feat: verifiedEmail LDAP support

2025-12-06 09:01:38 +01:00 · 2023-07-25 08:29:48 +00:00
parent af4d36523f
commit a7ee9ac405
2 changed files with 13 additions and 4 deletions
--- a/roles/usermanagement/files/verification.schema
+++ b/roles/usermanagement/files/verification.schema
@@ -1,7 +1,7 @@
 attributetype ( 1.2.6.1.4.1
       NAME 'emailVerified'
-       EQUALITY booleanMatch
-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+       EQUALITY caseIgnoreMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
       SINGLE-VALUE )

 attributetype ( 1.2.6.1.4.2
@@ -16,7 +16,7 @@
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
       SINGLE-VALUE )

-objectclass (  1.2.6.1.4.100 NAME 'verfication'
+objectclass (  1.2.6.1.4.100 NAME 'verification'
 	DESC 'Class for various verification states'
 	SUP top
    AUXILIARY
--- a/roles/usermanagement/tasks/keycloak-ldap-provider.yaml
+++ b/roles/usermanagement/tasks/keycloak-ldap-provider.yaml
@@ -23,7 +23,7 @@
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
-      userObjectClasses: person, inetOrgPerson, organizationalPerson
+      userObjectClasses: person, inetOrgPerson, organizationalPerson, verification
      connectionUrl: "{{ ldap_connection_url }}"
      usersDn: "{{ ldap_user_dn }}"
      authType: simple
@@ -102,6 +102,15 @@
          read.only: true
          user.model.attribute: createTimestamp
          ldap.attribute: createTimestamp
+      - name: "email_verified"
+        providerId: "user-attribute-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          always.read.value.from.ldap: false
+          is.mandatory.in.ldap: false
+          read.only: false
+          user.model.attribute: emailVerified
+          ldap.attribute: emailVerified
      - name: "group-mapper"
        providerId: "group-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"