opencloud-keycloak setup is broken. User cannot login

[ScharfViktor]

Describe the bug

after updating opencloud_commit_id in web, e2e tests with Keycloak started failing.
opencloud-eu/web#851

Steps to reproduce

1. go to opencloud_full and enable keycloak KEYCLOAK=:keycloak.yml in .env file and use OC_DOCKER_TAG=daily
2. start opencloud and try to login as admin https://cloud.opencloud.test/

Expected behavior

user can log in.

Actual behavior

user cannot login. Admin cannot create new users in https://keycloak.opencloud.test/

keycloak log:

2025-06-24 11:50:29 KEYCLOAK_ADMIN_PASSWORD=admin
2025-06-24 11:50:29 KC_RUN_IN_CONTAINER=true
2025-06-24 11:50:29 HOSTNAME=d8b79c13a5bd
2025-06-24 11:50:29 PWD=/
2025-06-24 11:50:29 KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
2025-06-24 11:50:29 KC_FEATURES=impersonation
2025-06-24 11:50:29 OC_DOMAIN=cloud.opencloud.test
2025-06-24 11:50:29 HOME=/opt/keycloak
2025-06-24 11:50:29 LANG=en_US.UTF-8
2025-06-24 11:50:29 KEYCLOAK_ADMIN=admin
2025-06-24 11:50:29 KC_DB_USERNAME=keycloak
2025-06-24 11:50:29 SHLVL=1
2025-06-24 11:50:29 KC_DB=postgres
2025-06-24 11:50:29 KC_HOSTNAME=keycloak.opencloud.test
2025-06-24 11:50:29 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2025-06-24 11:50:29 KC_DB_PASSWORD=keycloak
2025-06-24 11:50:29 _=/usr/bin/printenv
2025-06-24 11:50:30 Changes detected in configuration. Updating the server image.
2025-06-24 11:50:30 Updating the configuration and installing your custom providers, if any. Please wait.
2025-06-24 11:50:32 2025-06-24 09:50:30,039 WARN  [org.key.qua.run.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed or their behaviour changed in a future release:
2025-06-24 11:50:32     - proxy: Use proxy-headers.
2025-06-24 11:50:32 Consult the Release Notes for details.
2025-06-24 11:50:35 2025-06-24 09:50:35,113 INFO  [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 4633ms
2025-06-24 11:50:35 Server configuration updated and persisted. Run the following command to review the configuration:
2025-06-24 11:50:35 
2025-06-24 11:50:35     kc.sh show-config
2025-06-24 11:50:35 
2025-06-24 11:50:35 Next time you run the server, just run:
2025-06-24 11:50:35 
2025-06-24 11:50:35     kc.sh start --proxy=edge --spi-connections-http-client-default-disable-trust-manager=true --import-realm --optimized
2025-06-24 11:50:35 
2025-06-24 11:50:36 2025-06-24 09:50:35,546 WARN  [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed or their behaviour changed in a future release:
2025-06-24 11:50:36     - proxy: Use proxy-headers.
2025-06-24 11:50:36 Consult the Release Notes for details.
2025-06-24 11:50:36 2025-06-24 09:50:36,945 INFO  [org.infinispan.CONTAINER] (ForkJoinPool.commonPool-worker-1) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2025-06-24 11:50:37 2025-06-24 09:50:37,043 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2025-06-24 11:50:37 2025-06-24 09:50:37,114 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000078: Starting JGroups channel `ISPN`
2025-06-24 11:50:37 2025-06-24 09:50:37,115 INFO  [org.jgroups.JChannel] (ForkJoinPool.commonPool-worker-1) local_addr: bd598a11-3820-4666-93c7-a2f72ab42289, name: d8b79c13a5bd-10277
2025-06-24 11:50:37 2025-06-24 09:50:37,118 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2025-06-24 11:50:37 2025-06-24 09:50:37,118 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
2025-06-24 11:50:37 2025-06-24 09:50:37,118 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2025-06-24 11:50:37 2025-06-24 09:50:37,118 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
2025-06-24 11:50:37 2025-06-24 09:50:37,122 INFO  [org.jgroups.protocols.FD_SOCK2] (ForkJoinPool.commonPool-worker-1) server listening on *.27125
2025-06-24 11:50:37 2025-06-24 09:50:37,277 WARN  [io.quarkus.vertx.http.runtime.VertxHttpRecorder] (main) The X-Forwarded-* and Forwarded headers will be considered when determining the proxy address. This configuration can cause a security issue as clients can forge requests and send a forwarded header that is not overwritten by the proxy. Please consider use one of these headers just to forward the proxy address in requests.
2025-06-24 11:50:37 2025-06-24 09:50:37,280 INFO  [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2025-06-24 11:50:37 2025-06-24 09:50:37,820 INFO  [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
2025-06-24 11:50:38 
2025-06-24 11:50:38 UPDATE SUMMARY
2025-06-24 11:50:38 Run:                        133
2025-06-24 11:50:38 Previously run:               0
2025-06-24 11:50:38 Filtered out:                 0
2025-06-24 11:50:38 -------------------------------
2025-06-24 11:50:38 Total change sets:          133
2025-06-24 11:50:38 
2025-06-24 11:50:39 2025-06-24 09:50:39,129 INFO  [org.jgroups.protocols.pbcast.GMS] (ForkJoinPool.commonPool-worker-1) d8b79c13a5bd-10277: no members discovered after 2004 ms: creating cluster as coordinator
2025-06-24 11:50:39 2025-06-24 09:50:39,143 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000094: Received new cluster view for channel ISPN: [d8b79c13a5bd-10277|0] (1) [d8b79c13a5bd-10277]
2025-06-24 11:50:39 2025-06-24 09:50:39,161 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000079: Channel `ISPN` local address is `d8b79c13a5bd-10277`, physical addresses are `[172.19.0.5:42661]`
2025-06-24 11:50:39 2025-06-24 09:50:39,360 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: d8b79c13a5bd-10277, Site name: null
2025-06-24 11:50:39 2025-06-24 09:50:39,421 INFO  [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
2025-06-24 11:50:40 2025-06-24 09:50:40,205 INFO  [org.keycloak.exportimport.dir.DirImportProvider] (main) Importing from directory /opt/keycloak/bin/../data/import
2025-06-24 11:50:40 2025-06-24 09:50:40,206 INFO  [org.keycloak.services] (main) KC-SERVICES0030: Full model import requested. Strategy: IGNORE_EXISTING
2025-06-24 11:50:41 2025-06-24 09:50:41,421 INFO  [org.keycloak.exportimport.util.ImportUtils] (main) Realm 'openCloud' imported
2025-06-24 11:50:41 2025-06-24 09:50:41,499 INFO  [org.keycloak.services] (main) KC-SERVICES0032: Import finished successfully
2025-06-24 11:50:41 2025-06-24 09:50:41,586 INFO  [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
2025-06-24 11:50:41 2025-06-24 09:50:41,638 INFO  [io.quarkus] (main) Keycloak 25.0.0 on JVM (powered by Quarkus 3.8.5) started in 6.431s. Listening on: http://0.0.0.0:8080. Management interface listening on http://0.0.0.0:9000.
2025-06-24 11:50:41 2025-06-24 09:50:41,638 INFO  [io.quarkus] (main) Profile prod activated. 
2025-06-24 11:50:41 2025-06-24 09:50:41,638 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, vertx]
2025-06-24 11:53:38 2025-06-24 09:53:38,026 INFO  [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry] (executor-thread-6) Creating new LDAP Store for the LDAP storage provider: 'ldap', LDAP Configuration: {fullSyncPeriod=[86400], pagination=[false], startTls=[false], connectionPooling=[false], usersDn=[ou=users,dc=opencloud,dc=eu], cachePolicy=[EVICT_DAILY], useKerberosForPasswordAuthentication=[false], evictionHour=[0], importEnabled=[true], enabled=[true], usernameLDAPAttribute=[uid], bindDn=[cn=admin,dc=opencloud,dc=eu], changedSyncPeriod=[3600], lastSync=[1745440869], vendor=[other], uuidLDAPAttribute=[entryUUID], allowKerberosAuthentication=[false], connectionUrl=[ldap://ldap-server:1389], syncRegistrations=[true], authType=[simple], krbPrincipalAttribute=[krb5PrincipalName], customUserSearchFilter=[(objectclass=inetOrgPerson)], searchScope=[1], useTruststoreSpi=[always], usePasswordModifyExtendedOp=[false], trustEmail=[false], userObjectClasses=[top,person,organizationalPerson,inetOrgPerson], evictionMinute=[0], rdnLDAPAttribute=[uid], editMode=[WRITABLE], validatePasswordPolicy=[false]}, binaryAttributes: []
2025-06-24 11:53:38 2025-06-24 09:53:38,094 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (executor-thread-6) Could not query server using DN [ou=users,dc=opencloud,dc=eu] and filter [(&(objectclass=inetOrgPerson)(uid=admin)(objectclass=top)(objectclass=person)(objectclass=organizationalPerson)(objectclass=inetOrgPerson))]: javax.naming.CommunicationException: ldap-server:1389 [Root exception is java.net.UnknownHostException: ldap-server]
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:253)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:141)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1620)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2848)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:349)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
2025-06-24 11:53:38     at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:520)
2025-06-24 11:53:38     at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
2025-06-24 11:53:38     at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
2025-06-24 11:53:38     at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:74)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:93)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:709)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:704)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:255)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:278)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:174)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:185)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.LDAPStorageProvider.loadLDAPUserByUsername(LDAPStorageProvider.java:1030)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.LDAPStorageProvider.getUserByUsername(LDAPStorageProvider.java:639)
2025-06-24 11:53:38     at org.keycloak.storage.UserStorageManager.lambda$getUserByUsername$19(UserStorageManager.java:411)
2025-06-24 11:53:38     at org.keycloak.utils.ServicesUtils.lambda$timeBoundOne$1(ServicesUtils.java:83)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
2025-06-24 11:53:38     at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400)
2025-06-24 11:53:38     at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:261)
2025-06-24 11:53:38     at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:261)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
2025-06-24 11:53:38     at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)
2025-06-24 11:53:38     at org.keycloak.storage.UserStorageManager.getUserByUsername(UserStorageManager.java:411)
2025-06-24 11:53:38     at org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:274)
2025-06-24 11:53:38     at org.keycloak.models.utils.KeycloakModelUtils.findUserByNameOrEmail(KeycloakModelUtils.java:253)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUserFromForm(AbstractUsernameFormAuthenticator.java:165)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUser(AbstractUsernameFormAuthenticator.java:144)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:125)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:55)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:48)
2025-06-24 11:53:38     at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:151)
2025-06-24 11:53:38     at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:1031)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:376)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:347)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:339)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:405)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_13d428b70e62601585246c086a52f40868a3208e.invoke(Unknown Source)
2025-06-24 11:53:38     at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
2025-06-24 11:53:38     at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
2025-06-24 11:53:38     at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
2025-06-24 11:53:38     at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
2025-06-24 11:53:38     at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
2025-06-24 11:53:38     at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
2025-06-24 11:53:38     at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
2025-06-24 11:53:38     at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
2025-06-24 11:53:38     at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2025-06-24 11:53:38     at java.base/java.lang.Thread.run(Thread.java:1583)
2025-06-24 11:53:38 Caused by: java.net.UnknownHostException: ldap-server
2025-06-24 11:53:38     at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:567)
2025-06-24 11:53:38     at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
2025-06-24 11:53:38     at java.base/java.net.Socket.connect(Socket.java:751)
2025-06-24 11:53:38     at java.base/java.net.Socket.connect(Socket.java:686)
2025-06-24 11:53:38     at java.base/java.net.Socket.<init>(Socket.java:555)
2025-06-24 11:53:38     at java.base/java.net.Socket.<init>(Socket.java:324)
