commit 7260e78ea05f0e206f8790e3162fca749d215462
author Hung-Wei Chiu <hungwei@opennetworking.org> Tue Sep 14 18:33:46 2021 +0000
committer Hung-Wei Chiu <hungwei@opennetworking.org> Thu Sep 16 04:07:57 2021 +0000
tree 11337d73218e9bd85e90fc21bb602ace08cd39cf
parent 718cd264b000402a658d75a8e4f09506edb9d219

INF-162 - Enable the LDAP configuration from REST API

- Create LDAP configuration
- Create LDAP mappers
- Enable Audit logging
- Verify the LDAP Authentication in Molecule environment
- Verify the user operation, create from Keycloak and search from LDAP

Change-Id: Ie6ea7f40cfe403ee3747a30b0bfb3acc9c72057f

templates/ldap.config.j2

diff --git a/templates/ldap.config.j2 b/templates/ldap.config.j2
new file mode 100644
index 0000000..81a87b3
--- /dev/null
+++ b/templates/ldap.config.j2
@@ -0,0 +1,138 @@
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+
+{
+{% if ldap_id is defined %}
+   "id": "{{ ldap_id}}",
+{% endif %}
+   "name":"ldap",
+   "providerId":"ldap",
+   "providerType":"org.keycloak.storage.UserStorageProvider",
+   "parentId":"master",
+   "config":{
+      "enabled":[
+         "true"
+      ],
+      "priority":[
+         "0"
+      ],
+      "fullSyncPeriod":[
+         "-1"
+      ],
+      "changedSyncPeriod":[
+         "-1"
+      ],
+      "cachePolicy":[
+         "DEFAULT"
+      ],
+      "evictionDay":[
+      ],
+      "evictionHour":[
+      ],
+      "evictionMinute":[
+      ],
+      "maxLifespan":[
+      ],
+      "batchSizeForSync":[
+         "1000"
+      ],
+      "editMode":[
+         "WRITABLE"
+      ],
+      "importEnabled":[
+         "true"
+      ],
+      "syncRegistrations":[
+         "{{ keycloak_ldap_sync_registration }}"
+      ],
+      "vendor":[
+         "{{ keycloak_ldap_vendor }}"
+      ],
+      "usePasswordModifyExtendedOp":[
+      ],
+      "usernameLDAPAttribute":[
+         "{{ keycloak_ldap_username }}"
+      ],
+      "rdnLDAPAttribute":[
+         "{{ keycloak_ldap_rdn }}"
+      ],
+      "uuidLDAPAttribute":[
+         "{{ keycloak_ldap_uuid }}"
+      ],
+      "userObjectClasses":[
+         "{{ keyclaok_ldap_user_object }}"
+      ],
+      "connectionUrl":[
+         "{{ keycloak_ldap_server }}"
+      ],
+      "usersDn":[
+         "{{ keycloak_ldap_userdn }}"
+      ],
+      "authType":[
+         "simple"
+      ],
+      "startTls":[
+      ],
+      "bindDn":[
+         "{{ keycloak_ldap_admin_dn }}"
+      ],
+      "bindCredential":[
+         "{{ keycloak_ldap_admin_password }}"
+      ],
+      "customUserSearchFilter":[
+      ],
+      "searchScope":[
+         "1"
+      ],
+      "validatePasswordPolicy":[
+         "false"
+      ],
+      "trustEmail":[
+         "false"
+      ],
+      "useTruststoreSpi":[
+         "ldapsOnly"
+      ],
+      "connectionPooling":[
+         "true"
+      ],
+      "connectionPoolingAuthentication":[
+      ],
+      "connectionPoolingDebug":[
+      ],
+      "connectionPoolingInitSize":[
+      ],
+      "connectionPoolingMaxSize":[
+      ],
+      "connectionPoolingPrefSize":[
+      ],
+      "connectionPoolingProtocol":[
+      ],
+      "connectionPoolingTimeout":[
+      ],
+      "connectionTimeout":[
+      ],
+      "readTimeout":[
+      ],
+      "pagination":[
+         "true"
+      ],
+      "allowKerberosAuthentication":[
+         "false"
+      ],
+      "serverPrincipal":[
+      ],
+      "keyTab":[
+      ],
+      "kerberosRealm":[
+      ],
+      "debug":[
+         "false"
+      ],
+      "useKerberosForPasswordAuthentication":[
+         "false"
+      ]
+   }
+}