fix: split keycloak config

roles/usermanagement/tasks/keycloak-ldap-provider.yaml

@@ -18,6 +18,7 @@
       editMode: WRITABLE
       importEnabled: true
       syncRegistrations: true
+      fullSyncPeriod: 600
       vendor: other
       usernameLDAPAttribute: uid
       rdnLDAPAttribute: uid
@@ -92,3 +93,20 @@
           read.only: true
           user.model.attribute: createTimestamp
           ldap.attribute: createTimestamp
+      - name: "group-mapper"
+        providerId: "group-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          membership.attribute.type: "DN"
+          group.name.ldap.attribute: "cn"
+          preserve.group.inheritance: true
+          membership.user.ldap.attribute: "uid"
+          groups.dn: "ou=groups,{{ ldap_suffix }}"
+          mode: "LDAP_ONLY"
+          user.roles.retrieve.strategy: "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
+          ignore.missing.groups: false
+          membership.ldap.attribute: "member"
+          group.object.classes: "groupOfNames"
+          memberof.ldap.attribute: "memberOf"
+          groups.path: "/"
+          drop.non.existing.groups.during.sync : true