I want to use keycloak to authenticate my users.
The user informations are stored in ldap (Active-Directory).
The configuration worked, the users got imported.
But my question is, why do they get imported ?
Whey does keycloak not pass the requests to ldap immediately ?
It’s dependent on the storage mode you use. By default, Keycloak imports the users, but it can be configured not to. See the storage mode documentation here: Server Administration Guide
Thank you very much, is there still some kind of caching if using this option?
When I change some group membership change does not change in the access token.