> For the complete documentation index, see [llms.txt](https://www.pranaypourkar.co.in/the-programmers-guide/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.pranaypourkar.co.in/the-programmers-guide/identity-and-access-management-iam/keycloak/user-federation/integrating-openldap.md). # Integrating OpenLDAP ## Objective Connect a local OpenLDAP server (running via Docker) to Keycloak, so that users and groups can be read, synced, and authenticated via Keycloak. ## Prerequisites Make sure the following services are running: | Service | Tool | Example URL | | ---------------- | ----------------------- | ------------------------ | | **LDAP Server** | `osixia/openldap` image | `ldap://localhost:389` | | **phpLDAPadmin** | Admin GUI | `https://localhost:6443` | | **Keycloak** | Identity provider | `http://localhost:8180` | We should already have: * A working `docker-compose.yml` * Seeded users and groups via `seed-data.ldif` * Admin DN and password (e.g., `cn=admin,dc=corp,dc=acme,dc=com`) Refer to the following pages for more details on the setup {% content-ref url="/pages/N9jgDSkFNVz6i60BghmF" %} [Local OpenLDAP Setup](/the-programmers-guide/identity-and-access-management-iam/ldap/local-openldap-setup.md) {% endcontent-ref %} ## Apply LDAP Config ### Log into Keycloak Admin Console 1. Open `http://localhost:8180` 2. Log in as the Keycloak admin user (e.g., `admin / admin`) 3. Select the target **Realm** (e.g., `master`, or create a new one say `employee`) ### Add LDAP User Federation Provider 1. Go to **User Federation** (left-hand menu) 2. Click **Add provider → ldap** ### Set Configurations

### Test the Connection Use the **"Test connection"** and **"Test authentication"** buttons at the bottom of the provider form: * **Test connection**: Validates LDAP connectivity * **Test authentication**: Confirms bind credentials work If any test fails, double-check: * LDAP port (`389` open?) * Bind DN/password * Network access between Keycloak container and LDAP container ## Sync and Verify Users Click **"Synchronize all users"** from the LDAP provider settings. This will import all matching users under `Users DN` into Keycloak.

Sample users available in LDAP (Seeds file)

Fetch Token

## Configure LDAP Mappers By default, Keycloak adds a few LDAP mappers. We can verify and adjust them | **Mapper Type** | Example Mapping | | --------------- | --------------- | | Username | `uid` | | Email | `mail` | | First Name | `givenName` | | Last Name | `sn` | | Full Name | `cn` | > We can also add custom mappers for attributes like `employeeNumber`, `title`, `mobile`.

## Group Mapping To map LDAP groups: 1. Click **"Add mapper"** on the LDAP provider 2. Choose **"group-ldap-mapper"** as type ### Add configurations

### Sync Groups Click on "Sync LDAP Groups with Keycloak" button to sync

### Verify Sync Groups in keycloak

LDAP Seed File group declaration

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.pranaypourkar.co.in/the-programmers-guide/identity-and-access-management-iam/keycloak/user-federation/integrating-openldap.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.