0 Replies Latest reply on Nov 15, 2017 5:36 AM by Andy Bottle

    AD-LDS Integration with KeyCloak

    Andy Bottle Newbie



      I've been following the instructions posted in [KEYCLOAK-4009] Compatibility with AD LDS - JBoss Issue Tracker  but still I cannot import users from Microsoft Active Directory - Lightweight Directory Services (AD-LDS) into KeyCloak. No specific error is generated but it simply says "Sync all users finished: 0 imported users, 0 updated users".


      Below are the steps that have been followed on 2 completely different KeyCloak sites but to no avail.


      Could someone help me try to see where I am going wrong? We ideally want to map the UPN (userPrincipalName) attribute to the KeyCloak username attribute but even with the uid attribute, it is still not working.





      1. Add a new LDAP provider under "User Federation"
      2. Select "Other" as vendor
      3. Use the following attributes:
        • Username LDAP attribute: uid
        • RDN LDAP attribute: cn
        • UUID LDAP attribute: objectGUID
        • User Object Classes: person, organizationalPerson, user
      4. Click save and switch to "Mappers" tab
        • Open the "username" mapper and make sure uid is set as the LDAP attribute
        • Click the create button and add the "MSAD LDS User Account Controls" mapper
        • To add group or role mappings add the appropriate mapper and set "Role Object Classes" to group
        • Click "Save"