8000 Retrieve UUID from LDAP in same context by ahus1 · Pull Request #29470 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Retrieve UUID from LDAP in same context #29470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2024
Merged

Retrieve UUID from LDAP in same context #29470

merged 1 commit into from
May 13, 2024

Conversation

ahus1
Copy link
Contributor
@ahus1 ahus1 commented May 13, 2024

This should avoid out-of-sync problems in distributed LDAP environments.

Closes #29206

@ahus1
Retrieve UUID from LDAP in same context
6ee2eb8 
This should avoid out-of-sync problems in distributed LDAP environments.

Closes keycloak#29206

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
@ahus1 ahus1 self-assigned this May 13, 2024
@ahus1 ahus1 marked this pull request as ready for review May 13, 2024 09:04
@ahus1 ahus1 requested a review from a team as a code owner May 13, 2024 09:04
@ahus1 ahus1 mentioned this pull request May 13, 2024
Closed
2 tasks
@ahus1
Copy link
Contributor Author
ahus1 commented May 13, 2024

@davidfrickert - I have tested this locally, but I'm missing an environment to test this against a clustered version of OpenLDAP where it could show the error you experienced.

I wonder if you can test this change by building an image locally? Note that if you run an Keycloak with a version build from main, this version will do a database migration and you won't be able to upgrade that environment to a released version of Keycloak later. So please use it only in an ephemeral environment where you can reset the database afterwards.

@sguilhen - I'd be happy if you could have a look at this change if you think this is a possible solution. Maybe we need to involve some other LDAP-literate people for this as well.

@davidfrickert
Copy link

@davidfrickert - I have tested this locally, but I'm missing an environment to test this against a clustered version of OpenLDAP where it could show the error you experienced.

I wonder if you can test this change by building an image locally? Note that if you run an Keycloak with a version build from main, this version will do a database migration and you won't be able to upgrade that environment to a released version of Keycloak later. So please use it only in an ephemeral environment where you can reset the database afterwards.

@sguilhen - I'd be happy if you could have a look at this change if you think this is a possible solution. Maybe we need to involve some other LDAP-literate people for this as well.

Yeah no worries I can test this on a disposable local K3s cluster with clustered OpenLDAP, will let you know here what happens!

@davidfrickert
Copy link
davidfrickert commented May 13, 2024
edited
Loading

Looking good! I was able to create multiple users in a row without errors and also Group assignment / leaving group multiple times in a row.
Is there any other use case that you want me to look at @ahus1?
My setup is clustered Keycloak (using operator, 3 replicas) and clustered OpenLDAP (3 replicas), running under k3s.

sguilhen
sguilhen approved these changes May 13, 2024
View reviewed changes
Copy link
Contributor
@sguilhen sguilhen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, @ahus1 ! It looks good to me!

@sguilhen sguilhen requested a review from rmartinc May 13, 2024 11:31
@sguilhen
Copy link
Contributor

@rmartinc would you be able to take a look when you have some time?

@ahus1
Copy link
Contributor Author
ahus1 commented May 13, 2024

@davidfrickert - thank you for your tests, the tests you describe sound sufficient to me. Let's wait for @rmartinc and then this should be ready to merge.

@sguilhen, @rmartinc - would this be a candidate for a backport to KC24?

@sguilhen
Copy link
Contributor

@ahus1 I would think so, looks like a good candidate for backporting.

rmartinc
rmartinc approved these changes May 13, 2024
View reviewed changes
Copy link
Contributor
@rmartinc rmartinc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahus1 LGTM! I have checked it and doing this the same connection is used for the add and the search operations. So it would use the same backend for both.

mhajas
mhajas approved these changes May 13, 2024
View reviewed changes
Copy link
Contributor
@mhajas mhajas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on reviews from @sguilhen and @rmartinc, thank you all

@mhajas mhajas merged commit 2d05331 into keycloak:main May 13, 2024
@LividSquid LividSquid mentioned this pull request Feb 28, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sguilhen sguilhen sguilhen approved these changes

@mhajas mhajas mhajas approved these changes

@rmartinc rmartinc rmartinc approved these changes

Assignees

@ahus1 ahus1

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

LDAP user creation reports error but user is created
5 participants
@ahus1 @davidfrickert @sguilhen @mhajas @rmartinc
0