[keycloak-user] Group-Mapping

Marek Posolda mposolda at redhat.com
Tue May 22 03:28:42 EDT 2018


- You can try to manually clear the user cache in Keycloak admin 
console. If the users are correctly updated after clearing the cache, 
then you know it's the cache issue and you just need to tweak the cache. 
Otherwise it's not cache issue and it's related to LDAP mapper 
configuration.
- What's the edit mode of LDAP mapper? You need to use LDAP_ONLY or 
READ_ONLY, but not IMPORT. With IMPORT, the roles are retrieved just 
during very first sync.

Marek

On 10/05/18 14:48, Lahari Guntha wrote:
> Hi Simon,
>
>
> We have tried that. We updated the configuration of group DN in keycloak as ou=groups,dc=example,dc=com.
>
> But still the groups are not getting synced properly.
>
>
> May I know whether am missing any configuration any where else??
>
>
> Thanks and Regards,
>
> Lahari G
>
> ________________________________
> From: Simon Payne <simonpayne58 at gmail.com>
> Sent: 10 May 2018 14:44
> To: Lahari Guntha
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Group-Mapping
>
> Hi Lahari, i would suggest to try the LDAP group DN as ou=groups,dc=example,dc=com rather than  cn=testgroup,ou=groups,dc=example,dc=com
>
> here you need to specify the group tree.
>
> regards,
>
> Simon.
>
>
>
> On Mon, May 7, 2018 at 11:21 AM, Lahari Guntha <lahari.guntha at tcs.com<mailto:lahari.guntha at tcs.com>> wrote:
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list