Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            User Federation with Active Directory / LDAP

            Created by Tass Skoudros, Modified on Fri, 11 Nov, 2022 at 9:48 AM by Tass Skoudros

            Click on ‘User Federation’ on the left pane to navigate to the user federation window. Select ‘LDAP’ from the drop-down selector to navigate further.

            In the ‘Add user storage provider’ window, there is a lot to fill up. Let go through them one by one. 

            1. Select ‘Active Directory’ as the vendor to fill the fields ‘Username LDAP attribute’, ‘RDN LDAP attribute’, ‘UUID LDAP attribute’ and ‘User Object classes’ automatically.
            2. As the connection url, use ‘ldap://’ or ‘ldaps://’ followed by domain name. Click on ‘test connection’ to see if the LDAP connection works. 
            3. Type ‘dsquery user -name ’ followed by the administrator’s name to get the ‘Bind DN’ and ‘Users DN’. Use the administrator password as the ‘Bind Credentials’ and click ‘Test Authentication’ to check whether it is correct.
            • Bind DN in below example is “CN=Administrator,CN=Users,DC=dhruv,DC=demo" 
            • Users DN in below example is “CN=Users,DC=dhruv,DC=demo”

            1. Enter if any custom user LDAP filter is required. 
            2. Periodic full and changed user sync of LDAP users to Keyclock can be enabled from sync settings. 
            3. Click on save and execute to sync users button.

            Add Group to Keyclock Group sync mapper

            1. Provide the LDAP Groups DN to sync the groups.
            2. Groups DN is “OU=Groups,DC=dhruv,DC=demo” in the below example

            1. The rest of the fields can be left default and customisable based on the need.
            2. Once saved, you need to see a new button enabled to perform sync groups from AD to Keycloak.

            Add Group to Keycloak Role Sync Mapper 

            1. Provide the Role Groups DN to sync the groups.

            1. Groups DN is “OU=Roles,DC=dhruv,DC=demo” in the below example Rest of the fields can be left default and customisable based on the need. 
            2. Once saved you will see a new button to perform role sync to keycloak from AD.

            Post Validations

            Check user sync is completed successfully by verifying the password provided by an Active directory user.

            • Perform login with Active Directory User and verify that you are able to login

            • Verify the AD groups are synced as Keycloak Groups or Roles based on the mapper chosen

            In Active Directory

            Attachments (17)

            png

            635d359d29302.png
            235 KB
            png

            635d359e1621c.png
            120 KB
            png

            635d359ecdc12.png
            435 KB
            png

            635d359fc628a.png
            152 KB
            png

            635d35a0a2885.png
            117 KB
            png

            635d35a16480a.png
            142 KB
            png

            635d35a22f512.png
            256 KB
            png

            635d35a30d042.png
            115 KB
            png

            635d35a3d2670.png
            142 KB
            png

            635d35a49db74.png
            214 KB
            png

            635d35a59050d.png
            15.7 KB
            png

            635d35a61d9dd.png
            172 KB
            png

            635d35a6db808.png
            51.6 KB
            png

            635d35a777d0e.png
            97 KB
            png

            635d35a83c704.png
            138 KB
            png

            635d35a905f2c.png
            377 KB
            png

            635d35aa0401f.png
            372 KB

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0