libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Fix LDAP user synchronization documentation

Browse source 
Closes #16833
This commit is contained in:
Stefan Guilhen 2023-05-16 15:18:51 -03:00 committed by Hynek Mlnařík
parent 55e3e26f2e
commit 27e79fb025
2 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/documentation/server_admin/topics/user-federation/ldap.adoc
View file

@ -82,7 +82,7 @@ The `Use Truststore SPI` configuration property, in the LDAP federation provider
==== Synchronizing LDAP users to {project_name}
If you set the *Import Users* option, the LDAP Provider handles importing LDAP users into the {project_name} local database. The first time a user logs in, the LDAP provider imports the LDAP user into the {project_name} database and validates the LDAP password. This first time a user logs in is the only time {project_name} imports the user. If you click the *Users* menu in the Admin Console and click the *View all users* button, you only see the LDAP users authenticated at least once by {project_name}. {project_name} imports users this way, so this operation does not trigger an import of the entire LDAP user database.
If you set the *Import Users* option, the LDAP Provider handles importing LDAP users into the {project_name} local database. The first time a user logs in or is returned as part of a user query (e.g. using the search field in the admin console), the LDAP provider imports the LDAP user into the {project_name} database. During authentication, the LDAP password is validated.
If you want to sync all LDAP users into the {project_name} database, configure and enable the *Sync Settings* on the LDAP provider configuration page.

15
docs/documentation/server_admin/topics/users/proc-searching-user.adoc
View file

@ -12,16 +12,15 @@ Search for a user to view detailed information about the user, such as the user'
.Procedure
. Click *Users* in the main menu. This *Users* page is displayed.
. Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users who match your criteria.
. Alternatively, you can click *View all users* to list every user in the system.
. Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users that match your criteria.
+
NOTE: This action searches only the local {project_name} database and not the federated database, such as LDAP. The backends for federated databases do not have a pagination mechanism that enables searching for users.
The criteria used to match users depends on the syntax used on the search box:
+
.. To search users from a federated backend, the user list must be synced into the {project_name} database. Adjust the search criteria to sync the backend users to the {project_name} database.
.. `"somevalue"` -> performs exact search of the string `"somevalue"`;
.. `\*somevalue*` -> performs infix search, akin to a `LIKE '%somevalue%'` DB query;
.. `somevalue*` or `somevalue` -> performs prefix search, akin to a `LIKE 'somevalue%'` DB query.
+
NOTE: Searches performed in the *Users* page encompasses searching both {project_name}'s database and configured user federated backends, such as LDAP. Users found in federated backends will be imported into {project_name}'s database if they don't already exist there.
+
.. Alternatively, click the *User Federation* in the left menu.
... To apply changes to a selected user, click *Sync changed users* on the page with your federation provider.
... To apply changes to all users in the database, click *Sync all users* on the page with your federation provider.
.Additional resources
* For more information on user federation, see <<_user-storage-federation,User Federation>>.