Link User LDAP and Groups LDAP into one

Hi,

my setting is the following, with these two federation providers:

  • User LDAP (contains only basic user infos)
  • Groups LDAP (contains groups with users having memberOf attributes set. user ids are the same as in User LDAP)

How can i configure Keycloak to perform a groups lookup in my secondary “Groups LDAP” so that it links the groups to the Users defined in the primary User LDAP?

I successfully imported users from the User LDAP into Keycloak and I setup another Federation Provider to retrieve the groups as well. Whats missing is the linking of both User Federation Provider to work with each other. I tried mapping them, but on import it says:

15:42:55,176 WARN [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-33) User 'Testuser' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider 'ldap-group-store'

How can I link those two Federation Providers/LDAPs?

1 Like

Hi,
I am also interested in this.
Any hints on how to do that would be very much appreciated!

It is not done this way. Go to your ldap user federation provider. Under it’s “mapping” tab you need to add a mapper for group and configure it so that it can find groups by memberOf atttribute - it will then automatically sync the groups that any of the users are a member of that are under the group dn that you specify on this tab.