Merge pull request #70 from abstractj/KEYCLOAK-3904

[KEYCLOAK-3904] SSSD User Federation allow to change user groups
This commit is contained in:
Stian Thorgersen 2016-12-16 09:00:57 +01:00 committed by GitHub
commit 12f3c75729

View file

@ -14,6 +14,9 @@ image:../../{{book.images}}/keycloak-sssd-freeipa-integration-overview.png[]
Most of the communication between {{book.project.name}} and SSSD happens through read-only D-Bus interfaces. For this reason, the only way to provision and update users is changing it at FreeIPA/IdM admin's interface. By default, it is set up only to import username, e-mail, first name, and last name — just like the LDAP federation provider. Most of the communication between {{book.project.name}} and SSSD happens through read-only D-Bus interfaces. For this reason, the only way to provision and update users is changing it at FreeIPA/IdM admin's interface. By default, it is set up only to import username, e-mail, first name, and last name — just like the LDAP federation provider.
[CAUTION]
Groups and roles and automatically registered, but not synchronized, so any changes made by the Keycloak administrator directly in Keycloak is not synchronized with SSSD.
Because it's easy to forget some configuration detail, let's go through some steps, to make sure that everything is alright. Because it's easy to forget some configuration detail, let's go through some steps, to make sure that everything is alright.
==== FreeIPA/IdM server ==== FreeIPA/IdM server
@ -101,8 +104,6 @@ fi
---- ----
{% endif %} {% endif %}
This script do the proper changes to `/etc/sssd/sssd.conf`: This script do the proper changes to `/etc/sssd/sssd.conf`:
[domain/your-hostname.local] [domain/your-hostname.local]