Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13789

Unable to connect to LDAP when enabling StartTLS adding user federation

    Details

    • Steps to Reproduce:
      Hide
      1. Create an ldap server using the following guide: https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
      2. Start an instance of keycloak using docker:
        docker run -p 8080:8080 \
            -e KEYCLOAK_USER=user \
            -e KEYCLOAK_PASSWORD=password \
            -e KEYCLOAK_LOGLEVEL=ALL \
            -e ROOT_LOGLEVEL=ALL \
            -d jboss/keycloak
        
      3. Log into keycloak at localhost:8080
      4. Add a user federation:
        1. Vendor: Other
        2. Connection URL: {ldap server}
        3. Users DN: ou=users,dc=example,dc=com
        4. Bind Type: simple
        5. Enable StartTLS: On
        6. Bind DN: cn=admin,dc=example,dc=com
        7. Bind Credentials: {credentials}
      5. Save.

      Expected: should result in a successful connection
      Actual: connection fails

      Show
      Create an ldap server using the following guide: https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls Start an instance of keycloak using docker: docker run -p 8080:8080 \ -e KEYCLOAK_USER=user \ -e KEYCLOAK_PASSWORD=password \ -e KEYCLOAK_LOGLEVEL=ALL \ -e ROOT_LOGLEVEL=ALL \ -d jboss/keycloak Log into keycloak at localhost:8080 Add a user federation: Vendor: Other Connection URL: {ldap server} Users DN: ou=users,dc=example,dc=com Bind Type: simple Enable StartTLS: On Bind DN: cn=admin,dc=example,dc=com Bind Credentials: {credentials} Save. Expected: should result in a successful connection Actual: connection fails
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When adding a provider for user federation, I am unable to connect to the instance of ldap I have created when StartTLS is enabled. Testing the connection results in a failure. Connections over ssl and non-ssl with StartTLS disabled work without an issue. Confirmed that instance of ldap is capable of accepting connections on an insecure port while forcing StartTLS.

      Attached is the error I received. Essentially when looking at the logs produced by keycloak, I am getting a null pointer exception here. It is not clear what is null since this does not seem to occur when StartTLS is disabled. Is there anything I am missing when trying to use StartTLS? Any guidance would be greatly appreciated. Thank you

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                iankko Ján Lieskovský
                Reporter:
                pthelusma Pierre Thelusma
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: