You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 lines
3.4 KiB
YAML
107 lines
3.4 KiB
YAML
- name: Create ldap user storage provider in realm {{ realm }}
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
|
|
method: POST
|
|
body_format: json
|
|
body: '{
|
|
"name": "{{ provider_name }}",
|
|
"providerId": "ldap",
|
|
"providerType": "org.keycloak.storage.UserStorageProvider",
|
|
"parentId": "{{ realm }}",
|
|
"config": {
|
|
"allowKerberosAuthentication": ["false"],
|
|
"authType": ["simple"],
|
|
"batchSizeForSync": ["1000"],
|
|
"bindCredential": ["{{ ldap_password }}"],
|
|
"bindDn": ["{{ ldap_username }}"],
|
|
"cachePolicy": ["DEFAULT"],
|
|
"changedSyncPeriod": ["86400"],
|
|
"connectionPooling": ["true"],
|
|
"connectionUrl": ["{{ ldap_connection_url }}"],
|
|
"customUserSearchFilter": ["{{ custom_user_search_filter }}"],
|
|
"debug": ["false"],
|
|
"editMode": ["READ_ONLY"],
|
|
"enabled": ["true"],
|
|
"fullSyncPeriod": ["604800"],
|
|
"importEnabled": ["true"],
|
|
"pagination": ["true"],
|
|
"priority": ["0"],
|
|
"rdnLDAPAttribute": ["cn"],
|
|
"searchScope": ["{{ search_scope }}"],
|
|
"syncRegistrations": ["false"],
|
|
"trustEmail": ["false"],
|
|
"useKerberosForPasswordAuthentication": ["false"],
|
|
"usernameLDAPAttribute": ["{{ ldap_username_attribute }}"],
|
|
"userObjectClasses": ["person, organizationalPerson, user"],
|
|
"usersDn": ["{{ usersDn }}"],
|
|
"useTruststoreSpi": ["ldapsOnly"],
|
|
"uuidLDAPAttribute": ["objectGUID"],
|
|
"validatePasswordPolicy": ["false"],
|
|
"vendor": ["ad"]
|
|
}
|
|
}'
|
|
status_code: [201]
|
|
headers:
|
|
Authorization: "Bearer {{ access_token }}"
|
|
register: response
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Get id of created user storage provider
|
|
uri:
|
|
url: "{{ response.location }}"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ access_token }}"
|
|
register: response
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Create user attribute mapper for firstName
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
|
|
method: POST
|
|
body_format: json
|
|
body: '{
|
|
"name": "first name",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"providerType": "org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
|
|
"parentId": "{{ response.json.id }}",
|
|
"config": {
|
|
"ldap.attribute": ["givenName"],
|
|
"is.mandatory.in.ldap": ["false"],
|
|
"is.binary.attribute": ["false"],
|
|
"read.only": ["true"],
|
|
"always.read.value.from.ldap": ["false"],
|
|
"user.model.attribute": ["firstName"]
|
|
}
|
|
}'
|
|
headers:
|
|
Authorization: "Bearer {{ access_token }}"
|
|
status_code: [201]
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Create user role mappers
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
|
|
method: POST
|
|
body_format: json
|
|
body: '{
|
|
"name": "{{ role.name }}",
|
|
"providerId": "hardcoded-ldap-role-mapper",
|
|
"providerType": "org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
|
|
"config": {
|
|
"role": ["{{ role.role_id }}"],
|
|
},
|
|
"parentId": "{{ response.json.id }}",
|
|
}'
|
|
headers:
|
|
Authorization: "Bearer {{ access_token }}"
|
|
status_code: [201]
|
|
when: hardcoded_user_roles is defined
|
|
with_items: "{{ hardcoded_user_roles }}"
|
|
loop_control:
|
|
loop_var: role
|
|
tags:
|
|
- update_realms |