Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-3099

Novell eDirectory LDAP + MSSQL DB: Wrong datatype storing the UUID LDAP attribute

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: 1.9.5.Final
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      1. With running keycloak: Import user database from Novell eDirectory
      2. Stop keycloak server
      3. Export the keycloak with bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir
      4. The console log shows the synchronization errors:
        2016-06-09 10:52:40,828 WARN  [org.keycloak.federation.ldap.LDAPFederationProvider] (ServerService Thread Pool -- 47) LDAP User invalid. ID doesn't match. ID from LDAP [�a�G�/�Fњ�a�G�/], LDAP ID from local DB: [?a?G?/?F??a?G?/]
        
      Show
      With running keycloak: Import user database from Novell eDirectory Stop keycloak server Export the keycloak with bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir The console log shows the synchronization errors: 2016-06-09 10:52:40,828 WARN [org.keycloak.federation.ldap.LDAPFederationProvider] (ServerService Thread Pool -- 47) LDAP User invalid. ID doesn't match. ID from LDAP [�a�G�/�Fњ�a�G�/], LDAP ID from local DB: [?a?G?/?F??a?G?/]

      Description

      When importing users from Novell eDirectory, the UUID LDAP attribute (GUID) ist stored in the VALUE attribute of the USER_ATTRIBUTE table und the name "LDAP_ID".
      When synching users with the LDAP, this LDAP_ID is used to verify the identity of the user in the LDap directory.

      The eDirectory delivers UTF-8 characters for the GUID which cannot be stored without loss in the varchar(255) VALUE attribute. On synching the user it turns out, that the user cannot be identified in the LDAP directory any more:

      2016-06-09 10:52:40,828 WARN  [org.keycloak.federation.ldap.LDAPFederationProvider] (ServerService Thread Pool -- 47) LDAP User invalid. ID doesn't match. ID from LDAP [�a�G�/�Fњ�a�G�/], LDAP ID from local DB: [?a?G?/?F??a?G?/]
      

      Changing the VALUE attribute to nvarchar(255) before importing the users worked for me.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            zene22 Andreas Furbach
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: