com.pulumi.keycloak.ldap.UserFederationArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of keycloak Show documentation
Show all versions of keycloak Show documentation
A Pulumi package for creating and managing keycloak cloud resources.
The newest version!
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.keycloak.ldap;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import com.pulumi.keycloak.ldap.inputs.UserFederationCacheArgs;
import com.pulumi.keycloak.ldap.inputs.UserFederationKerberosArgs;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class UserFederationArgs extends com.pulumi.resources.ResourceArgs {
public static final UserFederationArgs Empty = new UserFederationArgs();
/**
* The number of users to sync within a single transaction. Defaults to `1000`.
*
*/
@Import(name="batchSizeForSync")
private @Nullable Output batchSizeForSync;
/**
* @return The number of users to sync within a single transaction. Defaults to `1000`.
*
*/
public Optional> batchSizeForSync() {
return Optional.ofNullable(this.batchSizeForSync);
}
/**
* Password of LDAP admin. This attribute must be set if `bind_dn` is set.
*
*/
@Import(name="bindCredential")
private @Nullable Output bindCredential;
/**
* @return Password of LDAP admin. This attribute must be set if `bind_dn` is set.
*
*/
public Optional> bindCredential() {
return Optional.ofNullable(this.bindCredential);
}
/**
* DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.
*
*/
@Import(name="bindDn")
private @Nullable Output bindDn;
/**
* @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.
*
*/
public Optional> bindDn() {
return Optional.ofNullable(this.bindDn);
}
/**
* A block containing the cache settings.
*
*/
@Import(name="cache")
private @Nullable Output cache;
/**
* @return A block containing the cache settings.
*
*/
public Optional> cache() {
return Optional.ofNullable(this.cache);
}
/**
* How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
*
*/
@Import(name="changedSyncPeriod")
private @Nullable Output changedSyncPeriod;
/**
* @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
*
*/
public Optional> changedSyncPeriod() {
return Optional.ofNullable(this.changedSyncPeriod);
}
/**
* LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
*/
@Import(name="connectionTimeout")
private @Nullable Output connectionTimeout;
/**
* @return LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
*/
public Optional> connectionTimeout() {
return Optional.ofNullable(this.connectionTimeout);
}
/**
* Connection URL to the LDAP server.
*
*/
@Import(name="connectionUrl", required=true)
private Output connectionUrl;
/**
* @return Connection URL to the LDAP server.
*
*/
public Output connectionUrl() {
return this.connectionUrl;
}
/**
* Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
*
*/
@Import(name="customUserSearchFilter")
private @Nullable Output customUserSearchFilter;
/**
* @return Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
*
*/
public Optional> customUserSearchFilter() {
return Optional.ofNullable(this.customUserSearchFilter);
}
/**
* When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.
*
*/
@Import(name="deleteDefaultMappers")
private @Nullable Output deleteDefaultMappers;
/**
* @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.
*
*/
public Optional> deleteDefaultMappers() {
return Optional.ofNullable(this.deleteDefaultMappers);
}
/**
* Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
*
*/
@Import(name="editMode")
private @Nullable Output editMode;
/**
* @return Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
*
*/
public Optional> editMode() {
return Optional.ofNullable(this.editMode);
}
/**
* When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
*
*/
@Import(name="fullSyncPeriod")
private @Nullable Output fullSyncPeriod;
/**
* @return How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
*
*/
public Optional> fullSyncPeriod() {
return Optional.ofNullable(this.fullSyncPeriod);
}
/**
* When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
*
*/
@Import(name="importEnabled")
private @Nullable Output importEnabled;
/**
* @return When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
*
*/
public Optional> importEnabled() {
return Optional.ofNullable(this.importEnabled);
}
/**
* A block containing the kerberos settings.
*
*/
@Import(name="kerberos")
private @Nullable Output kerberos;
/**
* @return A block containing the kerberos settings.
*
*/
public Optional> kerberos() {
return Optional.ofNullable(this.kerberos);
}
/**
* Display name of the provider when displayed in the console.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return Display name of the provider when displayed in the console.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
*
*/
@Import(name="pagination")
private @Nullable Output pagination;
/**
* @return When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
*
*/
public Optional> pagination() {
return Optional.ofNullable(this.pagination);
}
/**
* Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
*
*/
@Import(name="priority")
private @Nullable Output priority;
/**
* @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
*
*/
public Optional> priority() {
return Optional.ofNullable(this.priority);
}
/**
* Name of the LDAP attribute to use as the relative distinguished name.
*
*/
@Import(name="rdnLdapAttribute", required=true)
private Output rdnLdapAttribute;
/**
* @return Name of the LDAP attribute to use as the relative distinguished name.
*
*/
public Output rdnLdapAttribute() {
return this.rdnLdapAttribute;
}
/**
* LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
*/
@Import(name="readTimeout")
private @Nullable Output readTimeout;
/**
* @return LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
*/
public Optional> readTimeout() {
return Optional.ofNullable(this.readTimeout);
}
/**
* The realm that this provider will provide user federation for.
*
*/
@Import(name="realmId", required=true)
private Output realmId;
/**
* @return The realm that this provider will provide user federation for.
*
*/
public Output realmId() {
return this.realmId;
}
/**
* Can be one of `ONE_LEVEL` or `SUBTREE`:
* - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.
* - `SUBTREE`: Search entire LDAP subtree.
*
*/
@Import(name="searchScope")
private @Nullable Output searchScope;
/**
* @return Can be one of `ONE_LEVEL` or `SUBTREE`:
* - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.
* - `SUBTREE`: Search entire LDAP subtree.
*
*/
public Optional> searchScope() {
return Optional.ofNullable(this.searchScope);
}
/**
* When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
*
*/
@Import(name="startTls")
private @Nullable Output startTls;
/**
* @return When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
*
*/
public Optional> startTls() {
return Optional.ofNullable(this.startTls);
}
/**
* When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
*
*/
@Import(name="syncRegistrations")
private @Nullable Output syncRegistrations;
/**
* @return When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
*
*/
public Optional> syncRegistrations() {
return Optional.ofNullable(this.syncRegistrations);
}
/**
* If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
*
*/
@Import(name="trustEmail")
private @Nullable Output trustEmail;
/**
* @return If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
*
*/
public Optional> trustEmail() {
return Optional.ofNullable(this.trustEmail);
}
/**
* When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
*
*/
@Import(name="usePasswordModifyExtendedOp")
private @Nullable Output usePasswordModifyExtendedOp;
/**
* @return When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
*
*/
public Optional> usePasswordModifyExtendedOp() {
return Optional.ofNullable(this.usePasswordModifyExtendedOp);
}
/**
* Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
* - `ALWAYS` - Always use the truststore SPI for LDAP connections.
* - `NEVER` - Never use the truststore SPI for LDAP connections.
* - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.
*
*/
@Import(name="useTruststoreSpi")
private @Nullable Output useTruststoreSpi;
/**
* @return Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
* - `ALWAYS` - Always use the truststore SPI for LDAP connections.
* - `NEVER` - Never use the truststore SPI for LDAP connections.
* - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.
*
*/
public Optional> useTruststoreSpi() {
return Optional.ofNullable(this.useTruststoreSpi);
}
/**
* Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
*
*/
@Import(name="userObjectClasses", required=true)
private Output> userObjectClasses;
/**
* @return Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
*
*/
public Output> userObjectClasses() {
return this.userObjectClasses;
}
/**
* Name of the LDAP attribute to use as the Keycloak username.
*
*/
@Import(name="usernameLdapAttribute", required=true)
private Output usernameLdapAttribute;
/**
* @return Name of the LDAP attribute to use as the Keycloak username.
*
*/
public Output usernameLdapAttribute() {
return this.usernameLdapAttribute;
}
/**
* Full DN of LDAP tree where your users are.
*
*/
@Import(name="usersDn", required=true)
private Output usersDn;
/**
* @return Full DN of LDAP tree where your users are.
*
*/
public Output usersDn() {
return this.usersDn;
}
/**
* Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
*
*/
@Import(name="uuidLdapAttribute", required=true)
private Output uuidLdapAttribute;
/**
* @return Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
*
*/
public Output uuidLdapAttribute() {
return this.uuidLdapAttribute;
}
/**
* When `true`, Keycloak will validate passwords using the realm policy before updating it.
*
*/
@Import(name="validatePasswordPolicy")
private @Nullable Output validatePasswordPolicy;
/**
* @return When `true`, Keycloak will validate passwords using the realm policy before updating it.
*
*/
public Optional> validatePasswordPolicy() {
return Optional.ofNullable(this.validatePasswordPolicy);
}
/**
* Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
*
*/
@Import(name="vendor")
private @Nullable Output vendor;
/**
* @return Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
*
*/
public Optional> vendor() {
return Optional.ofNullable(this.vendor);
}
private UserFederationArgs() {}
private UserFederationArgs(UserFederationArgs $) {
this.batchSizeForSync = $.batchSizeForSync;
this.bindCredential = $.bindCredential;
this.bindDn = $.bindDn;
this.cache = $.cache;
this.changedSyncPeriod = $.changedSyncPeriod;
this.connectionTimeout = $.connectionTimeout;
this.connectionUrl = $.connectionUrl;
this.customUserSearchFilter = $.customUserSearchFilter;
this.deleteDefaultMappers = $.deleteDefaultMappers;
this.editMode = $.editMode;
this.enabled = $.enabled;
this.fullSyncPeriod = $.fullSyncPeriod;
this.importEnabled = $.importEnabled;
this.kerberos = $.kerberos;
this.name = $.name;
this.pagination = $.pagination;
this.priority = $.priority;
this.rdnLdapAttribute = $.rdnLdapAttribute;
this.readTimeout = $.readTimeout;
this.realmId = $.realmId;
this.searchScope = $.searchScope;
this.startTls = $.startTls;
this.syncRegistrations = $.syncRegistrations;
this.trustEmail = $.trustEmail;
this.usePasswordModifyExtendedOp = $.usePasswordModifyExtendedOp;
this.useTruststoreSpi = $.useTruststoreSpi;
this.userObjectClasses = $.userObjectClasses;
this.usernameLdapAttribute = $.usernameLdapAttribute;
this.usersDn = $.usersDn;
this.uuidLdapAttribute = $.uuidLdapAttribute;
this.validatePasswordPolicy = $.validatePasswordPolicy;
this.vendor = $.vendor;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(UserFederationArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private UserFederationArgs $;
public Builder() {
$ = new UserFederationArgs();
}
public Builder(UserFederationArgs defaults) {
$ = new UserFederationArgs(Objects.requireNonNull(defaults));
}
/**
* @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`.
*
* @return builder
*
*/
public Builder batchSizeForSync(@Nullable Output batchSizeForSync) {
$.batchSizeForSync = batchSizeForSync;
return this;
}
/**
* @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`.
*
* @return builder
*
*/
public Builder batchSizeForSync(Integer batchSizeForSync) {
return batchSizeForSync(Output.of(batchSizeForSync));
}
/**
* @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set.
*
* @return builder
*
*/
public Builder bindCredential(@Nullable Output bindCredential) {
$.bindCredential = bindCredential;
return this;
}
/**
* @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set.
*
* @return builder
*
*/
public Builder bindCredential(String bindCredential) {
return bindCredential(Output.of(bindCredential));
}
/**
* @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.
*
* @return builder
*
*/
public Builder bindDn(@Nullable Output bindDn) {
$.bindDn = bindDn;
return this;
}
/**
* @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.
