I am having the following issue - I have Keycloak instance running inside docker container and I have LDAP user federation defined. The LDAP connection with my active directory is working fine and all the information from the ActiveDirectory is visible from the Keycloak.
So far so good, but I have the following requirement - the Keycloak should NOT import users from ActiveDirectory but only use the information from the server. I saw that there is a configuration about that in the connection setting while configuring the LDAP connection - it is called “Import Users”. It is set to OFF but when I save the configuration each user from the ActiveDirectory is imported in the Users section in Keycloak.
My question is, could you tell me how to disable this import into Keycloak?
Basically, all I want is to have connection to the LDAP server and then when I make some authentication request to the Keycloak with some user details, the Keycloak should redirect the request to the LDAP server with the provided user details and check those details. Then appropiate status code should be returned if the user is either existing in the LDAP server or not.
Something more, the property of the LDAP connection Edit Mode is set to READ_ONLY.
Any help would be great!