Hi,
I am trying to set up my local Keycloak with two different user providers - one AD and one LDAP.
I would like to be able to let users login with the email address and either password (ad or ldap).
For doing so i try to:
disable “Login with email” in the login-settings of the realms.
set up for LDAP:
priority: 0
Username LDAP attribute: mail
RDN LDAP attribute: mail
UUID LDAP attribute: mail
Import Users: off
mapping Username: mail
set up for AD:
priority: 1
Username LDAP attribute: userPrincipalName
RDN LDAP attribute: userPrincipalName
UUID LDAP attribute: userPrincipalName
Import Users: off
mapping Username: userPrincipalName
I can login with email with LDAP. If i try the same with the AD password i will be prompted to wrong password.
I need to disable LDAP user provider, then AD starts to work.
Is there a way to establish a cascade mechanism, so if the first provider fails, and attempt with the second one is fired up with the same username - email in my case?
Thank you!