Importing user from LDAP to RH-SSO fails with error "email already exists"

Solution Unverified - Updated -

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.x

Issue

  • RH-SSO could not able to import user from LDAP and throwing the error like below
2017-04-24 09:04:28,016 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user1' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'
2017-04-24 09:04:28,028 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user2' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'

Resolution

  • This error occurs when single e-mail id is mapped with multiple users.
  • As a workaround, e-mail mapper has to be deleted if all the user has to imported being in the same environment. To delete the e-mail mapper follow the below steps.
    • Login into RH-SSO console
    • Select the appropriate realm
    • Click on User Federation and Click on appropriate provider
    • Go to Mappers tab, click on email attribute mapper and click on the delete symbol

Email Mapper Deletion

Root Cause

  • RH-SSO does not allow multiple user to have same email-id

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.