37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# File 'manifests/freeipa_user_provider.pp', line 37
define keycloak::freeipa_user_provider (
String $realm,
String $bind_dn,
String $bind_credential,
String $users_dn,
Enum['present', 'absent'] $ensure = 'present',
Optional[String] $id = undef,
Stdlib::Host $ipa_host = $title,
Integer $priority = 10,
Boolean $ldaps = false,
Optional[Integer] $full_sync_period = undef,
Optional[Integer] $changed_sync_period = undef
) {
if $ldaps {
$connection_url = "ldaps://${ipa_host}:636"
}
else {
$connection_url = "ldap://${ipa_host}:389"
}
keycloak_ldap_user_provider { "${ipa_host} on ${realm}":
ensure => 'present',
id => $id,
auth_type => 'simple',
bind_credential => $bind_credential,
bind_dn => $bind_dn,
connection_url => $connection_url,
edit_mode => 'READ_ONLY',
import_enabled => 'true',
priority => $priority,
rdn_ldap_attribute => 'uid',
search_scope => '1',
use_kerberos_for_password_authentication => 'false',
use_truststore_spi => 'always',
user_object_classes => ['inetOrgPerson', ' organizationalPerson'],
username_ldap_attribute => 'uid',
users_dn => $users_dn,
uuid_ldap_attribute => 'ipaUniqueID',
vendor => 'rhds',
full_sync_period => $full_sync_period,
changed_sync_period => $changed_sync_period,
}
}
|