Email already exists


I have 2 LDAP servers that sync into kc, Users and Customers.
Sometimes a Customer becomes a User (without being removed from the Customer db) so when they try to login, they get an error during login: Email already exists.
Log error: 2024-03-22 14:00:44,419 ERROR [] (executor-thread-19518) KC-SERVICES0024: : org.keycloak.models.ModelDuplicateException: Can't import user 'user42221' from LDAP because email '' already exists in Keycloak. Existing user with this email is 'customer42221'

I usually circumvent this by clearing the cache for the Customer Federation bucket but I was hoping for a more permanent solution. I was hoping that the sync that happens in keycloak would not pull records with an email that already exists.

Thanks in advance.

You have 2 options:

  • Use the same Realm and implement specific client roles: for each oath client you’d have different roles and then you’d be able to distinguish between B2C users and B2E users (Ldap users). In this case you have to authenticate with different clients for each use case.
  • Implement separate Realms one for B2C (customers) and one for B2E.

Im using the second approach.