kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 15:28:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added parameter to skipp dependency loading to speed up debugging

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-17 21:00:45 +02:00
parent 7d0502ebc5
commit 5642793f4a
19 changed files with 582 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
roles/web-app-keycloak/templates/import/components/org.keycloak.storage.UserStorageProvider.json.j2 Normal file
View File

@@ -0,0 +1,259 @@
"org.keycloak.storage.UserStorageProvider": [
{
"name": "{{ KEYCLOAK_LDAP_CMP_NAME }}",
"providerId": "ldap",
"subComponents": {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
{# ---------------------- First Name ---------------------- #}
{
"name": "first name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.firstname }}" ],
"attribute.force.default": [ "true" ],
"is.mandatory.in.ldap": [ "true" ],
"is.binary.attribute": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
"user.model.attribute": [ "firstName" ]
}
},
{# ---------------------- Last Name ----------------------- #}
{
"name": "last name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.surname }}" ],
"is.mandatory.in.ldap": [ "true" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
"user.model.attribute": [ "lastName" ]
}
},
{# ---------------------- Full Name (cn) ------------------ #}
{
"name": "full name",
"providerId": "full-name-ldap-mapper",
"subComponents": {},
"config": {
"read.only": [ "false" ],
"write.only": [ "true" ],
"ldap.full.name.attribute": [ "{{ ldap.user.attributes.fullname }}" ]
}
},
{# ---------------------- Username ------------------------ #}
{
"name": "username",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"is.mandatory.in.ldap": [ "true" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
"always.read.value.from.ldap": [ "false" ],
"read.only": [ "false" ],
"user.model.attribute": [ "username" ]
}
},
{# ---------------------- Email --------------------------- #}
{
"name": "email",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.mail }}" ],
"is.mandatory.in.ldap": [ "false" ],
"read.only": [ "false" ],
"always.read.value.from.ldap": [ "false" ],
"user.model.attribute": [ "email" ]
}
},
{# ---------------------- SSH Public Key ------------------ #}
{
"name": "SSH Public Key",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ],
"is.mandatory.in.ldap": [ "false" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
"read.only": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"user.model.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ]
}
},
{# ---------------------- Nextcloud Quota ----------------- #}
{
"name": "{{ ldap.user.attributes.nextcloud_quota }}",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ],
"is.mandatory.in.ldap": [ "false" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
"always.read.value.from.ldap": [ "false" ],
"read.only": [ "false" ],
"user.model.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ]
}
},
{# ---------------------- Creation Date ------------------- #}
{
"name": "creation date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "createTimestamp" ],
"is.mandatory.in.ldap": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "true" ],
"user.model.attribute": [ "createTimestamp" ]
}
},
{# ---------------------- Modify Date --------------------- #}
{
"name": "modify date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "modifyTimestamp" ],
"is.mandatory.in.ldap": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "true" ],
"user.model.attribute": [ "modifyTimestamp" ]
}
},
{# ---------------------- LDAP Groups -> KC Groups -------- #}
{
"name": "ldap-roles",
"providerId": "group-ldap-mapper",
"subComponents": {},
"config": {
"membership.attribute.type": [ "DN" ],
"group.name.ldap.attribute": [ "cn" ],
"membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"preserve.group.inheritance": [ "true" ],
"groups.dn": [ "{{ ldap.dn.ou.roles }}" ],
"mode": [ "LDAP_ONLY" ],
"user.roles.retrieve.strategy": [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
"groups.ldap.filter": ["{{ ldap.rbac.flavors | ldap_groups_filter }}"],
"membership.ldap.attribute": [ "member" ],
"ignore.missing.groups": [ "true" ],
"group.object.classes": [ "groupOfNames" ],
"memberof.ldap.attribute": [ "memberOf" ],
"drop.non.existing.groups.during.sync": [ "false" ],
"groups.path": [ "{{ applications | get_app_conf(application_id, 'rbac_groups', True) }}" ]
}
},
{
"name": "phone number",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "telephoneNumber" ],
"is.mandatory.in.ldap": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
"user.model.attribute": [ "phoneNumber" ]
}
},
{
"name": "locale",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "preferredLanguage" ],
"is.mandatory.in.ldap": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
"user.model.attribute": [ "locale" ]
}
},
{
"name": "uidNumber",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "uidNumber" ],
"is.mandatory.in.ldap": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
"user.model.attribute": [ "uidNumber" ]
}
}
{% if keycloak_map_ldap_realm_roles | default(false) %},
{# ---------------------- LDAP -> Realm Roles (optional) -- #}
{
"name": "ldap-realm-roles",
"providerId": "role-ldap-mapper",
"subComponents": {},
"config": {
"mode": [ "LDAP_ONLY" ],
"membership.attribute.type": [ "DN" ],
"user.roles.retrieve.strategy": [ "LOAD_ROLES_BY_MEMBER_ATTRIBUTE" ],
"roles.dn": [ "{{ ldap.dn.ou.roles }}" ],
"membership.ldap.attribute": [ "member" ],
"membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"memberof.ldap.attribute": [ "memberOf" ],
"role.name.ldap.attribute": [ "cn" ],
"use.realm.roles.mapping": [ "true" ],
"role.object.classes": [ "groupOfNames" ]
}
}{% endif %}
]
},
"config": {
"fullSyncPeriod": [ "-1" ],
"pagination": [ "true" ],
"connectionTrace": [ "false" ],
"startTls": [ "false" ],
"usersDn": [ "{{ ldap.dn.ou.users }}" ],
"connectionPooling": [ "true" ],
"cachePolicy": [ "DEFAULT" ],
"useKerberosForPasswordAuthentication": [ "false" ],
"importEnabled": [ "true" ],
"enabled": [ "true" ],
"bindCredential": [ "{{ KEYCLOAK_LDAP_BIND_PW }}" ],
"changedSyncPeriod": [ "-1" ],
"usernameLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"bindDn": [ "{{ KEYCLOAK_LDAP_BIND_DN }}" ],
"vendor": [ "other" ],
"uuidLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"allowKerberosAuthentication": [ "false" ],
"connectionUrl": [ "{{ KEYCLOAK_LDAP_URL }}" ],
"syncRegistrations": [ "true" ],
"authType": [ "simple" ],
"krbPrincipalAttribute": [ "krb5PrincipalName" ],
"searchScope": [ "1" ],
"useTruststoreSpi": [ "always" ],
"usePasswordModifyExtendedOp": [ "true" ],
"trustEmail": [ "false" ],
{# Build objectClasses from structural + auxiliary definitions #}
"userObjectClasses": [
"{{ (ldap.user.objects.structural + (ldap.user.objects.auxiliary | dict2items | map(attribute='value') | list)) | join(', ') }}"
],
"rdnLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"editMode": [ "WRITABLE" ],
"validatePasswordPolicy": [ "false" ],
{# Recommended: prune Keycloak shadow users not in LDAP anymore #}
"removeInvalidUsersEnabled": [ "true" ]
}
}
]

