0

How to configure keycloak if there are the same user logins in different LDAP servers with Kerberos integration? We configured user federation: selected ldap provider, configured parameters, set the value of Username LDAP attribute with sAMAccountName, configured Kerberos integration. We got users with short logins (sAMAccountNames). If we connect to another LDAP server that has the same short logins, we get “user exists” error.

We can solve the import problem if we use userPrincipalName attribute in LDAP settings, but in this case end-to-end authorization with kerberos does not work correctly: users enter their sAMAccountNames, keycloak can’t match them with userPrincipalNames and send users to login window. How can we solve the problem? It is not allowed to change LDAP server settings.

Related questions
6
Use cURL with Kerberos to auth on Keycloak
4
Keycloak Custom User Federation and Identity Provider Working Order
7
How does Keycloak use the LDAP attributes defined in User Federation?
Load 1 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.