We are currently using LDAP user and group backend app to manage our users. Now we want to migrate to keycloak where the user federation uses the same LDAP server. We are planning to use OpenID Connect user backend (user_oidc) App. The problem is that the ldap App saves the users as follows:
id | user_id | display_name
----+---------------+---------------
15 | john.doe | John Doe
How we can migrate our users without losing any data and shared links. We currently have less then 50 users, so a manual fix in the DB is also acceptable.
The user_id in user_oidc table is the uid in LDAP.
user_oidc app has multiple mapping parameters… please review the docs and adopt the config of user_oidc-app
When relying on the LDAP user backend for user provisioning, you need to adjust the “Login Attributes” section and the Expert tab’s “Internal Username” value of your LDAP settings. Even if LDAP does not handle the login process, the user_oidc app will trigger an LDAP search when logging in to make sure the user is created if it was not synced already. So it is essential that:
the OpenID Connect “User ID mapping” attribute matches the LDAP Expert tab’s “Internal Username”. The attribute names can be different but their values should match. Do not change the LDAP configuration, simply adapt the OpenID Connect provider configuration.
the OpenID Connect “User ID mapping” attribute can be used in the LDAP login query defined in the “Login Attributes” tab.
the problem is that this owncloud_name is somehow generated from the ldap app and not existing in our ldap server. So we cannot add this value as attribute. Unfortunately we never set anything in the Expert tab and the values there are empty (some default most likely).