User Federation Sync without Login

Hi,

we have a use case in our setup where we need to regularly import the users from an ldap source, but users should not be able to login using this source. Creating the users (with their attributes) in Keycloak is enough.

Is there a way to make this possible with the functionality in Keycloak? I know I can achieve this with an external script that sends the data via REST API, but I’m hoping to avoid that.

Thanks in advance for the advice!

I’m not sure what do you need so it’s only guess https://www.keycloak.org/docs/11.0/server_admin/#_user-storage-federation

Yes, I would like to use this, but only the import part. Using an LDAP server for storage federation will link the accounts to it as can be seen here:

Screenshot 2020-11-17 at 08.20.24

That means that when you try to login in the credentials are sent to the LDAP server for authentication. In this particular case I don’t want this to happen. It should not facilitate any logins, just import/create the accounts in Keycloak.