如何在 Keycloak 中动态配置 LDAP
How to configure LDAP in Keycloak dynamically
我在我的项目中使用 Keycloak 作为 UAA,我可以通过 java 代码在 keycloak 中动态创建一个新领域。现在我想为在 keycloak.Is 中创建的 relam 添加 LDAP 支持,有任何选项可以使用 java 动态地完成它吗?
我能够向下钻取并确定我需要设置的属性。基本上我创建了具有所有 ldap 值的 ComponentRepresentation 对象并添加到领域中,
ComponentRepresentation ldapComponentRep = new ComponentRepresentation();
String componentId = UUID.randomUUID().toString();
ldapComponentRep.setId(componentId);
ldapComponentRep.setName("testldap");
ldapComponentRep.setProviderId("testldap");
ldapComponentRep.setParentId("realmname");
ldapComponentRep.setProviderType("org.keycloak.storage.UserStorageProvider");
MultivaluedHashMap config = new MultivaluedHashMap<>();
config.putSingle("fullSyncPeriod", "-1");
config.putSingle("pagination", "true");
config.putSingle("connectionPooling", "true");
config.putSingle("usersDn", "o=758ldifojencdjks,dc=test,dc=com");
config.putSingle("cachePolicy", "DEFAULT");
config.putSingle("useKerberosForPasswordAuthentication","false");
config.putSingle("importEnabled","true");
config.putSingle("enabled","true");
config.putSingle("bindCredential","*********");
config.putSingle("usernameLDAPAttribute","uid");
config.putSingle("bindDn","uid=ldap.connector,ou=Users,o=758ldifojencdjks,dc=test,dc=com");
config.putSingle("changedSyncPeriod","-1");
config.putSingle("vendor","other");
config.putSingle("uuidLDAPAttribute","entryUUID");
config.putSingle("allowKerberosAuthentication","false");
config.putSingle("connectionUrl","ldap://ldap.test.com:389");
config.putSingle("syncRegistrations","false");
config.putSingle("authType","simple");
config.putSingle("debug","false");
config.putSingle("searchScope","2");
config.putSingle("useTruststoreSpi","ldapsOnly");
config.putSingle("priority","1");
config.putSingle("trustEmail","false");
config.putSingle("userObjectClasses","inetOrgPerson, organizationalPerson");
config.putSingle("rdnLDAPAttribute","uid");
config.putSingle("editMode","READ_ONLY");
config.putSingle("validatePasswordPolicy","false");
config.putSingle("batchSizeForSync","1000");
ldapComponentRep.setConfig(config);
keycloak.realms().realm("realmname").components().add(ldapComponentRep).getStatus();
最后一行201的输出,但没有异常,配置也没有保存。
请帮我解决这个问题。
提前致谢,
是的,我终于能够动态创建 LDAP 配置,providerId 中传递的输入错误
ldapComponentRep.setName("testldap");
ldapComponentRep.setProviderId("testldap");
应该如下所示,
ldapComponentRep.setProviderId("ldap");
我在我的项目中使用 Keycloak 作为 UAA,我可以通过 java 代码在 keycloak 中动态创建一个新领域。现在我想为在 keycloak.Is 中创建的 relam 添加 LDAP 支持,有任何选项可以使用 java 动态地完成它吗?
我能够向下钻取并确定我需要设置的属性。基本上我创建了具有所有 ldap 值的 ComponentRepresentation 对象并添加到领域中,
ComponentRepresentation ldapComponentRep = new ComponentRepresentation();
String componentId = UUID.randomUUID().toString();
ldapComponentRep.setId(componentId);
ldapComponentRep.setName("testldap");
ldapComponentRep.setProviderId("testldap");
ldapComponentRep.setParentId("realmname");
ldapComponentRep.setProviderType("org.keycloak.storage.UserStorageProvider");
MultivaluedHashMap config = new MultivaluedHashMap<>();
config.putSingle("fullSyncPeriod", "-1");
config.putSingle("pagination", "true");
config.putSingle("connectionPooling", "true");
config.putSingle("usersDn", "o=758ldifojencdjks,dc=test,dc=com");
config.putSingle("cachePolicy", "DEFAULT");
config.putSingle("useKerberosForPasswordAuthentication","false");
config.putSingle("importEnabled","true");
config.putSingle("enabled","true");
config.putSingle("bindCredential","*********");
config.putSingle("usernameLDAPAttribute","uid");
config.putSingle("bindDn","uid=ldap.connector,ou=Users,o=758ldifojencdjks,dc=test,dc=com");
config.putSingle("changedSyncPeriod","-1");
config.putSingle("vendor","other");
config.putSingle("uuidLDAPAttribute","entryUUID");
config.putSingle("allowKerberosAuthentication","false");
config.putSingle("connectionUrl","ldap://ldap.test.com:389");
config.putSingle("syncRegistrations","false");
config.putSingle("authType","simple");
config.putSingle("debug","false");
config.putSingle("searchScope","2");
config.putSingle("useTruststoreSpi","ldapsOnly");
config.putSingle("priority","1");
config.putSingle("trustEmail","false");
config.putSingle("userObjectClasses","inetOrgPerson, organizationalPerson");
config.putSingle("rdnLDAPAttribute","uid");
config.putSingle("editMode","READ_ONLY");
config.putSingle("validatePasswordPolicy","false");
config.putSingle("batchSizeForSync","1000");
ldapComponentRep.setConfig(config);
keycloak.realms().realm("realmname").components().add(ldapComponentRep).getStatus();
最后一行201的输出,但没有异常,配置也没有保存。
请帮我解决这个问题。
提前致谢,
是的,我终于能够动态创建 LDAP 配置,providerId 中传递的输入错误
ldapComponentRep.setName("testldap");
ldapComponentRep.setProviderId("testldap");
应该如下所示,
ldapComponentRep.setProviderId("ldap");