*
* @return builder
*
*/
public Builder bindDn(String bindDn) {
return bindDn(Output.of(bindDn));
}
/**
* @param cache A block containing the cache settings.
*
* @return builder
*
*/
public Builder cache(@Nullable Output cache) {
$.cache = cache;
return this;
}
/**
* @param cache A block containing the cache settings.
*
* @return builder
*
*/
public Builder cache(UserFederationCacheArgs cache) {
return cache(Output.of(cache));
}
/**
* @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
*
* @return builder
*
*/
public Builder changedSyncPeriod(@Nullable Output changedSyncPeriod) {
$.changedSyncPeriod = changedSyncPeriod;
return this;
}
/**
* @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
*
* @return builder
*
*/
public Builder changedSyncPeriod(Integer changedSyncPeriod) {
return changedSyncPeriod(Output.of(changedSyncPeriod));
}
/**
* @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
* @return builder
*
*/
public Builder connectionTimeout(@Nullable Output connectionTimeout) {
$.connectionTimeout = connectionTimeout;
return this;
}
/**
* @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
* @return builder
*
*/
public Builder connectionTimeout(String connectionTimeout) {
return connectionTimeout(Output.of(connectionTimeout));
}
/**
* @param connectionUrl Connection URL to the LDAP server.
*
* @return builder
*
*/
public Builder connectionUrl(Output connectionUrl) {
$.connectionUrl = connectionUrl;
return this;
}
/**
* @param connectionUrl Connection URL to the LDAP server.
*
* @return builder
*
*/
public Builder connectionUrl(String connectionUrl) {
return connectionUrl(Output.of(connectionUrl));
}
/**
* @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
*
* @return builder
*
*/
public Builder customUserSearchFilter(@Nullable Output customUserSearchFilter) {
$.customUserSearchFilter = customUserSearchFilter;
return this;
}
/**
* @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
*
* @return builder
*
*/
public Builder customUserSearchFilter(String customUserSearchFilter) {
return customUserSearchFilter(Output.of(customUserSearchFilter));
}
/**
* @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.
*
* @return builder
*
*/
public Builder deleteDefaultMappers(@Nullable Output deleteDefaultMappers) {
$.deleteDefaultMappers = deleteDefaultMappers;
return this;
}
/**
* @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.
*
* @return builder
*
*/
public Builder deleteDefaultMappers(Boolean deleteDefaultMappers) {
return deleteDefaultMappers(Output.of(deleteDefaultMappers));
}
/**
* @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
*
* @return builder
*
*/
public Builder editMode(@Nullable Output editMode) {
$.editMode = editMode;
return this;
}
/**
* @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
*
* @return builder
*
*/
public Builder editMode(String editMode) {
return editMode(Output.of(editMode));
}
/**
* @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param fullSyncPeriod How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
*
* @return builder
*
*/
public Builder fullSyncPeriod(@Nullable Output fullSyncPeriod) {
$.fullSyncPeriod = fullSyncPeriod;
return this;
}
/**
* @param fullSyncPeriod How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
*
* @return builder
*
*/
public Builder fullSyncPeriod(Integer fullSyncPeriod) {
return fullSyncPeriod(Output.of(fullSyncPeriod));
}
/**
* @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
*
* @return builder
*
*/
public Builder importEnabled(@Nullable Output importEnabled) {
$.importEnabled = importEnabled;
return this;
}
/**
* @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
*
* @return builder
*
*/
public Builder importEnabled(Boolean importEnabled) {
return importEnabled(Output.of(importEnabled));
}
/**
* @param kerberos A block containing the kerberos settings.
*
* @return builder
*
*/
public Builder kerberos(@Nullable Output kerberos) {
$.kerberos = kerberos;
return this;
}
/**
* @param kerberos A block containing the kerberos settings.
