Hi,
I never tried it myself, but this blog should provide you with the
correct attribute/filters:
Hi!
I tried connect freeipa to Keycloak. And hove some questions about attribute and
filters
I filled in this way:
* Username LDAP attribute uid
* RDN LDAP attribute uid
* UUID LDAP attribute uid
* User Object Classes memberOf
* Connection URL
ldap://ldap.example.com
* Users DN cn=users,cn=accounts,dc=example,dc=com
* Bind Type simple
Enable StartTLS (when set enable cant login)
* Bind DN uid=test,cn=users,cn=compat,dc=example,dc=com
* Bind Credential **********
Custom User LDAP Filter (memberOf=cn=users,cn=compat,dc=example,dc=com)
With this settings keycloak can connect to freeipa but cant sync any users
2020-04-01 13:20:26,810 INFO [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry]
(default task-29) Creating new LDAP Store for the LDAP storage provider:
'freeipa_dev', LDAP Configuration: {pagination=[true], fullSyncPeriod=[-1],
startTls=[false], connectionPooling=[true],
usersDn=[cn=users,cn=accounts,dc=example,dc=com], cachePolicy=[DEFAULT],
useKerberosForPasswordAuthentication=[false], importEnabled=[true], enabled=[true],
bindDn=[uid=admin,cn=users,cn=compat,dc=example,dc=com], changedSyncPeriod=[-1],
usernameLDAPAttribute=[uid], lastSync=[1585747226], vendor=[other],
uuidLDAPAttribute=[uid], allowKerberosAuthentication=[false],
connectionUrl=[ldap://ldap2.example.com], syncRegistrations=[true], authType=[simple],
customUserSearchFilter=[(memberOf=cn=users,cn=compat,dc=example,dc=com)], debug=[false],
searchScope=[1], useTruststoreSpi=[ldapsOnly], trustEmail=[false], priority=[0],
userObjectClasses=[memberOf], rdnLDAPAttribute=[uid], editMode=[READ_ONLY],
validatePasswordPoli
cy=[false], batchSizeForSync=[1000]}, binaryAttributes: []
2020-04-01 13:20:26,812 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory]
(default task-29) Sync all users from LDAP to local store: realm: example, federation
provider: freeipa_dev
2020-04-01 13:20:26,894 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory]
(default task-29) Sync all users finished: 0 imported users, 0 updated users
When try enable SSL/TLS get this error for connection
2020-04-01 13:23:26,179 ERROR [org.keycloak.services] (default task-40) KC-SERVICES0055:
Error when connecting to LDAP: null: java.lang.NullPointerException
How i can resolve this issue ?
thank you
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...