INF-162 - Enable the LDAP configuration from REST API
- Create LDAP configuration
- Create LDAP mappers
- Enable Audit logging
- Verify the LDAP Authentication in Molecule environment
- Verify the user operation, create from Keycloak and search from LDAP
Change-Id: Ie6ea7f40cfe403ee3747a30b0bfb3acc9c72057f
diff --git a/templates/keycloak.event.config.j2 b/templates/keycloak.event.config.j2
new file mode 100644
index 0000000..d13367d
--- /dev/null
+++ b/templates/keycloak.event.config.j2
@@ -0,0 +1,93 @@
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+{
+ "eventsEnabled":true,
+ "eventsListeners":[
+ "jboss-logging"
+ ],
+ "enabledEventTypes":[
+ "SEND_RESET_PASSWORD",
+ "UPDATE_CONSENT_ERROR",
+ "GRANT_CONSENT",
+ "VERIFY_PROFILE_ERROR", "REMOVE_TOTP",
+ "REVOKE_GRANT",
+ "UPDATE_TOTP",
+ "LOGIN_ERROR",
+ "CLIENT_LOGIN",
+ "RESET_PASSWORD_ERROR",
+ "IMPERSONATE_ERROR",
+ "CODE_TO_TOKEN_ERROR",
+ "CUSTOM_REQUIRED_ACTION",
+ "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR",
+ "RESTART_AUTHENTICATION",
+ "IMPERSONATE",
+ "UPDATE_PROFILE_ERROR",
+ "LOGIN",
+ "OAUTH2_DEVICE_VERIFY_USER_CODE",
+ "UPDATE_PASSWORD_ERROR",
+ "CLIENT_INITIATED_ACCOUNT_LINKING",
+ "TOKEN_EXCHANGE",
+ "AUTHREQID_TO_TOKEN",
+ "LOGOUT",
+ "REGISTER",
+ "DELETE_ACCOUNT_ERROR",
+ "CLIENT_REGISTER",
+ "IDENTITY_PROVIDER_LINK_ACCOUNT",
+ "DELETE_ACCOUNT",
+ "UPDATE_PASSWORD",
+ "CLIENT_DELETE",
+ "FEDERATED_IDENTITY_LINK_ERROR",
+ "IDENTITY_PROVIDER_FIRST_LOGIN",
+ "CLIENT_DELETE_ERROR",
+ "VERIFY_EMAIL",
+ "CLIENT_LOGIN_ERROR",
+ "RESTART_AUTHENTICATION_ERROR",
+ "EXECUTE_ACTIONS",
+ "REMOVE_FEDERATED_IDENTITY_ERROR",
+ "TOKEN_EXCHANGE_ERROR",
+ "PERMISSION_TOKEN",
+ "SEND_IDENTITY_PROVIDER_LINK_ERROR",
+ "EXECUTE_ACTION_TOKEN_ERROR",
+ "SEND_VERIFY_EMAIL",
+ "OAUTH2_DEVICE_AUTH",
+ "EXECUTE_ACTIONS_ERROR",
+ "REMOVE_FEDERATED_IDENTITY",
+ "OAUTH2_DEVICE_CODE_TO_TOKEN",
+ "IDENTITY_PROVIDER_POST_LOGIN",
+ "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR",
+ "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR",
+ "UPDATE_EMAIL",
+ "REGISTER_ERROR",
+ "REVOKE_GRANT_ERROR",
+ "EXECUTE_ACTION_TOKEN",
+ "LOGOUT_ERROR",
+ "UPDATE_EMAIL_ERROR",
+ "CLIENT_UPDATE_ERROR",
+ "AUTHREQID_TO_TOKEN_ERROR",
+ "UPDATE_PROFILE",
+ "CLIENT_REGISTER_ERROR",
+ "FEDERATED_IDENTITY_LINK",
+ "SEND_IDENTITY_PROVIDER_LINK",
+ "SEND_VERIFY_EMAIL_ERROR",
+ "RESET_PASSWORD",
+ "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR",
+ "OAUTH2_DEVICE_AUTH_ERROR",
+ "UPDATE_CONSENT",
+ "REMOVE_TOTP_ERROR",
+ "VERIFY_EMAIL_ERROR",
+ "SEND_RESET_PASSWORD_ERROR",
+ "CLIENT_UPDATE",
+ "CUSTOM_REQUIRED_ACTION_ERROR",
+ "IDENTITY_PROVIDER_POST_LOGIN_ERROR",
+ "UPDATE_TOTP_ERROR",
+ "CODE_TO_TOKEN",
+ "VERIFY_PROFILE",
+ "GRANT_CONSENT_ERROR",
+ "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR"
+ ],
+ "adminEventsEnabled":true,
+ "adminEventsDetailsEnabled":true,
+ "eventsExpiration":null
+}
diff --git a/templates/ldap.config.j2 b/templates/ldap.config.j2
new file mode 100644
index 0000000..81a87b3
--- /dev/null
+++ b/templates/ldap.config.j2
@@ -0,0 +1,138 @@
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+
+{
