feat: add 389ds ldap backend to keycloak

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:58:40 +01:00 · 2026-03-13 10:58:40 +01:00 · 12864a13b0
commit 12864a13b0
parent 59d0174905
8 changed files with 138 additions and 2 deletions
--- a/roles/keycloak/tasks/provisioning.yml
+++ b/roles/keycloak/tasks/provisioning.yml
@ -30,6 +30,20 @@
  loop: "{{ keycloak_removed_identity_providers }}"
  no_log: true

+# Cleanup: Remove deleted user federations
+- name: Remove deleted user federations
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: "{{ keycloak_auth_url }}"
+    auth_realm: master
+    auth_username: "{{ keycloak_admin_user }}"
+    auth_password: "{{ keycloak_admin_password }}"
+    realm: "{{ keycloak_realm }}"
+    name: "{{ item }}"
+    state: absent
+    validate_certs: false
+  loop: "{{ keycloak_removed_user_federations }}"
+  no_log: true
+
 # Cleanup: Remove deleted clients
 - name: Remove deleted clients
  community.general.keycloak_client:
@ -86,6 +100,25 @@
  loop: "{{ keycloak_groups }}"
  no_log: true

+# Create user federations (LDAP)
+- name: Create user federations
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: "{{ keycloak_auth_url }}"
+    auth_realm: master
+    auth_username: "{{ keycloak_admin_user }}"
+    auth_password: "{{ keycloak_admin_password }}"
+    realm: "{{ keycloak_realm }}"
+    name: "{{ item.name }}"
+    provider_id: "{{ item.provider_id }}"
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config: "{{ item.config }}"
+    mappers: "{{ item.mappers | default(omit) }}"
+    bind_credential_update_mode: only_indirect
+    state: present
+    validate_certs: false
+  loop: "{{ keycloak_user_federations }}"
+  no_log: true
+
 # Create local users
 - name: Create local users
  community.general.keycloak_user: