mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[keycloak_user_federation]: Adding option krbPrincipalAttribute (#7538)
* keycloak_user_federation: Adding support for krbPrincipalAttribute Signed-off-by: boolman <boolman@gmail.com> * pr/7538 adding changelogs/fragment file Signed-off-by: boolman <boolman@gmail.com> * Update changelogs/fragments/7538-add-krbprincipalattribute-option.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Signed-off-by: boolman <boolman@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
12395732e8
commit
938aec492e
3 changed files with 17 additions and 0 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538).
|
|
@ -342,6 +342,16 @@ options:
|
||||||
- Name of kerberos realm.
|
- Name of kerberos realm.
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
|
krbPrincipalAttribute:
|
||||||
|
description:
|
||||||
|
- Name of the LDAP attribute, which refers to Kerberos principal.
|
||||||
|
This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak.
|
||||||
|
When this is empty, the LDAP user will be looked based on LDAP username corresponding
|
||||||
|
to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
|
||||||
|
it will assume that LDAP username is V(john).
|
||||||
|
type: str
|
||||||
|
version_added: 8.1.0
|
||||||
|
|
||||||
serverPrincipal:
|
serverPrincipal:
|
||||||
description:
|
description:
|
||||||
- Full name of server principal for HTTP service including server and domain name. For
|
- Full name of server principal for HTTP service including server and domain name. For
|
||||||
|
@ -764,6 +774,7 @@ def main():
|
||||||
readTimeout=dict(type='int'),
|
readTimeout=dict(type='int'),
|
||||||
searchScope=dict(type='str', choices=['1', '2'], default='1'),
|
searchScope=dict(type='str', choices=['1', '2'], default='1'),
|
||||||
serverPrincipal=dict(type='str'),
|
serverPrincipal=dict(type='str'),
|
||||||
|
krbPrincipalAttribute=dict(type='str'),
|
||||||
startTls=dict(type='bool', default=False),
|
startTls=dict(type='bool', default=False),
|
||||||
syncRegistrations=dict(type='bool', default=False),
|
syncRegistrations=dict(type='bool', default=False),
|
||||||
trustEmail=dict(type='bool', default=False),
|
trustEmail=dict(type='bool', default=False),
|
||||||
|
|
|
@ -326,6 +326,7 @@ class TestKeycloakUserFederation(ModuleTestCase):
|
||||||
'connectionPooling': True,
|
'connectionPooling': True,
|
||||||
'pagination': True,
|
'pagination': True,
|
||||||
'allowKerberosAuthentication': False,
|
'allowKerberosAuthentication': False,
|
||||||
|
'krbPrincipalAttribute': 'krbPrincipalName',
|
||||||
'debug': False,
|
'debug': False,
|
||||||
'useKerberosForPasswordAuthentication': False,
|
'useKerberosForPasswordAuthentication': False,
|
||||||
},
|
},
|
||||||
|
@ -374,6 +375,9 @@ class TestKeycloakUserFederation(ModuleTestCase):
|
||||||
"enabled": [
|
"enabled": [
|
||||||
"true"
|
"true"
|
||||||
],
|
],
|
||||||
|
"krbPrincipalAttribute": [
|
||||||
|
"krb5PrincipalName"
|
||||||
|
],
|
||||||
"usernameLDAPAttribute": [
|
"usernameLDAPAttribute": [
|
||||||
"uid"
|
"uid"
|
||||||
],
|
],
|
||||||
|
|
Loading…
Reference in a new issue