Dears,
I am trying to set up my local keycloak with two different user providers.
One AD and one LDAP.
I would like to be able to let users login with the email address and either password (ad or ldap).
For doing so i try to:
disable “Login with email” in the login-settings of the realms.
set up for LDAP:
priority: 0
Username LDAP attribute: mail
RDN LDAP attribute: mail
UUID LDAP attribute: mail
Import Users: off
mapping Username: mail
set up for AD:
priority: 1
Username LDAP attribute: userPrincipalName
RDN LDAP attribute: userPrincipalName
UUID LDAP attribute: userPrincipalName
Import Users: off
mapping Username: userPrincipalName
I can login with email with LDAP. If i try the same with the AD password i will be promped to wrong password.
I need to disable LDAP user provider, then AD starts to work.
Is there a way to establish a cascade mechanism, so if the first provider fails, and attempt with the second one is fired up with the same username - email in my case?