[keycloak-user] Strange behavior related to LDAP groups / subgroups

Matthias Anglade matthias.anglade at gmail.com
Tue May 7 09:30:56 EDT 2019


Hi,

We are currently trying to use an LDAP directory as a federation and we are
facing issues regarding groups.

First case, when we are trying to create a group using the API, is there a
way to specify a parent group to create it into ? As for now any group will
be created at the root of the federation group mapper (i.e the one given as
"LDAP Groups DN" parameter ?

Second case, when I create a structure with groups and subgroups, if some
groups have the same name then the membership will not be taken into
account even if the groups having the same name are in two distinct
subgroups.
Say I have the following structure :
grp 1
sub-grp1
sub-grp2
grp 2
sub-grp1
sub-grp3
If I have a user as member of all four sub groups then either grp1/sub-grp1
or grp2/sub-grp1
will be missing.

Any helps would be appreciated.

Yours,
-- 
Matthias


More information about the keycloak-user mailing list