diff --git a/roles/usermanagement/files/verification.schema b/roles/usermanagement/files/verification.schema index ef9d2fd..977c92d 100644 --- a/roles/usermanagement/files/verification.schema +++ b/roles/usermanagement/files/verification.schema @@ -1,7 +1,7 @@ attributetype ( 1.2.6.1.4.1 NAME 'emailVerified' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.2.6.1.4.2 @@ -16,7 +16,7 @@ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) -objectclass ( 1.2.6.1.4.100 NAME 'verfication' +objectclass ( 1.2.6.1.4.100 NAME 'verification' DESC 'Class for various verification states' SUP top AUXILIARY diff --git a/roles/usermanagement/tasks/keycloak-ldap-provider.yaml b/roles/usermanagement/tasks/keycloak-ldap-provider.yaml index af23143..ba977cc 100644 --- a/roles/usermanagement/tasks/keycloak-ldap-provider.yaml +++ b/roles/usermanagement/tasks/keycloak-ldap-provider.yaml @@ -23,7 +23,7 @@ usernameLDAPAttribute: uid rdnLDAPAttribute: uid uuidLDAPAttribute: entryUUID - userObjectClasses: person, inetOrgPerson, organizationalPerson + userObjectClasses: person, inetOrgPerson, organizationalPerson, verification connectionUrl: "{{ ldap_connection_url }}" usersDn: "{{ ldap_user_dn }}" authType: simple @@ -102,6 +102,15 @@ read.only: true user.model.attribute: createTimestamp ldap.attribute: createTimestamp + - name: "email_verified" + providerId: "user-attribute-ldap-mapper" + providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" + config: + always.read.value.from.ldap: false + is.mandatory.in.ldap: false + read.only: false + user.model.attribute: emailVerified + ldap.attribute: emailVerified - name: "group-mapper" providerId: "group-ldap-mapper" providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"