LDAP intro
- Data saved in directory structure
- Each record has "DN" (full distringuished name) and "RDN"
- Example DN: uid=john,ou=People,dc=keycloak,dc=org
- Example RDN: uid=john
- Every record can have attributes
- Records are constrained by schema. Each type of object (objectClass) can have just specified attributes.
LDAP Schema
- Pros: Allows data to be stored in standardized format
- Cons: It's not possible to store everything into LDAP
- Schema modifications possible, but then advantage of standardized format is lost.
RHSSO - supported LDAPs
- Microsoft Active Directory
- Red Hat Directory Server
RHSSO integration
- LDAP Federation provider
- Federation Mappers
- User Attribute Mapper
- Fullname Mapper
- Role mappings
- Group mappings
- MSAD mapper
Logging / Debugging
- In standalone.xml
- TRACE for category "org.keycloak.federation.ldap"
- Connection pool debugging
- -Dcom.sun.jndi.ldap.connect.pool.debug=fine
- -Dcom.sun.jndi.ldap.connect.pool.debug=all
- Latter is more verbose, but much more useful (Info about connection pool usage etc)