Resource Type: keycloak_ldap_mapper
- Defined in:
- lib/puppet/type/keycloak_ldap_mapper.rb
- Providers:
-
kcadm
Overview
Manage Keycloak LDAP attribute mappers
Examples:
Add full name attribute mapping
keycloak_ldap_mapper { 'full name for LDAP-test on test:
ensure => 'present',
type => 'full-name-ldap-mapper',
ldap_attribute => 'gecos',
}Properties
-
always_read_value_from_ldap
always.read.value.from.ldap. Defaults to ‘true` if `type` is `user-attribute-ldap-mapper`.
Supported values:- true
- false
-
client_id
client.id, only for ‘type` of `role-ldap-mapper`
-
drop_non_existing_groups_during_sync
drop.non.existing.groups.during.sync, only for ‘type` of `group-ldap-mapper`
Supported values:- true
- false
-
ensure
(defaults to: present)
The basic property that the resource should be in.
Supported values:- present
- absent
-
group_name_ldap_attribute
group.name.ldap.attribute, only for ‘type` of `group-ldap-mapper`
-
group_object_classes
group.object.classes, only for ‘type` of `group-ldap-mapper`
-
groups_dn
groups.dn, only for ‘type` of `group-ldap-mapper`
-
groups_ldap_filter
groups.ldap.filter, only for ‘type` of `group-ldap-mapper`
-
ignore_missing_groups
ignore.missing.groups, only for ‘type` of `group-ldap-mapper`
Supported values:- true
- false
-
is_mandatory_in_ldap
is.mandatory.in.ldap. Defaults to ‘false` unless `type` is `full-name-ldap-mapper`.
-
ldap_attribute
ldap.attribute
-
mapped_group_attributes
mapped.group.attributes, only for ‘type` of `group-ldap-mapper`
-
memberof_ldap_attribute
memberof.ldap.attribute, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
-
membership_attribute_type
membership.attribute.type, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
Supported values:- DN
- UID
-
membership_ldap_attribute
membership.ldap.attribute, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
-
membership_user_ldap_attribute
membership.user.ldap.attribute, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
-
mode
mode, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
Supported values:- READ_ONLY
- LDAP_ONLY
-
preserve_group_inheritance
preserve.group.inheritance, only for ‘type` of `group-ldap-mapper`
Supported values:- true
- false
-
read_only
read.only
Supported values:- true
- false
-
role_name_ldap_attribute
role.name.ldap.attribute, only for ‘type` of `role-ldap-mapper`
-
role_object_classes
role.object.classes, only for ‘type` of `role-ldap-mapper`
-
roles_dn
roles.dn, only for ‘type` of `role-ldap-mapper`
-
roles_ldap_filter
roles.ldap.filter, only for ‘type` of `role-ldap-mapper`
-
use_realm_roles_mapping
use.realm.roles.mapping, only for ‘type` of `role-ldap-mapper`
Supported values:- true
- false
-
user_model_attribute
user.model.attribute
-
user_roles_retrieve_strategy
user.roles.retrieve.strategy, only for ‘type` of `group-ldap-mapper` and `role-ldap-mapper`
Supported values:- LOAD_GROUPS_BY_MEMBER_ATTRIBUTE
- GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE
- LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY
- LOAD_ROLES_BY_MEMBER_ATTRIBUTE
- GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE
- LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY
-
write_only
write.only. Defaults to ‘false` if `type` is `full-name-ldap-mapper`.
Supported values:- true
- false
Parameters
-
id
Id.
-
ldap
Name of parent ‘keycloak_ldap_user_provider` resource
-
name (namevar)
The LDAP mapper name
-
parent_id
parentId
-
provider
The specific backend to use for this ‘keycloak_ldap_mapper` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
-
realm
realm
-
resource_name
The LDAP mapper name. Defaults to ‘name`
-
type
(defaults to: user-attribute-ldap-mapper)
providerId
Supported values:- user-attribute-ldap-mapper
- full-name-ldap-mapper
- group-ldap-mapper
- role-ldap-mapper