feat: add 389ds ldap backend to keycloak

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:58:40 +01:00 · 2026-03-13 10:58:40 +01:00 · 12864a13b0
commit 12864a13b0
parent 59d0174905
8 changed files with 138 additions and 2 deletions
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@ -34,6 +34,14 @@ keycloak_log_level: "INFO"
 keycloak_proxy_mode: "edge"
 keycloak_gzip_enabled: false  # Disable GZIP encoding to avoid MIME type issues

+# Extra CA certificates to trust (host paths to PEM files)
+keycloak_truststore_certificates: []
+# - /srv/data/389ds/data/ssca/ca.crt
+
+# Extra /etc/hosts entries for the Keycloak container
+keycloak_extra_hosts: []
+# - "ldap:192.168.56.11"
+
 # Provisioning configuration
 keycloak_provisioning_enabled: false

@ -96,3 +104,26 @@ keycloak_removed_clients: []

 keycloak_removed_identity_providers: []
 # - old-idp
+
+# LDAP user federations
+keycloak_user_federations: []
+# - name: ldap-389ds
+#   provider_id: ldap
+#   config:
+#     editMode: WRITABLE
+#     syncRegistrations: "true"
+#     importEnabled: "true"
+#     vendor: rhds
+#     connectionUrl: "ldaps://ldap.example.com:636"
+#     usersDn: "ou=users,dc=example,dc=com"
+#     bindDn: "cn=Directory Manager"
+#     bindCredential: "changeme"
+#     usernameLDAPAttribute: uid
+#     rdnLDAPAttribute: uid
+#     uuidLDAPAttribute: nsuniqueid
+#     userObjectClasses: "inetOrgPerson, organizationalPerson"
+#     authType: simple
+#     useTruststoreSpi: never
+
+keycloak_removed_user_federations: []
+# - old-federation