10

I'm using Keycloak and just setup some OpenLDAP. Importing from LDAP to Keycloak works fine. Even new registrations and updates to users are synced nicely. But I can't find any way to:

a) Export existing Keycloak users to LDAP
b) Linking existing Keycloak users to existing LDAP users

when users already exist in Keycloak, during import I get the following error:

23:56:39,507 WARN [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-22) User 'foo' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider 'ldap'

Any Ideas? Did I missed something obvious?

J4GD33P 51NGH
  • 630
  • 1
  • 8
  • 24
Tarion
  • 16,283
  • 13
  • 71
  • 107
  • 2
    IMHO Keycloak is not designated for this use case. Idea: use Keycloak admin API to dump all users and create missing users in LDAP manually with the custom script. Then LDAP will be in the good state for Keycloak. – Jan Garaj Dec 30 '18 at 17:08
  • 1
    Any new informations for this use case since the last 8 months? – liqSTAR Aug 21 '19 at 09:41

1 Answers1

0

To send users to LDAP please try to use options "Edit mode: Writable" and "Sync Registrations: ON" on ldap configuration page in Keycloak (User Federation->Ldap).

Piotr
  • 1