On Mon, Aug 26, 2019 at 02:17:29PM +0200, Ronald Wimmer via FreeIPA-users wrote:
On 26.08.19 09:26, Jakub Hrozek via FreeIPA-users wrote:
> [...]
> Sorry, it's not totally clear to me if all the attributes were mapped to
> mail by the KC installer or by your snippet?
The original config looked like it should after executing keycloak's
federation-sssd-setup.sh:
[domain section]
ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname,
telephoneNumber:telephoneNumber
[ifp]
user_attributes = +mail, +telephoneNumber, +givenname, +sn
OK, this is what I would have expected. Is it possible to enable
debugging and run the KC operation to see exactly what is being looked
up and what fails?
>
> > Does everything work if you remove the mappings?
>
> Unfortunately not. Only "mail" is mapped for an AD user. The other three
> attributes are not.
>
> Cheers,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...