61
roles/web-app-keycloak/templates/import/components/org.keycloak.userprofile.UserProfileProvider.json.j2 Normal file
View File

@@ -0,0 +1,61 @@
{% set user_profile = {
"attributes": [
{
"name": "username",
"displayName": "${username}",
"validations": {"length": {"min": 3, "max": 255}, "pattern": {"pattern": "^[a-z0-9]+$", "error-message": ""}},
"annotations": {},
"permissions": {"view": ["admin","user"], "edit": ["admin","user"]},
"multivalued": false
},
{
"name": "email",
"displayName": "${email}",
"validations": {"email": {}, "length": {"max": 255}},
"required": {"roles": ["user"]},
"permissions": {"view": ["admin","user"], "edit": ["admin","user"]},
"multivalued": false
},
{
"name": "firstName",
"displayName": "${firstName}",
"validations": {"length": {"max": 255}, "person-name-prohibited-characters": {}},
"required": {"roles": ["user"]},
"permissions": {"view": ["admin","user"], "edit": ["admin","user"]},
"multivalued": false
},
{
"name": "lastName",
"displayName": "${lastName}",
"validations": {"length": {"max": 255}, "person-name-prohibited-characters": {}},
"required": {"roles": ["user"]},
"permissions": {"view": ["admin","user"], "edit": ["admin","user"]},
"multivalued": false
},
{
"name": ldap.user.attributes.ssh_public_key,
"displayName": "SSH Public Key",
"validations": {},
"annotations": {},
"permissions": {"view": ["admin","user"], "edit": ["admin","user"]},
"group": "user-metadata",
"multivalued": true
}
],
"groups": [
{
"name": "user-metadata",
"displayHeader": "User metadata",
"displayDescription": "Attributes, which refer to user metadata"
}
]
} %}
"org.keycloak.userprofile.UserProfileProvider": [
{
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [{{ (user_profile | tojson) | tojson }}]
}
}
]