We want our imported users to get assigned groups relative to our AD structure automatically.
Based on the OU path that comes with the imported user, but I am having trouble defining the parameters, and I am not sure it is even possible.
If it is to be done, I think it is using the âGroup-LDAP-mapperâ.
I tried but the users are not being put into the groups. So I assume that I am putting in the wrong parameters.
I will give you an example.
We have 3 IT levels
Level 1, level 2 and level 3
they are sorted in AD groups and the groups and users are imported using LDAP. But the users arenât assigned their respective groups from our AD.
And now I am trying to use a mapper to get them assigned. But I am not sure itâs the correct way.
This is as far as I know keycloak not possible out of the box, but I think that there is a way to do this with a custom plugin to extract the ou path of the user and map that to groups
You have to create one yourselves. I would probably start with an extension on the AbstractLDAPStorageMapperFactory. There are online resources how to build your own extension in keycloak.