache issue and you just need to tweak the cache.
Otherwise it's not cache issue and it's related to LDAP mapper
configuration.
- What's the edit mode of LDAP mapper? You need to use LDAP_ONLY or
READ_ONLY, but not IMPORT. With IMPORT, the roles are retrieved just
during very first sync.
Marek
On 10/05/18 14:48, Lahari Guntha wrote:
> Hi Simon,
>
>
> We have tried that. We updated the configuration of group DN in keycloak as ou=groups,dc=example,dc=com.
>
> But still the groups are not getting synced properly.
>
>
> May I know whether am missing any configuration any where else??
>
>
> Thanks and Regards,
>
> Lahari G
>
> ________________________________
> From: Simon Payne <simonpayne58 at gmail.com>
> Sent: 10 May 2018 14:44
> To: Lahari Guntha
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Group-Mapping
>
> Hi Lahari, i would suggest to try the LDAP group DN as ou=groups,dc=example,dc=com rather than cn=testgroup,ou=groups,dc=example,dc=com
>
> here you need to specify the group tree.
>
> regards,
>
> Simon.
>
>
>
> On Mon, May 7, 2018 at 11:21 AM, Lahari Guntha <lahari.guntha at tcs.com<mailto:lahari.guntha at tcs.com>> wrote:
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list