• Docs QE Status:
    • QE Status:


      I have setup user federation with a OpenLDAP (bi-directional sync) that has users that need the "posixAccount" class. When I create a new user on Keycloak it fails due to missing mandatory fields (e.g., uidNumber, gidNumber, etc.) I used a LDAP hardcoded attribute mapper as a workaround (as if it was a default value) but that means that those attributes aren't updatable on Keycloak. If I set a normal LDAP attribute mapper with the mandatory option enabled, the default value of a whitespace does not work.

      I have had a quick look through Keycloak code and I think I can implement functionality that would allow the administrative user to add a default value for mandatory attributes in the normal LDAP attribute mapper. But before I invest time into it, I want to know if this would be something the Keycloak project would be interested in?

      Also if my strategy of adding a default value field to (customizable by the administrator when creating the attribute mappers) is a sound one. Extra things that I have considered that will require changes are the UI and possibly the API. Anything I'm missing or any caveats I should be aware?

      Thanks in advance.

      Related issues I could find:

      PS: I really don't want to be running my fork of Keycloak hehehe

        Gliffy Diagrams




              • Assignee:
                serializingme Duarte Silva
              • Votes:
                1 Vote for this issue
                1 Start watching this issue


                • Created: