Link User LDAP and Groups LDAP into one

Hi,

my setting is the following, with these two federation providers:

  • User LDAP (contains only basic user infos)
  • Groups LDAP (contains groups with users having memberOf attributes set. user ids are the same as in User LDAP)

How can i configure Keycloak to perform a groups lookup in my secondary “Groups LDAP” so that it links the groups to the Users defined in the primary User LDAP?

I successfully imported users from the User LDAP into Keycloak and I setup another Federation Provider to retrieve the groups as well. Whats missing is the linking of both User Federation Provider to work with each other. I tried mapping them, but on import it says:

15:42:55,176 WARN [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-33) User 'Testuser' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider 'ldap-group-store'

How can I link those two Federation Providers/LDAPs?

1 Like

Hi,
I am also interested in this.
Any hints on how to do that would be very much appreciated!