Added docs about sync of users

2014-08-25 17:17:32 +02:00 · 2014-08-25 17:17:32 +02:00 · 688f4a07a3
commit 688f4a07a3
parent 6c7d0f27a7
1 changed files with 42 additions and 1 deletions
--- a/docbook/reference/en/en-US/modules/user-federation.xml
+++ b/docbook/reference/en/en-US/modules/user-federation.xml
@ -101,7 +101,8 @@
                        <term>Other options</term>
                        <listitem>
                            <para>
-                                The rest of the configuration options should be self explanatory.
+                                The rest of the configuration options should be self explanatory. You can use tooltips in admin console
+                                to see some more details about them.
                            </para>
                        </listitem>
                    </varlistentry>
@ -109,6 +110,46 @@
            </para>
        </section>
    </section>
+    <section>
+        <title>Sync of LDAP users to Keycloak</title>
+        <para>
+            LDAP Federation Provider will automatically take care of synchronization (import) of needed LDAP users into Keycloak database.
+            For example once you first authenticate LDAP user <literal>john</literal> from Keycloak UI, LDAP Federation provider will
+            first import this LDAP user into Keycloak database and then authenticate against LDAP password.
+        </para>
+        <para>
+            Thing is that Federation Provider import just requested users by default, so if you click to <literal>View all users</literal>
+            in Keycloak admin console, you will see just those LDAP users, which were already authenticated/requested by Keycloak.
+        </para>
+        <para>If you want to sync all LDAP users into Keycloak database, you may configure and enable Sync, which is in
+            admin console on same page like the configuration of Federation provider itself. There are 2 types of sync:
+            <variablelist>
+                <varlistentry>
+                    <term>Full sync</term>
+                    <listitem>
+                        <para>
+                            This will synchronize all LDAP users into Keycloak DB. Those LDAP users, which already exist in Keycloak and were
+                            changed in LDAP directly will be updated in Keycloak DB (For example if user <literal>Mary Kelly</literal> was changed in LDAP to <literal>Mary Doe</literal>).
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>Changed users sync</term>
+                    <listitem>
+                        <para>
+                            This will check LDAP and it will sync into Keycloak just those users, which were created or updated in LDAP from the time of last sync.
+                        </para>
+                    </listitem>
+                </varlistentry>
+            </variablelist>
+        </para>
+        <para>
+            In usual cases you may want to trigger full sync at the beginning, so you will import all LDAP users to Keycloak just once. Then you may setup
+            periodic sync of changed users, so Keycloak will periodically ask LDAP server for newly created or updated users and backport them to Keycloak DB.
+            Also you may want to trigger full sync again after some longer time or setup periodic full sync as well.
+        </para>
+        <para>In admin console, you can trigger sync directly or you can enable periodic changed or full sync.</para>
+    </section>
    <section>
        <title>Writing your own User Federation Provider</title>
        <para>