Resource Type: keycloak_ldap_user_provider

Defined in:
lib/puppet/type/keycloak_ldap_user_provider.rb
Providers:
kcadm

Overview

Manage Keycloak LDAP user providers

Examples:

Add LDAP user provider to test realm

keycloak_ldap_user_provider { 'LDAP on test':
  ensure             => 'present',
  users_dn           => 'ou=People,dc=example,dc=com',
  connection_url     => 'ldaps://ldap1.example.com:636 ldaps://ldap2.example.com:636',
  import_enabled     => false,
  use_truststore_spi => 'never',
}

Properties

  • allow_kerberos_authentication

    allowKerberosAuthentication

    Supported values:
    • true
    • false
  • auth_type (defaults to: none)

    authType

    Supported values:
    • none
    • simple
  • batch_size_for_sync (defaults to: 1000)

    batchSizeForSync

  • bind_credential

    bindCredential

  • bind_dn

    bindDn

  • cache_policy (defaults to: DEFAULT)

    cachePolicy

    Supported values:
    • DEFAULT
    • EVICT_DAILY
    • EVICT_WEEKLY
    • MAX_LIFESPAN
    • NO_CACHE
  • changed_sync_period (defaults to: -1)

    changedSyncPeriod

  • connection_url

    connectionUrl

  • custom_user_search_filter (defaults to: absent)

    customUserSearchFilter

    Supported values:
    • %r{.*}
    • absent
  • edit_mode (defaults to: READ_ONLY)

    editMode

    Supported values:
    • READ_ONLY
    • WRITABLE
    • UNSYNCED
  • enabled (defaults to: true)

    enabled

    Supported values:
    • true
    • false
  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • full_sync_period (defaults to: -1)

    fullSyncPeriod

  • import_enabled (defaults to: true)

    importEnabled

    Supported values:
    • true
    • false
  • kerberos_realm

    kerberosRealm

  • key_tab

    keyTab

  • priority (defaults to: 0)

    priority

  • rdn_ldap_attribute (defaults to: uid)

    rdnLdapAttribute

  • search_scope

    searchScope

    Supported values:
    • one
    • one_level
    • subtree
    • 1
    • 2
    • 1
    • 2
  • server_principal

    serverPrincipal

  • sync_registrations (defaults to: false)

    syncRegistrations

    Supported values:
    • true
    • false
  • trust_email (defaults to: false)

    trustEmail

    Supported values:
    • true
    • false
  • use_kerberos_for_password_authentication

    useKerberosForPasswordAuthentication

    Supported values:
    • true
    • false
  • use_truststore_spi (defaults to: always)

    useTruststoreSpi

    Supported values:
    • always
    • never
  • user_object_classes (defaults to: ['inetOrgPerson', 'organizationalPerson'])

    userObjectClasses

  • username_ldap_attribute (defaults to: uid)

    usernameLdapAttribute

  • users_dn

    usersDn

  • uuid_ldap_attribute (defaults to: entryUUID)

    uuidLdapAttribute

  • vendor (defaults to: other)

    vendor

    Supported values:
    • ad
    • rhds
    • tivoli
    • eDirectory
    • other

Parameters

  • id

    Id

  • name (namevar)

    The LDAP user provider name

  • provider

    The specific backend to use for this keycloak_ldap_user_provider resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • realm

    parentId

  • resource_name

    The LDAP user provider name. Defaults to name.