- name: Create LDAP user federation
  community.general.keycloak_user_federation:
    auth_keycloak_url: https://{{ keycloak_address }}
    auth_realm: master
    auth_username: admin
    auth_password: "{{ keycloak_admin_password }}"
    realm: master
    name: ldap-ansible
    state: present
    provider_id: ldap
    provider_type: org.keycloak.storage.UserStorageProvider
    id: 11111111-0000-0000-0000-000000000001
    config:
      priority: 0
      enabled: true
      cachePolicy: DEFAULT
      batchSizeForSync: 1000
      editMode: WRITABLE
      importEnabled: true
      syncRegistrations: true
      vendor: other
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
      userObjectClasses: person, inetOrgPerson, organizationalPerson
      connectionUrl: "{{ ldap_connection_url }}"
      usersDn: "{{ ldap_user_dn }}"
      authType: simple
      bindDn: "{{ ldap_bind_dn }}"
      bindCredential: "{{ ldap_password }}"
      searchScope: "1"
      validatePasswordPolicy: false
      trustEmail: false
      useTruststoreSpi: ldapsOnly
      connectionPooling: true
      pagination: true
      allowKerberosAuthentication: false
      debug: false
      useKerberosForPasswordAuthentication: false
    mappers:
      - name: "username"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: false
          is.mandatory.in.ldap: true
          read.only: false
          user.model.attribute: username
          ldap.attribute: uid
      - name: "email"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: false
          is.mandatory.in.ldap: true
          read.only: false
          user.model.attribute: email
          ldap.attribute: email
      - name: "first name"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: true
          is.mandatory.in.ldap: true
          read.only: false
          user.model.attribute: firstName
          ldap.attribute: cn
      - name: "last name"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: true
          is.mandatory.in.ldap: true
          read.only: false
          user.model.attribute: lastName
          ldap.attribute: sn
      - name: "modify date"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: true
          is.mandatory.in.ldap: false
          read.only: false
          user.model.attribute: modifyTimestamp
          ldap.attribute: modifyTimestamp
      - name: "creation date"
        providerId: "user-attribute-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          always.read.value.from.ldap: true
          is.mandatory.in.ldap: false
          read.only: true
          user.model.attribute: createTimestamp
          ldap.attribute: createTimestamp