Sync Keycloak Groups To LDAP cause "Error!" popup in RH-SSO admin console

Solution Verified - Updated -

Issue

  • In case AD group(member of another group) is deleted from RH-SSO and "Sync Keycloak Groups To LDAP" is performed following error is observed
022-10-07 15:03:54,536 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-6) Uncaught server error: org.keycloak.models.ModelException: Could not modify attribute for DN [CN=testgroup10,OU=group,OU=test,DC=EXAMPLE,DC=COM]
        at org.keycloak.keycloak-ldap-federation@18.0.0.redhat-00001//org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.removeMemberFromGroup(LDAPIdentityStore.java:144)
        at org.keycloak.keycloak-ldap-federation@18.0.0.redhat-00001//org.keycloak.storage.ldap.LDAPUtils.deleteMember(LDAPUtils.java:205)
        at org.keycloak.keycloak-ldap-federation@18.0.0.redhat-00001//org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.processKeycloakGroupMembershipsSyncToLDAP(GroupLDAPStorageMapper.java:532)
        at org.keycloak.keycloak-ldap-federation@18.0.0.redhat-00001/
  • When Active Directory group(member of another group) is deleted from RH-SSO and "Sync Keycloak Groups To LDAP" is executed, "Error!" popup is observed in RH-SSO Admin Console

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content