The following error occurs when creating a new user by the admin, or importing from an IDP.
I would expect that when syncRegistrations is set to off I can create users that do not exist in the directory.
13:58:25,743 WARN [org.keycloak.events] (default task-13) type=UPDATE_PROFILE_ERROR, realmId=dev, clientId=nmdb-dev, userId=null, ipAddress=127.0.0.1, error=invalid_user_credentials, identity_provider=oidc, auth_method=openid-connect, updated_email=dimiter.todorov@filtered, redirect_uri=https://ljpapi.todorov.ca/, identity_provider_identity=l00KWf8qPvd2AuwdNhRuRKq1HEM98WhqazYiLv2oSK8, code_id=WqDUHUgeJi7aI73auoPXNIZZE8KLGZQg6bJF4KTQ6Yk, authSessionParentId=ebae5b87-b8e2-4eca-87b0-48f401e79207, authSessionTabId=Hn28vurlLyE
14:01:33,913 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-15) Could not query server using DN [DC=FILTERED] and filter [(&(|FILTERED]: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03152973, problem 2001 (NO_OBJECT), data 0, best match of:
The federation config looks like:
{
"id": "92c32616-57a3-4062-96f1-cd2964d35766",
"name": "ldap-cihs",
"providerId": "ldap",
"providerType": "org.keycloak.storage.UserStorageProvider",
"parentId": "dev",
"config": {
"pagination": ["true"],
"fullSyncPeriod": ["604800"],
"usersDn": ["DC=mydomain"],
"connectionPooling": ["true"],
"cachePolicy": ["DEFAULT"],
"useKerberosForPasswordAuthentication": ["false"],
"importEnabled": ["true"],
"enabled": ["true"],
"bindCredential": ["**********"],
"changedSyncPeriod": ["86400"],
"bindDn": ["cn=srv.opsware.ad,OU=Tools and Automation,OU=SomeOU,DC=mydomain"],
"usernameLDAPAttribute": ["userPrincipalName"],
"lastSync": ["1582785704"],
"vendor": ["ad"],
"uuidLDAPAttribute": ["objectGUID"],
"connectionUrl": ["ldap://ldapglobal:3268"],
"allowKerberosAuthentication": ["false"],
"syncRegistrations": ["false"],
"authType": ["simple"],
"customUserSearchFilter": ["(|(memberOf=CN=NMDB_ADMINS,OU=TORCA,OU=Tools and Automation,OU=SomeOU,DC=mydomain)(memberOf=CN=TORCA_ALL_USERS,OU=TORCA,OU=Tools and Automation,OU=SomeOU,DC=mydomain)(memberOf=CN=NMDB_READERS,OU=TORCA,OU=Tools and Automation,OU=SomeOU,DC=mydomain)(memberOf=CN=NMDB_WRITERS,OU=TORCA,OU=Tools and Automation,OU=SomeOU,DC=mydomain))"],
"debug": ["false"],
"searchScope": ["2"],
"useTruststoreSpi": ["ldapsOnly"],
"priority": ["0"],
"trustEmail": ["true"],
"userObjectClasses": ["person, organizationalPerson, user"],
"rdnLDAPAttribute": ["cn"],
"editMode": ["READ_ONLY"],
"validatePasswordPolicy": ["false"],
"batchSizeForSync": ["1000"]
}
}