Idempotency problem with ldap user provider

[Xaraxia]

Notice: /Stage[main]/Profile::Keycloak/Keycloak_ldap_user_provider[AD on REDACTED]/user_object_classes: current_value person, organizationalPerson, user, should be person, organizationalPerson, user (noop) (corrective)

Running a noop, you can see the above ... it seems to be trying to change it unnecessarily.

[treydock]

Can you share how you are defining user_object_classes? From that output it looks like you may have:

user_object_classes => ['person', 'organizationalPerson', 'user'],

I updated the acceptance tests which check for idempotency and saw this on first run:

  Notice: /Stage[main]/Main/Keycloak_ldap_user_provider[LDAP]/user_object_classes: user_object_classes changed inetOrgPerson,organizationalPerson to person,organizationalPerson,user

Then second run had no changes. What version of this module are you using and what version of Keycloak?

Was there any other output related to that LDAP user provider?

[treydock]

Also can you share this output from the Keycloak server where happened? Example:

# /opt/keycloak/bin/kcadm-wrapper.sh get components -r <realm name> | jq '.[] | select(.name == "AD") | .config.userObjectClasses'
Logging into http://localhost:8080/ as user admin of realm master

[
  "posixAccount"
]