Skip to content
/ keycloak-dn-mapper Public

Keycloak ldap storage mapper to create roles/groups based on the user's organisational units contained within its dn

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terrestris/keycloak-dn-mapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

379 Commits
src/main
src/main
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
renovate.json
renovate.json
 
 

Repository files navigation

Keycloak LDAP dn mapper

Install

If using the official keycloak docker image you can create a mount of the directory /opt/jboss/keycloak/standalone/deployments and copy the jar there.

Usage

When using the mapper, you can configure

  • the index of the ou to use as a group/role name
  • whether to create a group or not

The mapper will then extract the parts of the user's dn and (for a dn like cn=hwbllmnn,ou=user,ou=developer,ou=homeoffice,o=terrestris):

  • add the parts of the dn to the keycloak user's attributes sorted by key, like so:
cn: ["hwbllmnn"],
o: ["terrestris"],
ou: ["user", developer", "homeoffice"]
  • create a role based on the index into the ou list configured
  • if switched on, create a group with the same name
  • grant the role to the user
  • add the user to the group if configured

About

Keycloak ldap storage mapper to create roles/groups based on the user's organisational units contained within its dn

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

17 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages