Importing user from LDAP to RH-SSO fails with error "email already exists"
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7.x
Issue
- RH-SSO could not able to import user from LDAP and throwing the error like below
2017-04-24 09:04:28,016 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user1' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'
2017-04-24 09:04:28,028 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user2' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'
Resolution
- This error occurs when single
e-mailid is mapped with multiple users. - As a workaround,
e-mail mapperhas to be deleted if all the user has to imported being in the same environment. To delete thee-mail mapperfollow the below steps.- Login into
RH-SSOconsole - Select the appropriate
realm - Click on
User Federationand Click on appropriate provider - Go to
Mapperstab, click on email attribute mapper and click on thedeletesymbol
- Login into

Root Cause
- RH-SSO does not allow multiple user to have same email-id
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
