Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1730

LDAP group is stored multiple times in Keycloak DB

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • Archive - 21'
    • RH-SSO-7.3.0.GA
    • Server
    • None
    • Hide

      1. Provide Active Directory Server which has the following user and group entry:

      dn: CN=testuser1,OU=users,OU=test,DC=example,DC=com
      dn: CN=testgroup1,OU=groups,OU=test,DC=example,DC=com

      2. Add the testuser1 as a member to the testgroup1, then the testgroup1 should be :

      dn: CN=testgroup1,OU=groups,OU=test,DC=example,DC=com
      member: CN=testuser1,OU=users,OU=test,DC=example,DC=com

      3. start Keycloak

      4. Import the attached realm_testLdapGroup.json to create the test realm, and change the IP address and bind DN/password for you AD server

      5. Add the following filter in "LDAP Filter" in User Federation > Ldap > LDAP Mappers > GroupMapper, then click "Save" button

      (cn=nosuchgroup)

      6. Click "Synchronize all users" in User Federation > Ldap

      7. Clear the "LDAP Filter" in User Federation > Ldap > LDAP Mappers > GroupMapper, then click "Save" button

      8. Click Manage > Users, then "View all users", and click "Edit" button of "testuser1"

      9. Click the "Groups" tab of the testuser1

      10. Click Manage > Groups, then you will see the testgroup1 duplicated

      Show
      1. Provide Active Directory Server which has the following user and group entry: dn: CN=testuser1,OU=users,OU=test,DC=example,DC=com dn: CN=testgroup1,OU=groups,OU=test,DC=example,DC=com 2. Add the testuser1 as a member to the testgroup1, then the testgroup1 should be : dn: CN=testgroup1,OU=groups,OU=test,DC=example,DC=com member: CN=testuser1,OU=users,OU=test,DC=example,DC=com 3. start Keycloak 4. Import the attached realm_testLdapGroup.json to create the test realm, and change the IP address and bind DN/password for you AD server 5. Add the following filter in "LDAP Filter" in User Federation > Ldap > LDAP Mappers > GroupMapper, then click "Save" button (cn=nosuchgroup) 6. Click "Synchronize all users" in User Federation > Ldap 7. Clear the "LDAP Filter" in User Federation > Ldap > LDAP Mappers > GroupMapper, then click "Save" button 8. Click Manage > Users, then "View all users", and click "Edit" button of "testuser1" 9. Click the "Groups" tab of the testuser1 10. Click Manage > Groups, then you will see the testgroup1 duplicated

    Description

      A group defined in a Active Directory server is stored in Keycloak DB multiple times.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: