When using LDAP for user federation in Keycloak, the ObjectGUID attribute is automatically mapped into the LDAP_ID user attribute in Keycloak.
However, the UUID can be upper case in the LDAP directry, while Keycloak stores it lower case. When using LDAP for synchronizing users into applications and OIDC for authentication, some applications (Nextcloud) case sensitive and can therefore not map the OIDC user to the LDAP user object.
This OIDC protocol script mapper transforms the LDAP_ID attribute into upper case. For details, see the Keycloak documentation.
Clone this repo and run the build.sh script. Then copy the resulting ldap-id-uppercase.jar file into the providers directory of your Keycloak application. Then run the build.sh command.
- Open
Client Scopesin your realm. - Create a new Scope
- Switch to the
Mapperstab - Choose
Add Mapper>By Configuration - Select
LDAP ID uppercase mapperand set an attribute name.
Then you can use the attribute name in your OIDC client to access the upper case LDAP_ID