I am trying to integrate LDAP Active Directory with Keycloak. I have been able to synchronize LDAP users using Custom User LDAP Filter that filters by LDAP attributes - (theAttribute=theValue). Is there a way/syntax to filter by groups? For example, say I have Active Directory group "My Group" and I want to synchronize to Keycloak only users in that group. What would be the search Custom User LDAP Filter?
1 Answers
10
votes
How about memberOf
? For example:
(&(objectCategory=Person)(sAMAccountName=*)(theAttribute=theValue)(memberOf=cn=My Group,dc=example,dc=com))
Please refer to RFC2254 "The String Representation of LDAP Search Filters" more details: