> On 28 Aug 2024, at 15:37, Alexander Bokovoy <[email protected]> wrote: > > On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: >> >> >>>> On 28 Aug 2024, at 15:02, Rob Crittenden <[email protected]> wrote: >>> >>> Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: >>>> Hi, >>>> >>>> I have configured Keycloak with FreeIPA for kerberos authentication. >>>> >>>> It has worked fine, but today I noticed something: >>>> >>>> Keycloak seems to look up krb5PrincipalName attribute to look for the >>>> user principal. However, I don't see that attribute when I perform an >>>> ldapsearch. Is it there at all? >>>> >>>> I also tried to remove this from keycloak, because it says that when >>>> this is empty it will just look for the username instead of user@domain. >>>> But somehow it adds krb5PrincipalName again. >>>> >>>> Is it keycloak that has a problem by not allowing me to remove >>>> krb5PrincipalName, or is it FreeIPA that somehow lost that attribute? >>>> >>>> Best, >>>> Francis >>>> >>> >>> Looks like a Keycloak issue. Check out >>> https://github.com/keycloak/keycloak/issues/25294 >>> >> Thanks. But should I have this atteibute in Freeipa? I dont see it when >> performance en ldapsearch. > > Keycloak allows you to configure what LDAP attributes correspond to what > properties. Use proper LDAP attribute for FreeIPA, in this case it is > krbPrincipalName. This can be chosen by setting LDAP vendor to 'rhds'.
I tried that. But I don’t see that attribute either on ldapsearch. Maybe I am not using the right permissions when searching. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
