Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-3098

LDap Federation leads to different behaviour on import vs. export

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide

      Either one of those workarounds can be applied:

      • Fix the LDAP to not contain duplicate entries with same "cn" attribute (or other attribute instead of "cn", which is configured for LDAP provider as Username attribute)
      • Use "Custom LDAP filter" to filter some entries with duplicated "cn" attribute, which are not real users. As pointed in one of the comments.
      Show
      Either one of those workarounds can be applied: Fix the LDAP to not contain duplicate entries with same "cn" attribute (or other attribute instead of "cn", which is configured for LDAP provider as Username attribute) Use "Custom LDAP filter" to filter some entries with duplicated "cn" attribute, which are not real users. As pointed in one of the comments.
    • -

    Description

      When importing users from our Novell eDirectory, identical "cn"-values (username) for different entries are detected but do not break the import. Only the first entry is imported.

      When we try to export the (user-)database for each user a check with the ldap is performed. In this case the duplicate "cn"-values lead to abortion of the export process with a stack-trace.

      I guess this is related a crappy eDirectory, still a possibility to export the database would be nice. So is it possible to catch this error and issue a warning instead?

      import
      2016-06-09 10:47:52,171 WARN  \[org.keycloak.federation.ldap.LDAPFederationProviderFactory\] (default task-6) User 'wwwrun' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider 'eDirectory'
      
      export
      15:41:33,399 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 46) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
              at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at java.lang.Thread.run(Thread.java:745)
              at org.jboss.threads.JBossThread.run(JBossThread.java:320)
      Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
              at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)
              at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
              at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
              at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
              at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
              at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
              at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
              at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
              at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
              at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
              at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
              at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
              at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
              at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
              ... 6 more
      Caused by: org.keycloak.models.ModelDuplicateException: Error - multiple LDAP objects found but expected just one
              at org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:183)
              at org.keycloak.federation.ldap.LDAPFederationProvider.loadLDAPUserByUsername(LDAPFederationProvider.java:510)
              at org.keycloak.federation.ldap.LDAPFederationProvider.loadAndValidateUser(LDAPFederationProvider.java:284)
              at org.keycloak.federation.ldap.LDAPFederationProvider.validateAndProxy(LDAPFederationProvider.java:111)
              at org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:148)
              at org.keycloak.models.UserFederationManager.query(UserFederationManager.java:301)
              at org.keycloak.models.UserFederationManager.getUsers(UserFederationManager.java:316)
              at org.keycloak.exportimport.util.MultipleStepsExportProvider$3.runExportImportTask(MultipleStepsExportProvider.java:108)
              at org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:35)
              at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:287)
              at org.keycloak.exportimport.util.MultipleStepsExportProvider.exportRealmImpl(MultipleStepsExportProvider.java:103)
              at org.keycloak.exportimport.util.MultipleStepsExportProvider.exportModel(MultipleStepsExportProvider.java:57)
              at org.keycloak.exportimport.ExportImportManager.runExport(ExportImportManager.java:101)
              at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:140)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
              at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
              ... 19 more
      
      15:41:33,412 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./auth" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
          Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
          Caused by: org.keycloak.models.ModelDuplicateException: Error - multiple LDAP objects found but expected just one"}}
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            andreas.furbach Andreas Furbach
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: