Onboarding user via Federation

This document covers onboarding users via keycloak federation and onboarding LDAP connected applications.

The LDAP connector is not needed to link keycloak to ldap

Info about the settings

This assumes that ldap bind user can add users to ldap.

• If ldap (User Federation) is set to Edit Mode , Sync Registrations is on and Import Users is on in keycloak

  • Then the user will be added to ldap at the base of the Users DN set in keycloak

  • The user’s Credential will be listed as Provided By LDAP

  • The user’s will get an random password in ldap

• If ldap (User Federation) is set to read only and Import Users is on or off in keycloak

  • The user’s Credential will be listed as Provided By keycloak

  • If the user is later added to ldap keycloak sync will fail for that user.

• If ldap (User Federation) is set to Edit Mode, Sync Registrations is off and Import Users is on or off in keycloak

  • The user’s Credential will be listed as Provided By keycloak

  • If the user is later added to ldap keycloak sync will fail for that user.

• If ldap (User Federation) is set to Edit Mode , Sync Registrations is on and Import Users is on in keycloak and you have an mapper error

  • No error will be shown and user will not be added to keycloak or ldap.

Config tenant

1. To go keycloak admin for your tenant

   

2. Under IDHub Realm go to User Federation

   

3. Pick ldap under add Provider

   

4. Setting will very based on your ldap directory config

   

   

   

   

   

5. Save and Synchronize all user (any errors will pop up with number users imported)

   

6. Go to Manage/users and check that the ldap users show up

   

Things to remember

If Edit Mode is on clicking delete will remove them from LDAP.

Things to avoid

Disclaimers