Applies to
- DMC
Conditions
- Using LDAP
Issue Summary
When attempting to add a new user to DMC in Keycloak, you may encounter the below error message.
Error Message
Error! An unexpected server error has occurred
Potential Root Causes
-
LDAP configuration issues
-
Incorrect attribute mapping in Keycloak's LDAP settings
Troubleshooting
Step 1: Review DMC Logs
-
Access the DMC server and collect the following logs:
sudo datical-control logs datical-service > servicelog.txt sudo datical-control logs keycloak > keycloaklog.txt sudo datical-control logs proxy > proxylog.txt
-
Examine the Keycloak logs for errors. Look for entries similar to the following:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-6) Uncaught server error: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: LDAP_UserName, user DN: CN=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=com, attributes from LDAP: {whenChanged=[xxx], whenCreated=[xxx], mail=[xxx], sAMAccountName=[xxx], sn=[xxx], cn=[xxx], userAccountControl=[xxx], pwdLastSet=[xxx]}
Step 2: Verify LDAP Configuration
-
Check the LDAP settings in Keycloak.
-
Navigate to Keycloak Admin Console > User Federation > LDAP Settings.
-
Verify the attribute mapped to the username.
-
-
Confirm that the "Mapped username LDAP attribute" is correctly set. In the example above, it was incorrectly set to
LDAP_UserName
instead ofusername
.
Step 3: Update the Username Attribute
-
Update the LDAP username attribute mapping to the correct field.
-
In the LDAP configuration, locate the "Username LDAP Attribute" field.
-
Replace the incorrect value with the correct value. For example,
LDAP_UserName
withusername
.
-
-
Save the changes and restart the Keycloak service.
- Begin by stopping all services:
- Demo mode, use:
-
sudo datical-control service stop ALL
-
- Production mode, use:
-
sudo datical-control service stop proxy
sudo datical-control service stop datical-service
sudo datical-control service stop keycloak
-
- Demo mode, use:
- Then, restart all services.
- Demo mode, use:
-
sudo datical-control service start ALL
-
- Production mode, use:
-
sudo datical-control service start keycloak
sudo datical-control service start datical-service
sudo datical-control service start proxy
-
- Demo mode, use:
- Begin by stopping all services:
Step 4: Validate the Fix
-
Retry adding the new user to DMC.
-
Confirm that the error message no longer appears and that the user has been successfully added.
By following these steps, the issue should be resolved. If further assistance is required, escalate to Liquibase Support with detailed logs and configuration settings.
Comments
0 comments
Article is closed for comments.