3
votes

I installed Openldap in server and after that added the user into the ldap,below screen show show the added user through Apache Active Directory

enter image description here

Now in keycloak i added user federation as a openLdap and its connecting to ldap without any issue,but when i am trying to sync the user i am getting message

Success! Sync of users finished successfully. 0 imported users, 0 updated users

So no user import from ldap to keycloak ,below is the related ldap connection information in keycloak .

enter image description here

2

2 Answers

4
votes

Thanks to @EricLavault and one of company colleague at last Keycloak able to import the user successfully. Below changes i have done to fix the issue.

  1. Change the User Object Classes=*
  2. Created a new entry ou=People then created user under it
  3. In Keycloak used Users DN = ou=user,ou=people,dc=suredev20

After this its start throwing below exception

ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-1931) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: uid, user DN: cn=subodh123,ou=user,ou=People,dc=suredev20, attributes from LDAP: {sn=[joshi123], cn=[subodh123], createTimestamp=[20191118180647Z], modifyTimestamp=[20191118180647Z]}

Which is fixed by using Username LDAP attribute = cn as ldap username Attribute description in openldap case bydefault cn

3
votes

User entries are not stored correctly in your directory. In fact you shouldn't use cn=root as a container as it's supposed to represent the directory manager and should be used for binding and other operations but not for structuring your directory.

Instead, you should use the default user container (at least for OpenLDAP and Apache DS) that is ou=people,dc=suredev20, ie. you need to move cn=subodh

  • from cn=subodh,ou=user,cn=root,dc=suredev
  • to cn=subodh,ou=people,dc=suredev20

Also, in Keycloack you need to set users dn accordingly : ou=people,dc=suredev20 (you can try with ou=user,cn=root,dc=suredev without moving subodh entry but not recommended).