Hello,
We are in a situation where we use LDAP for user federation from an existing AD that has a hierarchy of groups with multiple parent groups.
This is not supported by Keycloak (and might not be in a while). But it is important for our application to know the hierarchy for groups a user is part of.
Is there any recommended way to do this?
The solution that we came up with is to create a custom SPI that pulls the information we need from AD and puts it into a custom user attribute.
I have been assigned with the task of creating this SPI, and honestly I have no idea of where to start, and cant even get a minimal SPI to work properly.
At first I thought of using the existing LDAP connection from the default LDAP provider to grab the information we need from there, but our team decided to change course since the documentation in how to achieve this was lacking.
Our current approach is to create a LDAP provider that connects to AD and creates users with the information that we need. not much progress has been made.
Do you have any advice? Is there a standard recommended way to do this?