Resource Not Found on user with LDAP user federation (bug?)

Hi,

I’m trying to upgrade from 12.0.4 to 15.0.2 (or any later version) but I encounter a problem on any version <14.0.0 so far.
To summarize:

  • I installed keycloak 15.0.2 with the helm charts on my K8s.
  • I added the configuration for Active Directory user federation
  • I enabled “Import Users” and used Edit Mode “Unsync” for the user federation
    Then when I go the “Users” tab and I try to click on any ldap user it says “Resources not found”
    What I noticed is that when disabling “Import Users” and making the Edit Mode “READ_ONLY” it works well (but in my case it’s not an option).
    Also READ_ONLY mode with “Import Users” enabled still triggers the bug.
    Two things I noticed are:
    1/ When it doesn’t work the “user_id” keeps changing when doing a search for the same user multiple times
    2/ When it works (read_only + disable import_user) the user_id starts with “f:” when otherwise it doesn’t.

If anyone can help with this issue I would be really grateful since it blocks a lot of developpement behind.

Sincerely,

This is an old question for an old Keycloak version, but just last week we came across identical behaviour in Keycloak 19 & 20, so leaving the response here in case anybody lands here looking for answers,

To add to the problem description, after enabling DEBUG logging we’ve also noticed a line stating “Removed invalid user” mentioning the user for which the search was executed.
It turned out we had an error in ldap federation settings, “UUID LDAP attribute” was pointing to “entryUUID” which did not exist in our ldap provider. So, the synchronization allegedly went through fine, but then any user was considered invalid and removed (and resynced with a different id) upon searching / displaying user list. Due to different id of the user you couldn’t access the details and go the “Resources not found” page.
After changing that field to “uid” the problem went away.