Duplicate entry error when using AD/LDAP User Federation Provider
Issue
-
When using AD or LDAP User Federation provider
Duplicate entry
error is thrown when users are looked up. The exception should be similar to the following:Uncaught server error: org.keycloak.models.ModelDuplicateException: javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: could not execute statement at org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:57) at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:51) at com.sun.proxy.$Proxy70.flush(Unknown Source) at org.keycloak.models.jpa.JpaRealmProvider.addRealmRole(JpaRealmProvider.java:202) at org.keycloak.models.cache.infinispan.RealmCacheSession.addRealmRole(RealmCacheSession.java:582) at org.keycloak.models.cache.infinispan.RealmCacheSession.addRealmRole(RealmCacheSession.java:577) at org.keycloak.models.cache.infinispan.RealmAdapter.addRole(RealmAdapter.java:863) at org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper$LDAPRoleMappingsUserDelegate.getLDAPRoleMappingsConverted(RoleLDAPStorageMapper.java:423) at org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper$LDAPRoleMappingsUserDelegate.getRoleMappings(RoleLDAPStorageMapper.java:393) at org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper$LDAPRoleMappingsUserDelegate.hasRole(RoleLDAPStorageMapper.java:367) at org.keycloak.services.resources.admin.ClientRoleMappingsResource.getAvailableRoles(ClientRoleMappingsResource.java:151) ... Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'LDAP-rolename' for key 'UK_XXXXXXXXXX' at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at com.mysql.jdbc.Util.handleNewInstance(Util.java:411) at com.mysql.jdbc.Util.getInstance(Util.java:386) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1041) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4187) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4119) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2570) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2731) at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2820) at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2159) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2462) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2379) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2363) at org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedStatement.java:537) at org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:204) ... 92 more
-
Error adding role mappings from AD/LDAP into the RH-SSO internal database (duplicate entries).
Environment
- Red Hat Single Sign On (RH-SSO)
- 7
- AD or LDAPv3 involved (as a User Federation Provider)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.