Resource Type: keycloak_ldap_mapper

Defined in:: lib/puppet/type/keycloak_ldap_mapper.rb

Providers:: kcadm

Overview

Manage Keycloak LDAP attribute mappers

Examples:

Add full name attribute mapping

keycloak_ldap_mapper { 'full name for LDAP-test on test:
  ensure         => 'present',
  type           => 'full-name-ldap-mapper',
  ldap_attribute => 'gecos',
}

Properties

always_read_value_from_ldap

always.read.value.from.ldap. Defaults to true if type is user-attribute-ldap-mapper.
Supported values:
- true
- false
client_id

client.id, only for type of role-ldap-mapper
drop_non_existing_groups_during_sync

drop.non.existing.groups.during.sync, only for type of group-ldap-mapper
Supported values:
- true
- false
ensure (defaults to: present)

The basic property that the resource should be in.
Supported values:
- present
- absent
group_name_ldap_attribute

group.name.ldap.attribute, only for type of group-ldap-mapper
group_object_classes

group.object.classes, only for type of group-ldap-mapper
groups_dn

groups.dn, only for type of group-ldap-mapper
groups_ldap_filter

groups.ldap.filter, only for type of group-ldap-mapper
ignore_missing_groups

ignore.missing.groups, only for type of group-ldap-mapper
Supported values:
- true
- false
is_mandatory_in_ldap

is.mandatory.in.ldap. Defaults to false unless type is full-name-ldap-mapper.
ldap_attribute

ldap.attribute
mapped_group_attributes

mapped.group.attributes, only for type of group-ldap-mapper
memberof_ldap_attribute

memberof.ldap.attribute, only for type of group-ldap-mapper and role-ldap-mapper
membership_attribute_type

membership.attribute.type, only for type of group-ldap-mapper and role-ldap-mapper
Supported values:
- DN
- UID
membership_ldap_attribute

membership.ldap.attribute, only for type of group-ldap-mapper and role-ldap-mapper
membership_user_ldap_attribute

membership.user.ldap.attribute, only for type of group-ldap-mapper and role-ldap-mapper
mode

mode, only for type of group-ldap-mapper and role-ldap-mapper
Supported values:
- READ_ONLY
- LDAP_ONLY
preserve_group_inheritance

preserve.group.inheritance, only for type of group-ldap-mapper
Supported values:
- true
- false
read_only

read.only
Supported values:
- true
- false
role_name_ldap_attribute

role.name.ldap.attribute, only for type of role-ldap-mapper
role_object_classes

role.object.classes, only for type of role-ldap-mapper
roles_dn

roles.dn, only for type of role-ldap-mapper
roles_ldap_filter

roles.ldap.filter, only for type of role-ldap-mapper
use_realm_roles_mapping

use.realm.roles.mapping, only for type of role-ldap-mapper
Supported values:
- true
- false
user_model_attribute

user.model.attribute
user_roles_retrieve_strategy

user.roles.retrieve.strategy, only for type of group-ldap-mapper and role-ldap-mapper
Supported values:
- LOAD_GROUPS_BY_MEMBER_ATTRIBUTE
- GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE
- LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY
- LOAD_ROLES_BY_MEMBER_ATTRIBUTE
- GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE
- LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY
write_only

write.only. Defaults to false if type is full-name-ldap-mapper.
Supported values:
- true
- false

Parameters

id

Id.
ldap

Name of parent keycloak_ldap_user_provider resource
name (namevar)

The LDAP mapper name
parent_id

parentId
provider

The specific backend to use for this keycloak_ldap_mapper resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
realm

realm
resource_name

The LDAP mapper name. Defaults to name
type (defaults to: user-attribute-ldap-mapper)

providerId
Supported values:
- user-attribute-ldap-mapper
- full-name-ldap-mapper
- group-ldap-mapper
- role-ldap-mapper