<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

User lookup fails in keycloak due to null familyName and null givenName about ipa-tuura HOT 3 CLOSED

justin-stephenson commented on July 21, 2024

User lookup fails in keycloak due to null familyName and null givenName

from ipa-tuura.

Comments (3)

justin-stephenson commented on July 21, 2024

Hi @f-trivino I looked into this more, it appears the ldap_user_extra_attrs line is not being added to sssd.conf during the intg domain add operation (Adding it manually fixes the issue)., even though the ipa-client-install on the bridge is successful and the plugin is added successfully.

ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname

I am testing using ipa-tuura master, on the keycloak system I use following commands to add the plugin and then test a user lookup. scimurl is replaced with the system IP address I am deploying with IDM-CI.

./kcadm.sh config credentials \
    	--server http://localhost:8080 \
    	--realm master --user admin --password redhat

./kcadm.sh create components \
	-r master \
	-s name=scimipa \
	-s providerId=scim \
	-s providerType=org.keycloak.storage.UserStorageProvider \
	-s 'config.scimurl=["10.0.198.183:8000"]' \
	-s 'config.loginusername=["djangoadmin"]' \
	-s 'config.loginpassword=["redhat"]' \
	-s 'config.domain=["http://server.ipa.test"]' \
	-s 'config.domainname=["ipa.test"]' \
	-s 'config.domaindesc=["Bridge_to_ipa"]' \
	-s 'config.domainurl=["https://server.ipa.test"]' \
	-s 'config.domainclientid=["admin"]' \
	-s 'config.domainclientsecret=["Secret123"]' \
	-s 'config.idprovider=["ipa"]' \
	-s 'config.cacert=["/etc/ipa/ca.crt"]' \
	-s 'config.extraattrs=["mail:mail, sn:sn, givenname:givenname"]' \
	-s 'config.users_dn=["ou=people,dc=ipa,dc=test"]' \
	-s 'config.addintgdomain=["True"]' \
	-s 'config.delintgdomain=["True"]'

The plugin sends the outgoing POST to the domains endpoint:

2023-07-24 12:14:56,968 DEBUG [org.apache.http.wire] (executor-thread-3) http-outgoing-1 >> "{"integration_domain_url":"https://server.ipa.test","name":"ipa.test","description":"Bridge_to_ipa","client_id":"admin","client_secret":"Secret12
3","id_provider":"ipa","user_extra_attrs":"mail:mail, sn:sn, givenname:givenname","ldap_tls_cacert":"/etc/ipa/ca.crt","users_dn":"ou=people,dc=ipa,dc=test"}"

Successful response from ipa-tuura

2023-07-24 12:15:14,261 INFO  [keycloak.scim_user_spi.Scim] (executor-thread-3) Result is {"id":2,"name":"ipa.test","description":"Bridge_to_ipa","integration_domain_url":"https://server.ipa.test","client_id":"admin","client_secret":"Secret123","id_provider":"ipa","user_extra_attrs":"mail:mail, sn:sn, givenname:givenname","user_object_classes":"","users_dn":"ou=people,dc=ipa,dc=test","ldap_tls_cacert":"/etc/ipa/ca.crt"}
2023-07-24 12:15:14,262 INFO  [keycloak.scim_user_spi.SCIMUserStorageProviderFactory] (executor-thread-3) Add intgDomains Result is true

from ipa-tuura.

spoore1 commented on July 21, 2024

@justin-stephenson Is this one fixed by #61 ?

from ipa-tuura.

justin-stephenson commented on July 21, 2024

@spoore1 Yes that should fix this.

from ipa-tuura.

User lookup fails in keycloak due to null familyName and null givenName about ipa-tuura HOT 3 CLOSED

Comments (3)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent