Hardcoded
Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP. The user model hardcoded attribute mapper will set the specified value to the attribute.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", {
name: "openldap",
realmId: realm.id,
usernameLdapAttribute: "cn",
rdnLdapAttribute: "cn",
uuidLdapAttribute: "entryDN",
userObjectClasses: [
"simpleSecurityObject",
"organizationalRole",
],
connectionUrl: "ldap://openldap",
usersDn: "dc=example,dc=org",
bindDn: "cn=admin,dc=example,dc=org",
bindCredential: "admin",
syncRegistrations: true,
});
const emailVerified = new keycloak.HardcodedAttributeMapper("email_verified", {
realmId: realm.id,
ldapUserFederationId: ldapUserFederation.id,
name: "email_verified",
attributeName: "email_verified",
attributeValue: "true",
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation",
name="openldap",
realm_id=realm.id,
username_ldap_attribute="cn",
rdn_ldap_attribute="cn",
uuid_ldap_attribute="entryDN",
user_object_classes=[
"simpleSecurityObject",
"organizationalRole",
],
connection_url="ldap://openldap",
users_dn="dc=example,dc=org",
bind_dn="cn=admin,dc=example,dc=org",
bind_credential="admin",
sync_registrations=True)
email_verified = keycloak.HardcodedAttributeMapper("email_verified",
realm_id=realm.id,
ldap_user_federation_id=ldap_user_federation.id,
name="email_verified",
attribute_name="email_verified",
attribute_value="true")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new()
{
Name = "openldap",
RealmId = realm.Id,
UsernameLdapAttribute = "cn",
RdnLdapAttribute = "cn",
UuidLdapAttribute = "entryDN",
UserObjectClasses = new[]
{
"simpleSecurityObject",
"organizationalRole",
},
ConnectionUrl = "ldap://openldap",
UsersDn = "dc=example,dc=org",
BindDn = "cn=admin,dc=example,dc=org",
BindCredential = "admin",
SyncRegistrations = true,
});
var emailVerified = new Keycloak.HardcodedAttributeMapper("email_verified", new()
{
RealmId = realm.Id,
LdapUserFederationId = ldapUserFederation.Id,
Name = "email_verified",
AttributeName = "email_verified",
AttributeValue = "true",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{
Name: pulumi.String("openldap"),
RealmId: realm.ID(),
UsernameLdapAttribute: pulumi.String("cn"),
RdnLdapAttribute: pulumi.String("cn"),
UuidLdapAttribute: pulumi.String("entryDN"),
UserObjectClasses: pulumi.StringArray{
pulumi.String("simpleSecurityObject"),
pulumi.String("organizationalRole"),
},
ConnectionUrl: pulumi.String("ldap://openldap"),
UsersDn: pulumi.String("dc=example,dc=org"),
BindDn: pulumi.String("cn=admin,dc=example,dc=org"),
BindCredential: pulumi.String("admin"),
SyncRegistrations: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = keycloak.NewHardcodedAttributeMapper(ctx, "email_verified", &keycloak.HardcodedAttributeMapperArgs{
RealmId: realm.ID(),
LdapUserFederationId: ldapUserFederation.ID(),
Name: pulumi.String("email_verified"),
AttributeName: pulumi.String("email_verified"),
AttributeValue: pulumi.String("true"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.HardcodedAttributeMapper;
import com.pulumi.keycloak.HardcodedAttributeMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()
.name("openldap")
.realmId(realm.id())
.usernameLdapAttribute("cn")
.rdnLdapAttribute("cn")
.uuidLdapAttribute("entryDN")
.userObjectClasses(
"simpleSecurityObject",
"organizationalRole")
.connectionUrl("ldap://openldap")
.usersDn("dc=example,dc=org")
.bindDn("cn=admin,dc=example,dc=org")
.bindCredential("admin")
.syncRegistrations(true)
.build());
var emailVerified = new HardcodedAttributeMapper("emailVerified", HardcodedAttributeMapperArgs.builder()
.realmId(realm.id())
.ldapUserFederationId(ldapUserFederation.id())
.name("email_verified")
.attributeName("email_verified")
.attributeValue("true")
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
ldapUserFederation:
type: keycloak:ldap:UserFederation
name: ldap_user_federation
properties:
name: openldap
realmId: ${realm.id}
usernameLdapAttribute: cn
rdnLdapAttribute: cn
uuidLdapAttribute: entryDN
userObjectClasses:
- simpleSecurityObject
- organizationalRole
connectionUrl: ldap://openldap
usersDn: dc=example,dc=org
bindDn: cn=admin,dc=example,dc=org
bindCredential: admin
syncRegistrations: true
emailVerified:
type: keycloak:HardcodedAttributeMapper
name: email_verified
properties:
realmId: ${realm.id}
ldapUserFederationId: ${ldapUserFederation.id}
name: email_verified
attributeName: email_verified
attributeValue: 'true'Content copied to clipboard
Import
LDAP mappers can be imported using the format {{realm_id}}/{{ldap_user_federation_id}}/{{attribute__mapper_id}}. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Example: bash
$ pulumi import keycloak:index/hardcodedAttributeMapper:HardcodedAttributeMapper email_verified my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67Content copied to clipboard
Properties
Link copied to clipboard
The name of the user model attribute to set.
Link copied to clipboard
The value to set to model attribute. You can hardcode any value like 'foo'.
Link copied to clipboard
The ID of the LDAP user federation provider to attach this mapper to.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard