mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-27 22:15:20 +02:00
Kevin Veen-Birkenbach
eb781dbf8b
- Render userObjectClasses via `tojson` (and trim) to avoid invalid control characters and ensure valid realm import parsing. - Introduce KEYCLOAK_LDAP_USER_OBJECT_CLASSES in vars; exclude `posixAccount` for Keycloak’s LDAP config while keeping it for Ansible-managed UNIX users. - Update UserStorageProvider template to use the new variable. Rationale: Keycloak must not require `posixAccount` on every LDAP user. We keep `posixAccount` structural for Ansible provisioning, but filter it out for Keycloak to prevent sync/import errors on entries without POSIX attributes. Touched: - roles/web-app-keycloak/templates/import/components/org.keycloak.storage.UserStorageProvider.json.j2 - roles/web-app-keycloak/vars/main.yml Refs: conversation https://chatgpt.com/share/68aa1ef0-3658-800f-bdf4-5b57131d03b4