Syncing the enabled attribute to LDAP Backend

ryan77627 · November 2, 2020, 6:19pm

Hello all! I am currently using Keycloak as my main authentication service for all of my services on my domain, using the LDAP Backend to sync users from Keycloak to LDAP so services that don’t have access to SAML or OpenID / wouldn’t make sense to add (services like IMAP and SMTP logins) can still use the federated logins. I’d like to sync the attribute set by the User enabled switch to the LDAP backend, but currently the LDAP backend will always overwrite the value set in the Keycloak DB. It’s the same issue as seen here. Is there anyway to have the Keycloak DB take precedence over the LDAP Backend?

It would make my workflow much easier than editing the LDAP users directly whenever I need to disable them without deleting them entirely.

pkadian · November 3, 2020, 4:18pm

Yes, You can do this using user federation in import users in Unsync mode which imoprt users once and will not update the user back in LDAP. But there is one drawback of this mode is that if you want to update users back in LDAP then you have to agian import users from keycloak DB to LDAP.

Topic		Replies	Views
How to import (sync) users from Active Directory as "disabled"? Configuring the server	1	1587	January 30, 2021
LDAP integration, link users to a group Getting advice	1	449	August 4, 2020
User federation LDAP filtering Getting advice admin-console , user-federation , ldap	0	1196	January 10, 2022
Ldap Periodic Changed users sync Configuring the server ldap	0	131	February 1, 2024
How to store “User Enabled” in LDAP with mappers Getting advice ldap	7	2900	March 23, 2021

Syncing the enabled attribute to LDAP Backend

Related Topics