*
* @return builder
*
*/
public Builder kerberos(UserFederationKerberosArgs kerberos) {
return kerberos(Output.of(kerberos));
}
/**
* @param name Display name of the provider when displayed in the console.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name Display name of the provider when displayed in the console.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
*
* @return builder
*
*/
public Builder pagination(@Nullable Output pagination) {
$.pagination = pagination;
return this;
}
/**
* @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
*
* @return builder
*
*/
public Builder pagination(Boolean pagination) {
return pagination(Output.of(pagination));
}
/**
* @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
*
* @return builder
*
*/
public Builder priority(@Nullable Output priority) {
$.priority = priority;
return this;
}
/**
* @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
*
* @return builder
*
*/
public Builder priority(Integer priority) {
return priority(Output.of(priority));
}
/**
* @param rdnLdapAttribute Name of the LDAP attribute to use as the relative distinguished name.
*
* @return builder
*
*/
public Builder rdnLdapAttribute(Output rdnLdapAttribute) {
$.rdnLdapAttribute = rdnLdapAttribute;
return this;
}
/**
* @param rdnLdapAttribute Name of the LDAP attribute to use as the relative distinguished name.
*
* @return builder
*
*/
public Builder rdnLdapAttribute(String rdnLdapAttribute) {
return rdnLdapAttribute(Output.of(rdnLdapAttribute));
}
/**
* @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
* @return builder
*
*/
public Builder readTimeout(@Nullable Output readTimeout) {
$.readTimeout = readTimeout;
return this;
}
/**
* @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
*
* @return builder
*
*/
public Builder readTimeout(String readTimeout) {
return readTimeout(Output.of(readTimeout));
}
/**
* @param realmId The realm that this provider will provide user federation for.
*
* @return builder
*
*/
public Builder realmId(Output realmId) {
$.realmId = realmId;
return this;
}
/**
* @param realmId The realm that this provider will provide user federation for.
*
* @return builder
*
*/
public Builder realmId(String realmId) {
return realmId(Output.of(realmId));
}
/**
* @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`:
* - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.
* - `SUBTREE`: Search entire LDAP subtree.
*
* @return builder
*
*/
public Builder searchScope(@Nullable Output searchScope) {
$.searchScope = searchScope;
return this;
}
/**
* @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`:
* - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.
* - `SUBTREE`: Search entire LDAP subtree.
*
* @return builder
*
*/
public Builder searchScope(String searchScope) {
return searchScope(Output.of(searchScope));
}
/**
* @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
*
* @return builder
*
*/
public Builder startTls(@Nullable Output startTls) {
$.startTls = startTls;
return this;
}
/**
* @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
*
* @return builder
*
*/
public Builder startTls(Boolean startTls) {
return startTls(Output.of(startTls));
}
/**
* @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
*
* @return builder
*
*/
public Builder syncRegistrations(@Nullable Output syncRegistrations) {
$.syncRegistrations = syncRegistrations;
return this;
}
/**
* @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
*
* @return builder
*
*/
public Builder syncRegistrations(Boolean syncRegistrations) {
return syncRegistrations(Output.of(syncRegistrations));
}
/**
* @param trustEmail If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
*
* @return builder
*
*/
public Builder trustEmail(@Nullable Output trustEmail) {
$.trustEmail = trustEmail;
return this;
}
/**
* @param trustEmail If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
*
* @return builder
*
*/
public Builder trustEmail(Boolean trustEmail) {
return trustEmail(Output.of(trustEmail));
}
/**
* @param usePasswordModifyExtendedOp When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
*
* @return builder
*
*/
public Builder usePasswordModifyExtendedOp(@Nullable Output usePasswordModifyExtendedOp) {
$.usePasswordModifyExtendedOp = usePasswordModifyExtendedOp;
return this;
}
/**
* @param usePasswordModifyExtendedOp When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
*
* @return builder
*
*/
public Builder usePasswordModifyExtendedOp(Boolean usePasswordModifyExtendedOp) {
return usePasswordModifyExtendedOp(Output.of(usePasswordModifyExtendedOp));
}
/**
* @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
* - `ALWAYS` - Always use the truststore SPI for LDAP connections.
