Custom
data class CustomMapperArgs(val config: Output<Map<String, String>>? = null, val ldapUserFederationId: Output<String>? = null, val name: Output<String>? = null, val providerId: Output<String>? = null, val providerType: Output<String>? = null, val realmId: Output<String>? = null) : ConvertibleToJava<CustomMapperArgs>
Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP. The LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to specify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional properties via config map. The custom mapper should already be deployed into keycloak in order to be correctly configured.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", {
name: "openldap",
realmId: realm.id,
usernameLdapAttribute: "cn",
rdnLdapAttribute: "cn",
uuidLdapAttribute: "entryDN",
userObjectClasses: [
"simpleSecurityObject",
"organizationalRole",
],
connectionUrl: "ldap://openldap",
usersDn: "dc=example,dc=org",
bindDn: "cn=admin,dc=example,dc=org",
bindCredential: "admin",
});
const customMapper = new keycloak.ldap.CustomMapper("custom_mapper", {
name: "custom-mapper",
realmId: openldap.realmId,
ldapUserFederationId: openldap.id,
providerId: "custom-provider-registered-in-keycloak",
providerType: "com.example.custom.ldap.mappers.CustomMapper",
config: {
"attribute.name": "name",
"attribute.value": "value",
},
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation",
name="openldap",
realm_id=realm.id,
username_ldap_attribute="cn",
rdn_ldap_attribute="cn",
uuid_ldap_attribute="entryDN",
user_object_classes=[
"simpleSecurityObject",
"organizationalRole",
],
connection_url="ldap://openldap",
users_dn="dc=example,dc=org",
bind_dn="cn=admin,dc=example,dc=org",
bind_credential="admin")
custom_mapper = keycloak.ldap.CustomMapper("custom_mapper",
name="custom-mapper",
realm_id=openldap["realmId"],
ldap_user_federation_id=openldap["id"],
provider_id="custom-provider-registered-in-keycloak",
provider_type="com.example.custom.ldap.mappers.CustomMapper",
config={
"attribute.name": "name",
"attribute.value": "value",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new()
{
Name = "openldap",
RealmId = realm.Id,
UsernameLdapAttribute = "cn",
RdnLdapAttribute = "cn",
UuidLdapAttribute = "entryDN",
UserObjectClasses = new[]
{
"simpleSecurityObject",
"organizationalRole",
},
ConnectionUrl = "ldap://openldap",
UsersDn = "dc=example,dc=org",
BindDn = "cn=admin,dc=example,dc=org",
BindCredential = "admin",
});
var customMapper = new Keycloak.Ldap.CustomMapper("custom_mapper", new()
{
Name = "custom-mapper",
RealmId = openldap.RealmId,
LdapUserFederationId = openldap.Id,
ProviderId = "custom-provider-registered-in-keycloak",
ProviderType = "com.example.custom.ldap.mappers.CustomMapper",
Config =
{
{ "attribute.name", "name" },
{ "attribute.value", "value" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{
Name: pulumi.String("openldap"),
RealmId: realm.ID(),
UsernameLdapAttribute: pulumi.String("cn"),
RdnLdapAttribute: pulumi.String("cn"),
UuidLdapAttribute: pulumi.String("entryDN"),
UserObjectClasses: pulumi.StringArray{
pulumi.String("simpleSecurityObject"),
pulumi.String("organizationalRole"),
},
ConnectionUrl: pulumi.String("ldap://openldap"),
UsersDn: pulumi.String("dc=example,dc=org"),
BindDn: pulumi.String("cn=admin,dc=example,dc=org"),
BindCredential: pulumi.String("admin"),
})
if err != nil {
return err
}
_, err = ldap.NewCustomMapper(ctx, "custom_mapper", &ldap.CustomMapperArgs{
Name: pulumi.String("custom-mapper"),
RealmId: pulumi.Any(openldap.RealmId),
LdapUserFederationId: pulumi.Any(openldap.Id),
ProviderId: pulumi.String("custom-provider-registered-in-keycloak"),
ProviderType: pulumi.String("com.example.custom.ldap.mappers.CustomMapper"),
Config: pulumi.StringMap{
"attribute.name": pulumi.String("name"),
"attribute.value": pulumi.String("value"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.ldap.CustomMapper;
import com.pulumi.keycloak.ldap.CustomMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()
.name("openldap")
.realmId(realm.id())
.usernameLdapAttribute("cn")
.rdnLdapAttribute("cn")
.uuidLdapAttribute("entryDN")
.userObjectClasses(
"simpleSecurityObject",
"organizationalRole")
.connectionUrl("ldap://openldap")
.usersDn("dc=example,dc=org")
.bindDn("cn=admin,dc=example,dc=org")
.bindCredential("admin")
.build());
var customMapper = new CustomMapper("customMapper", CustomMapperArgs.builder()
.name("custom-mapper")
.realmId(openldap.realmId())
.ldapUserFederationId(openldap.id())
.providerId("custom-provider-registered-in-keycloak")
.providerType("com.example.custom.ldap.mappers.CustomMapper")
.config(Map.ofEntries(
Map.entry("attribute.name", "name"),
Map.entry("attribute.value", "value")
))
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
ldapUserFederation:
type: keycloak:ldap:UserFederation
name: ldap_user_federation
properties:
name: openldap
realmId: ${realm.id}
usernameLdapAttribute: cn
rdnLdapAttribute: cn
uuidLdapAttribute: entryDN
userObjectClasses:
- simpleSecurityObject
- organizationalRole
connectionUrl: ldap://openldap
usersDn: dc=example,dc=org
bindDn: cn=admin,dc=example,dc=org
bindCredential: admin
customMapper:
type: keycloak:ldap:CustomMapper
name: custom_mapper
properties:
name: custom-mapper
realmId: ${openldap.realmId}
ldapUserFederationId: ${openldap.id}
providerId: custom-provider-registered-in-keycloak
providerType: com.example.custom.ldap.mappers.CustomMapper
config:
attribute.name: name
attribute.value: valueContent copied to clipboard
Import
LDAP mappers can be imported using the format {{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Example: bash
$ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67Content copied to clipboard