admin.federationproviders#
Collection Note
This module is part of the nokia.eda_core_v1 collection. To install the collection, use:
Added in version0.3.0. Synopsis#
- Description will be added soon.
Parameters#
| Parameter | Defaults / Choices | Comments |
|---|---|---|
| auth dict | None | |
| auth_token str required | HTTP authentication (Bearer authentication) string in the format of "Bearer TOKEN". Required unless state is cronly. | |
| base_url str required | EDA API URL including the schema and port (if non standard for the provided schema). Example - https://try.eda.demo:9443. Required unless state is cronly. | |
| ca_path str required | A path to the PEM-encoded CA certificate to use for TLS verification. Required unless state is cronly. | |
| enabled bool | If true, checking/syncing this LDAP provider is enabled. | |
| group_support dict | None | |
| id_attribute str required | Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. | |
| name str required | Name of the federationproviders. Required when state is query or absent. | |
| pagination bool | Set to true if the LDAP server supports pagination. | |
| periodic_sync bool | If true, periodic synchronization of new changed or newly created LDAP users to Keycloak will occur. | |
| periodic_sync_secs int | If periodic sync is enabled, this is the period in seconds that synchronization will occur. | |
| rdn_ldap_attribute str required | Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. | |
| read_only bool required | If false, changes made to LDAP-mapped attribute via EDA will be synced back to the LDAP server. Otherwise, changes are not made in LDAP. | |
| scope str | Must be "One Level" or "Subtree". If "One Level", the search applies only for users in the DNs specified by User DNs. If "Subtree", the search applies to the whole subtree. | |
| state str required | Choices: absent, query, present | State of the requested resource object. |
| timeout int | LDAP connection timeout in milliseconds | |
| tls bool | If true, encrypts the connection to LDAP using STARTTLS | |
| tls_skip_verify bool required | A flag to control the TLS verification of the session. Required unless state is cronly. | |
| type str required | The type of provider. Currently only "ldap" is supported. | |
| url str required | Connection URL to your LDAP server | |
| user_dn str required | Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. | |
| user_object_classes str required | All values of LDAP objectClass attribute for users in LDAP, divided by commas. (e.g. inetOrgPerson, organizationalPerson). | |
| user_search_filter str | Additional LDAP filter for filtering searched users. Leave this empty if you don't need an additional filter. Make sure that it starts with '(' and ends with ')'. | |
| username_attribute str required | Name of the LDAP attribute, which is mapped as EDA username. For many LDAP server vendors it can be 'uid'. | |
| uuid str | The unique identifier given to the entry when it is created. | |
| var_import bool | If true, the LDAP information will be imported into the EDA (Keycloak) database. | |
| vendor str required | LDAP vendor (provider). |
Authors#
- Roman Dodin (@hellt)