Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use sAMAcountName from ldap as username

Tags:

ldap

keycloak

I connected our active directory to keycloak (4.0.0.Beta1) and imported the users - this works fine.

But the username should be filled from sAMAccountName. So i changed the Username LDAP attribute to that.

But after clicking Synchronize all users i am getting this error in the console window:

8:20:13,372 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-119) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDA
 mappings. Mapped username LDAP attribute: cn, user DN: CN=Mustermann Max,OU=Normung,OU=Mech,OU=Konstruktion,OU=Abteilungen,DC=company,DC=org, attributes from LDAP: {whenChanged=[2017037125253.0Z], whenCreated=[20140520092805.0
], mail=[[email protected]], givenName=[Max], sn=[Mustermann], userAccountControl=[66048], pwdLastSet=[130750516258418527]}
       at org.keycloak.storage.ldap.LDAPUtils.getUsername(LDAPUtils.java:113)
       at org.keycloak.storage.ldap.LDAPStorageProviderFactory$3.run(LDAPStorageProviderFactory.java:521)
       at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
       at org.keycloak.storage.ldap.LDAPStorageProviderFactory.importLdapUsers(LDAPStorageProviderFactory.java:514)
       at org.keycloak.storage.ldap.LDAPStorageProviderFactory.syncImpl(LDAPStorageProviderFactory.java:469)
       at org.keycloak.storage.ldap.LDAPStorageProviderFactory.sync(LDAPStorageProviderFactory.java:407)
...

I tried some mappers (especially username) but with no luck. It seems that there are only a few attributes read from the ldap server (see attributes from LDAP:... in the output).

Namely: whenChanged, whenCreated, mail, givenName, sn, userAccountControl, pwdLastSet.

How can i get the sAMAcountName attribute as username?

like image 385
chris Avatar asked May 04 '18 06:05

chris


People also ask

Is sAMAccountName the same as username?

The samAccountName is the User Logon Name in Pre-Windows 2000 (this does not mean samAccountName is not being used as Logon Name in modern windows systems). The userPrincipalName is a new way of User Logon Name from Windows 2000 and later versions.

What is username attribute in LDAP?

User ID Attribute: LDAP user ID attribute is the login attribute that uniquely identifies a single user record. The value of this attribute should match the username used at the login prompt. Administrator bind requires administrator access to the LDAP server(s).

How do I get users from LDAP?

Generally, LDAP authentication is done in two steps: Map a given unique user identifier (uid) to its distinguished name using a search operation with a filter like (&(objectClass=user)(uid=%s)) Use a bind operation with that dn to authenticate against your LDAP server.

What is LDAP sAMAccountName?

sAMAccountName is the ldap attribute that should match the login name. dn is the distinguished name returned by the LDAP server that matches sAMAccountName. jsmith is the login id of the user logging into Vertica.


2 Answers

I have just tested it in 4.1.0.Final and there it works when you change the Username LDAP attribute to sAMAccountName and additionally the LDAP Attribute in the username mapper also to sAMAccountName.

I tried some mappers (especially username) but with no luck.

Your question suggest, that you already tried doing something in the username mappers. So you were definetly on the right track. Either there was a bug in your version, or the two fields didn't match correctly.

like image 69
Markus Heberling Avatar answered Oct 16 '22 23:10

Markus Heberling


For me, it worked. Please find the below process:

1) In User Federation -> LDAP Provider -> There is a setting called "UserName LDAP Attribute". (as shown here ldap provider settings)

2) Select Mappers tab and edit "username" mapper and change to following settings: username mapper settings

like image 37
SANDEEP MACHIRAJU Avatar answered Oct 16 '22 23:10

SANDEEP MACHIRAJU