How to configure keycloak if there are the same user logins in different LDAP servers with Kerberos integration?
We configured user federation: selected ldap provider, configured parameters, set the value of Username LDAP attribute
with sAMAccountName
, configured Kerberos integration. We got users with short logins (sAMAccountNames
). If we connect to another LDAP server that has the same short logins, we get “user exists” error.
We can solve the import problem if we use userPrincipalName
attribute in LDAP settings, but in this case end-to-end authorization with kerberos does not work correctly: users enter their sAMAccountNames
, keycloak can’t match them with userPrincipalNames
and send users to login window.
How can we solve the problem?
It is not allowed to change LDAP server settings.