[keycloak-user] ldap federation working | test connection / authentication buttons failing
cedric@couralet.eu
cedric at couralet.eu
Fri Jul 5 03:56:46 EDT 2019
Hi, sorry for the stupid question, but did you change the hostname for the keycloak server (instead of <keycloak>) ?
That log would mean your browser can't connect to you keycloak, this would be really strange considering you access the admin interface.
Also that request needs some context (auth,...) so it is easier to click on the button with the developpers tools opened and see what is the response.
Cédric
Le Vendredi, Juillet 05, 2019 09:52 CEST, mj <lists at merit.unu.edu> a écrit:
> Hi Cédric,
>
> I edited the request for our installation, and the browser dev tools said:
>
> > Error loading this URI: Could not load the source for https://<keycloak>/auth/admin/realms/OUR_REALM/testLDAPConnection.
> > [Exception... "Component returned failure code: 0x80470002 (NS_BASE_STREAM_CLOSED) [nsIInputStream.available]" nsresult: "0x80470002 (NS_BASE_STREAM_CLOSED)" location: "JS frame :: resource://devtools/shared/DevToolsUtils.js :: onResponse :: line 555" data: no]
> > Stack: onResponse at resource://devtools/shared/DevToolsUtils.js:555:34
> > onStopRequest at resource://gre/modules/NetUtil.jsm:123:17
> > Line: 555, column: 0
>
> Does the above mean anything to you..?
>
> We appreciated your response, many thanks!
>
> MJ
>
> On 7/4/19 1:50 PM, cedric at couralet.eu wrote:
> > Le Jeudi, Juillet 04, 2019 12:52 CEST, mj <lists at merit.unu.edu> a écrit:
> >
> >> Hi,
> >>
> >> Off list, someone asked me to check if ldap://127.0.0.1:389 would work
> >> better than ldap://localhost:389, but it doesn't.
> >>
> >> But I am now also trying to fill in actual remote ldap servers, and they
> >> also don't work. Again nothing at all logged in server.log
> >>
> >> Do the test buttons work for others here?
> >
> > Hello,
> >
> > It works for me with keycloak 6.0.1.
> > The button sends a request to https://<keycloak>/auth/admin/realms/<realm>/testLDAPConnection, can you try examining the response you have with this request (in the browser dev tools for instance) ?
> >
> > Regards,
> > Cédric Couralet
> >
> >
> >
> >> MJ
> >
> >
> >
> >>
> >> On 7/3/19 10:55 AM, mj wrote:
> >>> Hi,
> >>>
> >>> Keycloak 6.0.1, LDAP federation is working, users can logon and are
> >>> updated automatically regularly from ldap:
> >>>
> >>>> 2019-07-02 17:39:49,761 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from LDAP to local store: realm: our_realm, federation provider: our_realm-ad, last sync time: Mon Jul 01 17:39:43 CEST > 2019-07-02 17:39:50,067 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users finished: 3 imported users, 22 updated users
> >>>
> >>> In keycloak, the configured ldap uri is ldap://localhost:389, where a
> >>> haproxy instance is listening that talks ldaps to our DCs.
> >>>
> >>> The 'problem': in the keycloak GUI, the buttons 'Test authentication'
> >>> and 'Test connection' do not work:
> >>>
> >>> "Error! Error when trying to connect to LDAP. See server.log for details."
> >>>
> >>> But nothing logged in server.log, and haproxy does not even log a
> >>> connection attempt at all.
> >>>
> >>> Anyone else seeing this..?
> >>>
> >>> MJ
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
More information about the keycloak-user
mailing list