2025-06-24 11:53:38     at java.base/javax.net.DefaultSocketFactory.createSocket(SocketFactory.java:267)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Connection.java:341)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:285)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:232)
2025-06-24 11:53:38     ... 62 more
2025-06-24 11:53:38 
2025-06-24 11:53:38 2025-06-24 09:53:38,096 WARN  [org.keycloak.services] (executor-thread-6) KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelException: LDAP Query failed
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:178)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:185)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.LDAPStorageProvider.loadLDAPUserByUsername(LDAPStorageProvider.java:1030)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.LDAPStorageProvider.getUserByUsername(LDAPStorageProvider.java:639)
2025-06-24 11:53:38     at org.keycloak.storage.UserStorageManager.lambda$getUserByUsername$19(UserStorageManager.java:411)
2025-06-24 11:53:38     at org.keycloak.utils.ServicesUtils.lambda$timeBoundOne$1(ServicesUtils.java:83)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
2025-06-24 11:53:38     at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400)
2025-06-24 11:53:38     at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:261)
2025-06-24 11:53:38     at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:261)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
2025-06-24 11:53:38     at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
2025-06-24 11:53:38     at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
2025-06-24 11:53:38     at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)
2025-06-24 11:53:38     at org.keycloak.storage.UserStorageManager.getUserByUsername(UserStorageManager.java:411)
2025-06-24 11:53:38     at org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:274)
2025-06-24 11:53:38     at org.keycloak.models.utils.KeycloakModelUtils.findUserByNameOrEmail(KeycloakModelUtils.java:253)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUserFromForm(AbstractUsernameFormAuthenticator.java:165)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUser(AbstractUsernameFormAuthenticator.java:144)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:125)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:55)
2025-06-24 11:53:38     at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:48)
2025-06-24 11:53:38     at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:151)
2025-06-24 11:53:38     at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:1031)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:376)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:347)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:339)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:405)
2025-06-24 11:53:38     at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_13d428b70e62601585246c086a52f40868a3208e.invoke(Unknown Source)
2025-06-24 11:53:38     at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
2025-06-24 11:53:38     at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
2025-06-24 11:53:38     at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
2025-06-24 11:53:38     at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
2025-06-24 11:53:38     at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
2025-06-24 11:53:38     at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
2025-06-24 11:53:38     at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
2025-06-24 11:53:38     at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
2025-06-24 11:53:38     at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2025-06-24 11:53:38     at java.base/java.lang.Thread.run(Thread.java:1583)
2025-06-24 11:53:38 Caused by: org.keycloak.models.ModelException: Querying of LDAP failed org.keycloak.storage.ldap.idm.query.internal.LDAPQuery@5a9abd5
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:294)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:174)
2025-06-24 11:53:38     ... 42 more
2025-06-24 11:53:38 Caused by: javax.naming.CommunicationException: ldap-server:1389 [Root exception is java.net.UnknownHostException: ldap-server]
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:253)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:141)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1620)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2848)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:349)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
2025-06-24 11:53:38     at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:520)
2025-06-24 11:53:38     at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
2025-06-24 11:53:38     at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
2025-06-24 11:53:38     at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:74)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:93)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:709)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:704)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:255)
2025-06-24 11:53:38     at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:278)
2025-06-24 11:53:38     ... 43 more
2025-06-24 11:53:38 Caused by: java.net.UnknownHostException: ldap-server
2025-06-24 11:53:38     at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:567)
2025-06-24 11:53:38     at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
2025-06-24 11:53:38     at java.base/java.net.Socket.connect(Socket.java:751)
2025-06-24 11:53:38     at java.base/java.net.Socket.connect(Socket.java:686)
2025-06-24 11:53:38     at java.base/java.net.Socket.<init>(Socket.java:555)
2025-06-24 11:53:38     at java.base/java.net.Socket.<init>(Socket.java:324)
2025-06-24 11:53:38     at java.base/javax.net.DefaultSocketFactory.createSocket(SocketFactory.java:267)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Connection.java:341)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:285)
2025-06-24 11:53:38     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:232)
2025-06-24 11:53:38     ... 62 more
2025-06-24 11:53:38 
2025-06-24 11:53:38 2025-06-24 09:53:38,099 WARN  [org.keycloak.events] (executor-thread-6) type="LOGIN_ERROR", realmId="openCloud", realmName="openCloud", clientId="web", userId="null", ipAddress="192.168.65.1", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="https://cloud.opencloud.test/oidc-callback.html", code_id="b587c732-3ef3-4635-8c32-d2c1923d3e57", username="admin"

