Hi everyone, we have configured the authentication in our application using keycloak which imports the users and credentials from LDAP . There are only around 1k registered users in LDAP server, but when we are checking in keycloak USER_ENTITY table, there are more than 1 lakh records. This is clearly not in sync. We checked in the table but the ids and usernames are unique as well. How to solve this issue? And what might be the root cause of the issue
In your User Federation settings, under LDAP settings, there is a two options:
-
Sync all users manually:
-
Setup periodical sync:
users syncing is not a problem. the number of users should actually be less than 10k in both LDAP and keycloak. Somehow , the number of users in keycloak(USER_ENTITY table) is highly inflated(more than 1 lakh), where there are only less than 10k users registered in LDAP. how can we check on what basis the keycloak is importing users and why this much of increase is there.
check Users DN settings are you referencing good location of users:
ou=users,dc=example,dc=com
If there are more users in Keycloak than in your LDAP, you won’t be able to determine this from the configuration only.
Try to make a diff between usernames of your LDAP users and Keycloak users. Then, examine the difference (should be the additional users from KC, not in LDAP), from where they might originate.
Do these users have a federation link set? If yes, where does it point to? If the target is the LDAP, then they just had to be existed in the LDAP at least once as they are available. Keycloak doesn’t create fake users or users that don’t exist. There must be reason/root cause somewhere. You will have to investigate manually!