Unable to login using LDAP Imported User

Good Day,

I have been battling with setting up Keycloak for almost 2 weeks now, We do have a secure and complex environment so simple things took time to understand and figure out, I am now facing the last issue that I am unable to solve and hope for some guidance please.

I am trying to use authenticate to to a kubernetes cluster using OIDC and I am getting the following error : error: setup: authentication error: authcode-browser error: authentication error: authorization code flow error: oauth2 error: could not exchange the code and token: oauth2: “invalid_grant” “Code not valid”

We are running 2fa in our environment and I do get the 2fa prompt after accepting 2fa I get the above error.

When I setup a user and group manually within keycloak and try to log in using the keycloak credentials I am able to log in, so my issue is with ldap imported users only.

I am able to find and import my user as well as ldap groups. Keycloak is sitting behind a haproxy server. I am able to view the members of the imported ldap groups,however when I click on a user that was imported from ldap I get this error in the UI : Network response was not OK.

When I try to log in to the keycloak client account page with the ldap user the after accepting 2fa prompt the UI just keeps loading, however when I again use the the keycloak created user I can log in.

Not sure what to do next any advice will be highly appreciated.

Keycloak is running on it’s own VM and using postgress DB that I setup locally.

Not sure how to close this, But I got it working.

It looks like it’s a bug User deletion and recreating in local database when timeout in LDAP · Issue #9520 · keycloak/keycloak · GitHub

I changed UUID LDAP attribute from objectGUID to sAMAccountName