I have a keycloak instance wherein I am using an venerable commercial LDAP server (not on the official supported list) as a user data store. I can configure the group mapper to retrieve groups but so far I have failed to retrieve group members. The group OU defines the groups using object class groupOfUniqueNames and individual group members with attribute uniqueMember. For example I might have a group “cn=billing,ou=Departments,dc=company,dc=com” which contains
uniqueMember uid=adam,ou=People,dc=company,dc=com
uniqueMember uid=betty,ou=People,dc=company,dc=com
uniqueMember uid=colin,ou=People,dc=company,dc=com
but so far I have not been able to find a way to get the group mapper to recognize the users in the group.
It appears keycloak is only recognizing Member or MemberOf attributes despite various attempts to define the additional object classes and attributes in the group mapper configuration.
A maual ldapsearch command with (&(objectclass=groupofuniquenames)(uniqueMember=*)) returns a list of group members but adding something similar to the group mapper definition does not help.
I have found other reports of similar behavior (eg when using Tivoli Directory Server) but no working solution.
Can anyone suggest a possible fix or direct me to the ldap provider code that might be modified to handle our particular server?