Hello,
is there any chance that Keycloak will be expanded in the future to include a built-in LDAP server?
I’ve looked at several publicly available LDAP solutions, and to summarize:
using an external LDAP server complicates the infrastructure you need to set up to create a simple authorization system with central account management capabilities
using an external LDAP server forces us to use two different panels to manage accounts in one and configure keycloak operation in the other
existing LDAP servers are mostly so simple that they don’t have a meaningful management panel built in, which further complicates configuration and adds more dependencies that need to be updated separately in the future
At this point, using an LDAP provider and Keycloak is over-engineering
Well, an ldap server is not a requirement for keycloak, it has a working internal user storage. The LDAP federation is meant more for cases where there is an existing LDAP infrastructure already.
Well, running a ldapserver is not too complicated (in a simple scenario, just start a suitable docker image, e.g. the osixia/openldap one) and you could manage the users via keycloak if you configure the federation as read-write.
But as LDAP is much more than just user-managment, then either the integration into keycloak would be quite heavy or would only serve a subset of ldap. So for any real production load running things separatly is the better choice.