Setup

Please describe how you started the server and provide a list of relevant environment variables or configuration files.

Details

OC_XXX=somevalue
OC_YYY=somevalue
PROXY_XXX=somevalue

Additional context

Add any other context about the problem here.

[ScharfViktor]

This is the blocker for our rolling release, so I set prio2.

[micbar]

From the logs, I see that it cannot find the openldap server.

[rhafer]

Just to point out the relevant log line:

2025-06-24 11:53:38 2025-06-24 09:53:38,094 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (executor-thread-6) Could not query server using DN [ou=users,dc=opencloud,dc=eu] and filter [(&(objectclass=inetOrgPerson)(uid=admin)(objectclass=top)(objectclass=person)(objectclass=organizationalPerson)(objectclass=inetOrgPerson))]: javax.naming.CommunicationException: ldap-server:1389 [Root exception is java.net.UnknownHostException: ldap-server]

[rhafer]

@ScharfViktor I think nowadays the keycloak support in the opencloud_full example as a dependency on the openldap container. So un-commenting the #LDAP=:ldap.yml line in the .env file might help.

[ScharfViktor]

@ScharfViktor I think nowadays the keycloak support in the opencloud_full example as a dependency on the openldap container. So un-commenting the #LDAP=:ldap.yml line in the .env file might help.

thank you. I can confirm that it works with enabled #LDAP=:ldap.yml