mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-06 07:51:35 +01:00
95 lines
3.3 KiB
YAML
95 lines
3.3 KiB
YAML
- name: Create LDAP user federation
|
|
community.general.keycloak_user_federation:
|
|
auth_keycloak_url: https://{{ keycloak_address }}
|
|
auth_realm: master
|
|
auth_username: admin
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
realm: master
|
|
name: ldap-ansible
|
|
state: present
|
|
provider_id: ldap
|
|
provider_type: org.keycloak.storage.UserStorageProvider
|
|
id: 11111111-0000-0000-0000-000000000001
|
|
config:
|
|
priority: 0
|
|
enabled: true
|
|
cachePolicy: DEFAULT
|
|
batchSizeForSync: 1000
|
|
editMode: WRITABLE
|
|
importEnabled: true
|
|
syncRegistrations: true
|
|
vendor: other
|
|
usernameLDAPAttribute: uid
|
|
rdnLDAPAttribute: uid
|
|
uuidLDAPAttribute: entryUUID
|
|
userObjectClasses: person, inetOrgPerson, organizationalPerson
|
|
connectionUrl: "{{ ldap_connection_url }}"
|
|
usersDn: "{{ ldap_user_dn }}"
|
|
authType: simple
|
|
bindDn: "{{ ldap_bind_dn }}"
|
|
bindCredential: "{{ ldap_password }}"
|
|
searchScope: "1"
|
|
validatePasswordPolicy: false
|
|
trustEmail: false
|
|
useTruststoreSpi: ldapsOnly
|
|
connectionPooling: true
|
|
pagination: true
|
|
allowKerberosAuthentication: false
|
|
debug: false
|
|
useKerberosForPasswordAuthentication: false
|
|
mappers:
|
|
- name: "username"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: false
|
|
is.mandatory.in.ldap: true
|
|
read.only: false
|
|
user.model.attribute: username
|
|
ldap.attribute: uid
|
|
- name: "email"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: false
|
|
is.mandatory.in.ldap: true
|
|
read.only: false
|
|
user.model.attribute: email
|
|
ldap.attribute: email
|
|
- name: "first name"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: true
|
|
is.mandatory.in.ldap: true
|
|
read.only: false
|
|
user.model.attribute: firstName
|
|
ldap.attribute: cn
|
|
- name: "last name"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: true
|
|
is.mandatory.in.ldap: true
|
|
read.only: false
|
|
user.model.attribute: lastName
|
|
ldap.attribute: sn
|
|
- name: "modify date"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: true
|
|
is.mandatory.in.ldap: false
|
|
read.only: false
|
|
user.model.attribute: modifyTimestamp
|
|
ldap.attribute: modifyTimestamp
|
|
- name: "creation date"
|
|
providerId: "user-attribute-ldap-mapper"
|
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
|
config:
|
|
always.read.value.from.ldap: true
|
|
is.mandatory.in.ldap: false
|
|
read.only: true
|
|
user.model.attribute: createTimestamp
|
|
ldap.attribute: createTimestamp
|