Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13729

ModelDuplicateException when LDAP with role-mapper is used and searching for the user for the 1st time


    • Workaround:
      Workaround Exists
    • Workaround Description:
      • After creating mapper in step 2, sync the roles with the button "Sync Roles to Keycloak" to avoid "lazy" syncing of roles later, which leads to this bug
    • Docs QE Status:
    • QE Status:


      1) Create LDAP provider against some LDAP server (EG. embedded ApacheDS used in the testsuite)

      2) Go to tab "Mappers" and create Role Mapper. Fill LDAP Roles DN to some DN with roles (EG. ou=RealmRoles,dc=keycloak,dc=org in case of embedded ApacheDS) and keep all other configuration options default

      3) Go to tab "Users" in the admin console and search for some LDAP user, which is mapped to any role (EG. jbrown in case of embedded ApacheDS)

      4) Go to tab "Role Mappings" . There is "Unexpected server error" shown in the admin console and the exception stacktrace in the log (as attached in file role-mapper-stacktrace.txt).

      This happen just when searching for some user for the 1st time, which is mapped to some LDAP role, which doesn't yet exists in the Keycloak. When searching this user (or other user) further, the issue doesn't exists anymore. Also there is not anything bad in the behaviour despite the error in the UI and the exception stacktrace. The role mappings are shown correctly in the Keycloak.

      There is also workaround, so this issue doesn't seem to be very big priority.

        Gliffy Diagrams


            Issue Links



                • Assignee:
                  mposolda Marek Posolda
                • Votes:
                  0 Vote for this issue
                  2 Start watching this issue


                  • Created: