feat: keycloak & ldap

roles/usermanagement/tasks/keycloak-ldap-provider.yaml

@@ -0,0 +1,94 @@
+- name: Create LDAP user federation
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: https://{{ keycloak_address }}
+    auth_realm: master
+    auth_username: admin
+    auth_password: "{{ keycloak_admin_password }}"
+    realm: master
+    name: ldap-ansible
+    state: present
+    provider_id: ldap
+    provider_type: org.keycloak.storage.UserStorageProvider
+    id: 11111111-0000-0000-0000-000000000001
+    config:
+      priority: 0
+      enabled: true
+      cachePolicy: DEFAULT
+      batchSizeForSync: 1000
+      editMode: WRITABLE
+      importEnabled: true
+      syncRegistrations: true
+      vendor: other
+      usernameLDAPAttribute: uid
+      rdnLDAPAttribute: uid
+      uuidLDAPAttribute: entryUUID
+      userObjectClasses: person, inetOrgPerson, organizationalPerson
+      connectionUrl: "{{ ldap_connection_url }}"
+      usersDn: "{{ ldap_user_dn }}"
+      authType: simple
+      bindDn: "{{ ldap_bind_dn }}"
+      bindCredential: "{{ ldap_password }}"
+      searchScope: "1"
+      validatePasswordPolicy: false
+      trustEmail: false
+      useTruststoreSpi: ldapsOnly
+      connectionPooling: true
+      pagination: true
+      allowKerberosAuthentication: false
+      debug: false
+      useKerberosForPasswordAuthentication: false
+    mappers:
+      - name: "username"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: false
+          is.mandatory.in.ldap: true
+          read.only: false
+          user.model.attribute: username
+          ldap.attribute: uid
+      - name: "email"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: false
+          is.mandatory.in.ldap: true
+          read.only: false
+          user.model.attribute: email
+          ldap.attribute: email
+      - name: "first name"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: true
+          is.mandatory.in.ldap: true
+          read.only: false
+          user.model.attribute: firstName
+          ldap.attribute: cn
+      - name: "last name"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: true
+          is.mandatory.in.ldap: true
+          read.only: false
+          user.model.attribute: lastName
+          ldap.attribute: sn
+      - name: "modify date"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: true
+          is.mandatory.in.ldap: false
+          read.only: false
+          user.model.attribute: modifyTimestamp
+          ldap.attribute: modifyTimestamp
+      - name: "creation date"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: true
+          is.mandatory.in.ldap: false
+          read.only: true
+          user.model.attribute: createTimestamp
+          ldap.attribute: createTimestamp