+{% if ldap_id is defined %}
+ "id": "{{ ldap_id}}",
+{% endif %}
+ "name":"ldap",
+ "providerId":"ldap",
+ "providerType":"org.keycloak.storage.UserStorageProvider",
+ "parentId":"master",
+ "config":{
+ "enabled":[
+ "true"
+ ],
+ "priority":[
+ "0"
+ ],
+ "fullSyncPeriod":[
+ "-1"
+ ],
+ "changedSyncPeriod":[
+ "-1"
+ ],
+ "cachePolicy":[
+ "DEFAULT"
+ ],
+ "evictionDay":[
+ ],
+ "evictionHour":[
+ ],
+ "evictionMinute":[
+ ],
+ "maxLifespan":[
+ ],
+ "batchSizeForSync":[
+ "1000"
+ ],
+ "editMode":[
+ "WRITABLE"
+ ],
+ "importEnabled":[
+ "true"
+ ],
+ "syncRegistrations":[
+ "{{ keycloak_ldap_sync_registration }}"
+ ],
+ "vendor":[
+ "{{ keycloak_ldap_vendor }}"
+ ],
+ "usePasswordModifyExtendedOp":[
+ ],
+ "usernameLDAPAttribute":[
+ "{{ keycloak_ldap_username }}"
+ ],
+ "rdnLDAPAttribute":[
+ "{{ keycloak_ldap_rdn }}"
+ ],
+ "uuidLDAPAttribute":[
+ "{{ keycloak_ldap_uuid }}"
+ ],
+ "userObjectClasses":[
+ "{{ keyclaok_ldap_user_object }}"
+ ],
+ "connectionUrl":[
+ "{{ keycloak_ldap_server }}"
+ ],
+ "usersDn":[
+ "{{ keycloak_ldap_userdn }}"
+ ],
+ "authType":[
+ "simple"
+ ],
+ "startTls":[
+ ],
+ "bindDn":[
+ "{{ keycloak_ldap_admin_dn }}"
+ ],
+ "bindCredential":[
+ "{{ keycloak_ldap_admin_password }}"
+ ],
+ "customUserSearchFilter":[
+ ],
+ "searchScope":[
+ "1"
+ ],
+ "validatePasswordPolicy":[
+ "false"
+ ],
+ "trustEmail":[
+ "false"
+ ],
+ "useTruststoreSpi":[
+ "ldapsOnly"
+ ],
+ "connectionPooling":[
+ "true"
+ ],
+ "connectionPoolingAuthentication":[
+ ],
+ "connectionPoolingDebug":[
+ ],
+ "connectionPoolingInitSize":[
+ ],
+ "connectionPoolingMaxSize":[
+ ],
+ "connectionPoolingPrefSize":[
+ ],
+ "connectionPoolingProtocol":[
+ ],
+ "connectionPoolingTimeout":[
+ ],
+ "connectionTimeout":[
+ ],
+ "readTimeout":[
+ ],
+ "pagination":[
+ "true"
+ ],
+ "allowKerberosAuthentication":[
+ "false"
+ ],
+ "serverPrincipal":[
+ ],
+ "keyTab":[
+ ],
+ "kerberosRealm":[
+ ],
+ "debug":[
+ "false"
+ ],
+ "useKerberosForPasswordAuthentication":[
+ "false"
+ ]
+ }
+}
diff --git a/templates/ldap.mapper.group.j2 b/templates/ldap.mapper.group.j2
new file mode 100644
index 0000000..c8e2269
--- /dev/null
+++ b/templates/ldap.mapper.group.j2
@@ -0,0 +1,55 @@
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+{
+ "config":{
+ "groups.dn":[
+ "{{ keycloak_ldap_group_dn }}"
+ ],
+ "group.name.ldap.attribute":[
+ "cn"
+ ],
+ "group.object.classes":[
+ "groupOfNames"
+ ],
+ "preserve.group.inheritance":[
+ "true"
+ ],
+ "ignore.missing.groups":[
+ "false"
+ ],
+ "membership.ldap.attribute":[
+ "member"
+ ],
+ "membership.attribute.type":[
+ "DN"
+ ],
+ "membership.user.ldap.attribute":[
+ "uid"
+ ],
+ "groups.ldap.filter":[
+ ],
+ "mode":[
+ "LDAP_ONLY"
+ ],
+ "user.roles.retrieve.strategy":[
+ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
+ ],
+ "memberof.ldap.attribute":[
+ "memberOf"
+ ],
+ "mapped.group.attributes":[
+ ],
+ "drop.non.existing.groups.during.sync":[
+ "true"
+ ],
+ "groups.path":[
+ "/"
+ ]
+ },
+ "name":"group",
+ "providerId":"group-ldap-mapper",
+ "providerType":"org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
+ "parentId":"{{ ldap_id }}"
+}