* - `NEVER` - Never use the truststore SPI for LDAP connections.
* - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.
*
* @return builder
*
*/
public Builder useTruststoreSpi(@Nullable Output useTruststoreSpi) {
$.useTruststoreSpi = useTruststoreSpi;
return this;
}
/**
* @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
* - `ALWAYS` - Always use the truststore SPI for LDAP connections.
* - `NEVER` - Never use the truststore SPI for LDAP connections.
* - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.
*
* @return builder
*
*/
public Builder useTruststoreSpi(String useTruststoreSpi) {
return useTruststoreSpi(Output.of(useTruststoreSpi));
}
/**
* @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
*
* @return builder
*
*/
public Builder userObjectClasses(Output> userObjectClasses) {
$.userObjectClasses = userObjectClasses;
return this;
}
/**
* @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
*
* @return builder
*
*/
public Builder userObjectClasses(List userObjectClasses) {
return userObjectClasses(Output.of(userObjectClasses));
}
/**
* @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
*
* @return builder
*
*/
public Builder userObjectClasses(String... userObjectClasses) {
return userObjectClasses(List.of(userObjectClasses));
}
/**
* @param usernameLdapAttribute Name of the LDAP attribute to use as the Keycloak username.
*
* @return builder
*
*/
public Builder usernameLdapAttribute(Output usernameLdapAttribute) {
$.usernameLdapAttribute = usernameLdapAttribute;
return this;
}
/**
* @param usernameLdapAttribute Name of the LDAP attribute to use as the Keycloak username.
*
* @return builder
*
*/
public Builder usernameLdapAttribute(String usernameLdapAttribute) {
return usernameLdapAttribute(Output.of(usernameLdapAttribute));
}
/**
* @param usersDn Full DN of LDAP tree where your users are.
*
* @return builder
*
*/
public Builder usersDn(Output usersDn) {
$.usersDn = usersDn;
return this;
}
/**
* @param usersDn Full DN of LDAP tree where your users are.
*
* @return builder
*
*/
public Builder usersDn(String usersDn) {
return usersDn(Output.of(usersDn));
}
/**
* @param uuidLdapAttribute Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
*
* @return builder
*
*/
public Builder uuidLdapAttribute(Output uuidLdapAttribute) {
$.uuidLdapAttribute = uuidLdapAttribute;
return this;
}
/**
* @param uuidLdapAttribute Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
*
* @return builder
*
*/
public Builder uuidLdapAttribute(String uuidLdapAttribute) {
return uuidLdapAttribute(Output.of(uuidLdapAttribute));
}
/**
* @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it.
*
* @return builder
*
*/
public Builder validatePasswordPolicy(@Nullable Output validatePasswordPolicy) {
$.validatePasswordPolicy = validatePasswordPolicy;
return this;
}
/**
* @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it.
*
* @return builder
*
*/
public Builder validatePasswordPolicy(Boolean validatePasswordPolicy) {
return validatePasswordPolicy(Output.of(validatePasswordPolicy));
}
/**
* @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
*
* @return builder
*
*/
public Builder vendor(@Nullable Output vendor) {
$.vendor = vendor;
return this;
}
/**
* @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
*
* @return builder
*
*/
public Builder vendor(String vendor) {
return vendor(Output.of(vendor));
}
public UserFederationArgs build() {
if ($.connectionUrl == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "connectionUrl");
}
if ($.rdnLdapAttribute == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "rdnLdapAttribute");
}
if ($.realmId == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "realmId");
}
if ($.userObjectClasses == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "userObjectClasses");
}
if ($.usernameLdapAttribute == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "usernameLdapAttribute");
}
if ($.usersDn == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "usersDn");
}
if ($.uuidLdapAttribute == null) {
throw new MissingRequiredPropertyException("UserFederationArgs", "uuidLdapAttribute");
}
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy