Users not being looked up in LDAP server


I’ve used the keycloak UI’s “User Federation … ldap” page to add a LDAP server to my keycloak system. The ‘add’ of this LDAP server entity completes without error. On the ldap page in the keycloak UI, I click on both ‘Test connection’ and ‘Test authentication’, and I see a green successful message in the keycloak UI; I also see (in Wireshark) the expected packets exchanged between the keycloak server and the openldap server. So I believe that the keycloak server can successfully communicate with the openldap server.

I want to test that user lookup is occurring successfully from the keycloak server to the openldap server. So, I’m using a GET on {{keycloak_host}}:8080/auth/admin/realms/master/users in Postman to retrieve the user records. I have one user defined in keycloak (‘admin’) and four users defined in my openldap server. When I execute {{keycloak_host}}:8080/auth/admin/realms/master/users, only the local ‘admin’ user is retrieved. I know that the keycloak server is not looking up users in the openldap server, because Wireshark shows no data exchanged between the keycloak server and the openldap server.

So, is there some integration piece I’m missing, in order to lookups to occur into the openldap server? Or, does {{keycloak_host}}:8080/auth/admin/realms/master/users not return records in the LDAP server?


When I created the LDAP instance, I selected the ‘Import Users’ : ‘Off’ option. I don’t need to use this option, in order for a GET on {{keycloak_host}}:8080/auth/admin/realms/master/users to see both local and LDAP users, do I?