Delete ldap attribute by keycloak

Asked Jun 29 '17 at 13:39

Active Jul 03 '17 at 08:36

Viewed 818 times

I'm evaluating keycloak for identity management using an existing (open)ldap server.

I've managed to get the telephoneNumber ldap attribute into keycloak.

The problem occurs if I try to remove a telephone number via keycloak: keycloak tries to set the ldap attribute to an empty string, which is not allowed. Is there a way to configure the user-attribute-ldap-mapper to delete the attribute if its empty?

Best wishes

Daniel

[edit] I've opend a bug report at keyloak for this issue

edited Jul 03 '17 at 08:36

asked Jun 29 '17 at 13:39

dve

It should be trying to set it to null. Submit a bug report. – user207421 Jun 30 '17 at 03:12
As `telephoneNumber` is multivalued it could work if it tries to set it to an empty array – Esteban Jun 30 '17 at 09:18
@Esteban No, it should set it to null. All LDAP attributes are multi-valued unless specifically described otherwise in their schema syntax. – user207421 Jul 03 '17 at 00:19

Delete ldap attribute by keycloak

0 Answers0