[LDAP] Listen on newly imported users

Hi,

I would like to implement an event listener, which will be activated by newly synced from LDAP.

I already implemented an event listener based on this tutorial: https://dev.to/adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-2044

Unfortunately, this basic event listener does not catch syncs from LDAP.

I just found the following in the logs:

INFO  [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync all users from LDAP to local store: realm: reha-plan, federation provider: test
INFO  [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync all users finished: 2 imported users, 0 updated users

My goal is to catch these events and perform an external API call.

Does someone have a suggestion on how to implement this use case?

Best regards
Max

Hi Max,

AFAICT there are no events fired after LDAP synchronization at the moment (KC 9.0.0). I’d try to implement a custom provider inheriting from LDAPStorageProviderFactory which overrides the org.keycloak.storage.ldap.LDAPStorageProviderFactory#syncImpl method. With this you can run your custom logic.

It might also be enough to override org.keycloak.storage.ldap.LDAPStorageProviderFactory#sync and org.keycloak.storage.ldap.LDAPStorageProviderFactory#syncSince.

Added KEYCLOAK-13195 Add event to signal the end of an synchronization run to track this.

Cheers,
Thomas

Hi Thomas,

thank you very much for the fast answer!

Do you know which maven dependency I have to include in my Java project in order to override the org.keycloak.storage.ldap.LDAPStorageProvider:snyc method?

Best regards,
Max

Hi,

Were you able to get this done?. I would like to do something similar.

Regards,
Ashish

Hi,

Unfortunately not. I implemented the sync job to LDAP on my own in a Spring Java Project by using the Keycloak library.

Regards,
Max

Thanks for replying. I have started doing something similar.

Regards,
Ashish