Merge pull request #70 from abstractj/KEYCLOAK-3904
[KEYCLOAK-3904] SSSD User Federation allow to change user groups
This commit is contained in:
commit
12f3c75729
1 changed files with 3 additions and 2 deletions
|
@ -14,6 +14,9 @@ image:../../{{book.images}}/keycloak-sssd-freeipa-integration-overview.png[]
|
||||||
|
|
||||||
Most of the communication between {{book.project.name}} and SSSD happens through read-only D-Bus interfaces. For this reason, the only way to provision and update users is changing it at FreeIPA/IdM admin's interface. By default, it is set up only to import username, e-mail, first name, and last name — just like the LDAP federation provider.
|
Most of the communication between {{book.project.name}} and SSSD happens through read-only D-Bus interfaces. For this reason, the only way to provision and update users is changing it at FreeIPA/IdM admin's interface. By default, it is set up only to import username, e-mail, first name, and last name — just like the LDAP federation provider.
|
||||||
|
|
||||||
|
[CAUTION]
|
||||||
|
Groups and roles and automatically registered, but not synchronized, so any changes made by the Keycloak administrator directly in Keycloak is not synchronized with SSSD.
|
||||||
|
|
||||||
Because it's easy to forget some configuration detail, let's go through some steps, to make sure that everything is alright.
|
Because it's easy to forget some configuration detail, let's go through some steps, to make sure that everything is alright.
|
||||||
|
|
||||||
==== FreeIPA/IdM server
|
==== FreeIPA/IdM server
|
||||||
|
@ -101,8 +104,6 @@ fi
|
||||||
----
|
----
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
This script do the proper changes to `/etc/sssd/sssd.conf`:
|
This script do the proper changes to `/etc/sssd/sssd.conf`:
|
||||||
|
|
||||||
[domain/your-hostname.local]
|
[domain/your-hostname.local]
|
||||||
|
|
Loading…
Reference in a new issue