You can buy this project and download/modify it how often you want.
User Federation {{instance.displayName|capitalize}} Add User Federation Provider Required Settings Provider ID Console display name Display name of provider when linked in admin console. Priority Priority of provider when doing a user lookup. Lowest first. Edit mode READ_ONLY WRITABLE UNSYNCED READ_ONLY is a read only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP. Sync Registrations Should newly created users be created within LDAP store? Priority effects which provider is chose to sync the new user. * Vendor LDAP vendor (provider) * Username LDAP attribute Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn' . The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak. * RDN LDAP attribute Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it's not required. For example for Active directory it's common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName' . * UUID LDAP attribute Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors it's 'entryUUID' however some are different. For example for Active directory it should be 'objectGUID' . If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN' . * User Object Classes All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes. * Connection URL Connection URL to your LDAP server Test connection * Users DN Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com' * Authentication Type LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available * Bind DN DN of LDAP admin, which will be used by Keycloak to access LDAP server * Bind Credential Password of LDAP admin Test authentication Custom User LDAP Filter Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')' Search scope For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details Connection pooling Does Keycloak should use connection pooling for accessing LDAP server Pagination Does the LDAP server support pagination. Kerberos integration Allow Kerberos authentication Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server * Kerberos Realm Name of kerberos realm. For example FOO.ORG * Server principal Full name of server principal for HTTP service including server and domain name. For example HTTP/[email protected] * KeyTab Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab Debug Enable/disable debug logging to standard output for Krb5LoginModule. Use Kerberos For Password Authentication Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API Sync settings Batch size Count of LDAP users to be imported from LDAP to Keycloak within single transaction. Periodic full sync Does periodic full synchronization of LDAP users to Keycloak should be enabled or not Full sync period Period for full synchronization in seconds Periodic changed users sync Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not Changed users sync period Period for synchronization of changed or newly created LDAP users in seconds Save Cancel Save Cancel Synchronize changed users Synchronize all users
