我将活动目录连接到keycloak(4.0.0.Beta1)并导入了用户-效果很好。
但是用户名应使用填充sAMAccountName。所以我改为了Username LDAP attribute。
但是单击后,Synchronize all users我在控制台窗口中收到此错误:
8:20:13,372 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-119) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDA
mappings. Mapped username LDAP attribute: cn, user DN: CN=Mustermann Max,OU=Normung,OU=Mech,OU=Konstruktion,OU=Abteilungen,DC=company,DC=org, attributes from LDAP: {whenChanged=[2017037125253.0Z], whenCreated=[20140520092805.0
], mail=[Max.Mustermann@company.org], givenName=[Max], sn=[Mustermann], userAccountControl=[66048], pwdLastSet=[130750516258418527]}
at org.keycloak.storage.ldap.LDAPUtils.getUsername(LDAPUtils.java:113)
at org.keycloak.storage.ldap.LDAPStorageProviderFactory$3.run(LDAPStorageProviderFactory.java:521)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
at org.keycloak.storage.ldap.LDAPStorageProviderFactory.importLdapUsers(LDAPStorageProviderFactory.java:514)
at org.keycloak.storage.ldap.LDAPStorageProviderFactory.syncImpl(LDAPStorageProviderFactory.java:469)
at org.keycloak.storage.ldap.LDAPStorageProviderFactory.sync(LDAPStorageProviderFactory.java:407)
...
我尝试了一些制图器(尤其是username),但是没有运气。看来只有几个从ldap服务器读取的属性(请参见attributes from LDAP:...输出)。
即:whenChanged,WhenCreated,mail,giveName,sn,userAccountControl,pwdLastSet。
如何获得sAMAcountName属性作为用户名?