INF-162 - Enable the LDAP configuration from REST API
- Create LDAP configuration
- Create LDAP mappers
- Enable Audit logging
- Verify the LDAP Authentication in Molecule environment
- Verify the user operation, create from Keycloak and search from LDAP
Change-Id: Ie6ea7f40cfe403ee3747a30b0bfb3acc9c72057f
diff --git a/templates/ldap.mapper.group.j2 b/templates/ldap.mapper.group.j2
new file mode 100644
index 0000000..c8e2269
--- /dev/null
+++ b/templates/ldap.mapper.group.j2
@@ -0,0 +1,55 @@
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+{
+ "config":{
+ "groups.dn":[
+ "{{ keycloak_ldap_group_dn }}"
+ ],
+ "group.name.ldap.attribute":[
+ "cn"
+ ],
+ "group.object.classes":[
+ "groupOfNames"
+ ],
+ "preserve.group.inheritance":[
+ "true"
+ ],
+ "ignore.missing.groups":[
+ "false"
+ ],
+ "membership.ldap.attribute":[
+ "member"
+ ],
+ "membership.attribute.type":[
+ "DN"
+ ],
+ "membership.user.ldap.attribute":[
+ "uid"
+ ],
+ "groups.ldap.filter":[
+ ],
+ "mode":[
+ "LDAP_ONLY"
+ ],
+ "user.roles.retrieve.strategy":[
+ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
+ ],
+ "memberof.ldap.attribute":[
+ "memberOf"
+ ],
+ "mapped.group.attributes":[
+ ],
+ "drop.non.existing.groups.during.sync":[
+ "true"
+ ],
+ "groups.path":[
+ "/"
+ ]
+ },
+ "name":"group",
+ "providerId":"group-ldap-mapper",
+ "providerType":"org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
+ "parentId":"{{ ldap_id }}"
+}