I have created a LDAP User Federation in Keycloak with Sync registration enabled.
I am trying to create a new user, with API /admin/realms/{realm}/users using following json input:
{
"id": "2d2514b22-4cd7-4711-ae0d-529615289b58",
"createdTimestamp": 1852647518630,
"username":"user1",
"enabled":true,
"emailVerified":true,
"firstName":"user1",
"lastName":"user1",
"email":"[email protected]",
"totp": false,
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": false,
"manage": true
},
"attributes": {
"dn": ["uid=user1,o=org12345,dc=org,dc=com"]}
}
It throws following exception:
WARN [org.keycloak.services.resources.admin.UsersResource] (executor-thread-107) Could not create user: org.keycloak.models.ModelException: Error creating subcontext [uid=user1,o=org12345,dc=org,dc=com]
at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.createSubContext(LDAPOperationManager.java:655)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.add(LDAPIdentityStore.java:102)
...
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - shadow context; no update referral]; remaining name 'uid=user1,o=org12345,dc=org,dc=com'
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3333)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997)
How to fix above exception and get the user created in LDAP?
If Sync registration is disabled, it creates a user in Keycloack but not in LDAP server.
What am I missing here?
Keycloak: 21.1.1