Keycloak - Issues syncing users with LDAP

Asked 18/11, 2019 at 12:47 Answered 18/11, 2019 at 18:47

I installed Openldap in server and after that added the user into the ldap,below screen show show the added user through Apache Active Directory

Now in keycloak i added user federation as a openLdap and its connecting to ldap without any issue,but when i am trying to sync the user i am getting message

Success! Sync of users finished successfully. 0 imported users, 0 updated users

So no user import from ldap to keycloak ,below is the related ldap connection information in keycloak .

Cronus answered 18/11, 2019 at 12:47 Comment(0)

Thanks to @EricLavault and one of company colleague at last Keycloak able to import the user successfully. Below changes i have done to fix the issue.

Change the User Object Classes=*
Created a new entry ou=People then created user under it
In Keycloak used Users DN = ou=user,ou=people,dc=suredev20

After this its start throwing below exception

ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-1931) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: uid, user DN: cn=subodh123,ou=user,ou=People,dc=suredev20, attributes from LDAP: {sn=[joshi123], cn=[subodh123], createTimestamp=[20191118180647Z], modifyTimestamp=[20191118180647Z]}

Which is fixed by using Username LDAP attribute = cn as ldap username Attribute description in openldap case bydefault cn

Cronus answered 18/11, 2019 at 18:47 Comment(0)

User entries are not stored correctly in your directory. In fact you shouldn't use cn=root as a container as it's supposed to represent the directory manager and should be used for binding and other operations but not for structuring your directory.

Instead, you should use the default user container (at least for OpenLDAP and Apache DS) that is ou=people,dc=suredev20, ie. you need to move cn=subodh

from cn=subodh,ou=user,cn=root,dc=suredev
to cn=subodh,ou=people,dc=suredev20

Also, in Keycloack you need to set users dn accordingly : ou=people,dc=suredev20 (you can try with ou=user,cn=root,dc=suredev without moving subodh entry but not recommended).

Deherrera answered 18/11, 2019 at 17:45 Comment(5)

ou=user,cn=root,dc=suredev20 i tried but still no user import – Cronus 18/11, 2019 at 17:50

That's what I suspected, you need to keep cn=root,dc=suredev as a leaf entry and populate users elsewhere in the directory, eg. like suggested in ou=people,dc=suredev20 but not mandatory. – Deherrera 18/11, 2019 at 18:40

Will post what changes i have to done for this,one thing i have to ask how to assign any defult role/group to user imported to keycloak? – Cronus 18/11, 2019 at 18:42

@SubodhJoshi please help us with the answer, I am also getting the same error. – Acidfast 12/11, 2020 at 13:26

@MuddesirAhmed Whats your question? – Cronus 18/11, 2020 at 10:4

Recommended topics

Hot tags