Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-2082

Option for handling unavailable users through LDAP provider

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      Narrative

      When a user is removed directly from the LDAP by LDAP administrator, Keycloak checks that the user is not available in the LDAP anymore and so proceeds to delete the user from Keycloak database itself.
      Keycloak does not even throw and log an event that a particular user was deleted from LDAP. It simply goes for a silent deletion of the user.

      In some environments, customers may want to retain the user in the Keycloak database, even after the same user is deleted from the LDAP backend, no matter the import mode settings or if sync mode is enabled or not.
      So when using a LDAP 'user federation', we need to provide admins with the options to preserve or delete (default) data of those deleted LDAP users.

      Value Proposition

      • Due to auditing or other compliance requirements, some organizations need to keep track of their users data up to a certain period of time (for days, months, or even years). These organizations may only delete user manually (via API with a supporting document recorded), but not automatically. The auditing and compliance policies can be applied to internal applications/products only.
      • Governance/Business requirements to preserve deleted staffs data.

      Goals

      • Ability for admins to preserve users deleted from LDAP, or otherwise opt to delete them by default from the database as to when deleted from the LDAP.
      • Log an event in the case that Keycloak detects that an user was deleted in LDAP.

      Implementation note

              Unassigned Unassigned
              rhn-support-igueye Issa Gueye
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: