Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-3318

LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation [GHI#41520]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      ldap

      Describe the bug

      KERBEROS_PRINCIPAL not update if it was empty on creation (mapper missing etc.)

      @martin-kanis @pedroigor

      Version

      26.3.2

      Regression

      [ ] The issue is a regression

      Expected behavior

      After configuring the mapper, and running full sync, KERBEROS_PRINCIPAL shout be updated.

      Actual behavior

      KERBEROS_PRINCIPAL is not update if it was null on first user import.

      How to Reproduce?

      • create user federation with ldap
      • full sync users
      • configure kerberos on federation and add kerberos-principal-attribute-mapper
      • full sync users

      Anything else?

      I think this is coused by this check:
      https://github.com/keycloak/keycloak/blob/26.3.2/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/KerberosPrincipalAttributeMapper.java#L42C47-L42C69

      I don't know why to check this before updating.

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core IAM
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: