parent
c092c76ae8
commit
b8149d66ca
8 changed files with 13 additions and 15 deletions
|
@ -1607,7 +1607,7 @@ $ kcadm.sh create components -r demorealm -s parentId=demorealmId -s id=demokerb
|
||||||
+
|
+
|
||||||
[options="nowrap"]
|
[options="nowrap"]
|
||||||
----
|
----
|
||||||
$ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]'
|
$ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["always"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]'
|
||||||
----
|
----
|
||||||
|
|
||||||
[discrete]
|
[discrete]
|
||||||
|
@ -1662,7 +1662,7 @@ For example:
|
||||||
+
|
+
|
||||||
[options="nowrap"]
|
[options="nowrap"]
|
||||||
----
|
----
|
||||||
$ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly
|
$ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
|
||||||
----
|
----
|
||||||
|
|
||||||
[discrete]
|
[discrete]
|
||||||
|
@ -1676,7 +1676,7 @@ For example:
|
||||||
+
|
+
|
||||||
[options="nowrap"]
|
[options="nowrap"]
|
||||||
----
|
----
|
||||||
$ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly
|
$ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
|
||||||
----
|
----
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ const ldapVendor = "Active Directory";
|
||||||
// connection and authentication settings
|
// connection and authentication settings
|
||||||
const connectionUrlValid = "ldap://localhost:3004";
|
const connectionUrlValid = "ldap://localhost:3004";
|
||||||
const bindTypeSimple = "simple";
|
const bindTypeSimple = "simple";
|
||||||
const truststoreSpiOnlyLdaps = "Only for ldaps";
|
const truststoreSpiAlways = "Always";
|
||||||
const connectionTimeoutTwoSecs = "2000";
|
const connectionTimeoutTwoSecs = "2000";
|
||||||
const bindDnCnDc = "cn=user,dc=test";
|
const bindDnCnDc = "cn=user,dc=test";
|
||||||
const bindCredsValid = "user";
|
const bindCredsValid = "user";
|
||||||
|
@ -93,7 +93,7 @@ describe("User Fed LDAP mapper tests", () => {
|
||||||
providersPage.fillLdapConnectionData(
|
providersPage.fillLdapConnectionData(
|
||||||
connectionUrlValid,
|
connectionUrlValid,
|
||||||
bindTypeSimple,
|
bindTypeSimple,
|
||||||
truststoreSpiOnlyLdaps,
|
truststoreSpiAlways,
|
||||||
connectionTimeoutTwoSecs,
|
connectionTimeoutTwoSecs,
|
||||||
bindDnCnDc,
|
bindDnCnDc,
|
||||||
bindCredsValid
|
bindCredsValid
|
||||||
|
|
|
@ -23,7 +23,7 @@ const ldapVendor = "Active Directory";
|
||||||
// connection and authentication settings
|
// connection and authentication settings
|
||||||
const connectionUrlValid = "ldap://localhost:3004";
|
const connectionUrlValid = "ldap://localhost:3004";
|
||||||
const bindTypeSimple = "simple";
|
const bindTypeSimple = "simple";
|
||||||
const truststoreSpiOnlyLdaps = "Only for ldaps";
|
const truststoreSpiAlways = "Always";
|
||||||
const connectionTimeoutTwoSecs = "2000";
|
const connectionTimeoutTwoSecs = "2000";
|
||||||
const bindDnCnDc = "cn=user,dc=test";
|
const bindDnCnDc = "cn=user,dc=test";
|
||||||
const bindCredsValid = "user";
|
const bindCredsValid = "user";
|
||||||
|
@ -96,7 +96,7 @@ describe("User Fed LDAP mapper tests", () => {
|
||||||
providersPage.fillLdapConnectionData(
|
providersPage.fillLdapConnectionData(
|
||||||
connectionUrlValid,
|
connectionUrlValid,
|
||||||
bindTypeSimple,
|
bindTypeSimple,
|
||||||
truststoreSpiOnlyLdaps,
|
truststoreSpiAlways,
|
||||||
connectionTimeoutTwoSecs,
|
connectionTimeoutTwoSecs,
|
||||||
bindDnCnDc,
|
bindDnCnDc,
|
||||||
bindCredsValid
|
bindCredsValid
|
||||||
|
|
|
@ -23,7 +23,7 @@ const updatedLdapName = `${firstLdapName}-updated`;
|
||||||
// connection and authentication settings
|
// connection and authentication settings
|
||||||
const connectionUrlValid = "ldap://localhost:3004";
|
const connectionUrlValid = "ldap://localhost:3004";
|
||||||
const bindTypeSimple = "simple";
|
const bindTypeSimple = "simple";
|
||||||
const truststoreSpiOnlyLdaps = "Only for ldaps";
|
const truststoreSpiAlways = "Always";
|
||||||
const connectionTimeoutTwoSecs = "2000";
|
const connectionTimeoutTwoSecs = "2000";
|
||||||
const bindDnCnDc = "cn=user,dc=test";
|
const bindDnCnDc = "cn=user,dc=test";
|
||||||
const bindCredsValid = "user";
|
const bindCredsValid = "user";
|
||||||
|
@ -269,7 +269,7 @@ describe("User Federation LDAP tests", () => {
|
||||||
providersPage.fillLdapConnectionData(
|
providersPage.fillLdapConnectionData(
|
||||||
connectionUrlValid,
|
connectionUrlValid,
|
||||||
bindTypeSimple,
|
bindTypeSimple,
|
||||||
truststoreSpiOnlyLdaps,
|
truststoreSpiAlways,
|
||||||
connectionTimeoutTwoSecs,
|
connectionTimeoutTwoSecs,
|
||||||
bindDnCnDc,
|
bindDnCnDc,
|
||||||
bindCredsValid
|
bindCredsValid
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
"ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.",
|
"ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.",
|
||||||
"consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server",
|
"consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server",
|
||||||
"enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling",
|
"enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling",
|
||||||
"useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in standalone.xml/domain.sml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use it if your connection URL use ldaps. Note that even if standalone.xml/domain.xml is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.",
|
"useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in command-line options. 'Always' means that it will always use it. 'Never' means that it will not use it. Note that even if Keycloak truststore is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.",
|
||||||
"connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.",
|
"connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.",
|
||||||
"connectionTimeoutHelp": "LDAP connection timeout in milliseconds",
|
"connectionTimeoutHelp": "LDAP connection timeout in milliseconds",
|
||||||
"bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.",
|
"bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.",
|
||||||
|
|
|
@ -71,7 +71,6 @@
|
||||||
"updateFirstLogin": "Update first login",
|
"updateFirstLogin": "Update first login",
|
||||||
"always": "Always",
|
"always": "Always",
|
||||||
"never": "Never",
|
"never": "Never",
|
||||||
"onlyLdaps": "Only for ldaps",
|
|
||||||
"oneLevel": "One Level",
|
"oneLevel": "One Level",
|
||||||
"subtree": "Subtree",
|
"subtree": "Subtree",
|
||||||
"saveSuccess": "User federation provider successfully saved",
|
"saveSuccess": "User federation provider successfully saved",
|
||||||
|
|
|
@ -183,7 +183,7 @@ export const LdapSettingsConnection = ({
|
||||||
<Controller
|
<Controller
|
||||||
name="config.useTruststoreSpi[0]"
|
name="config.useTruststoreSpi[0]"
|
||||||
control={form.control}
|
control={form.control}
|
||||||
defaultValue="ldapsOnly"
|
defaultValue="always"
|
||||||
render={({ field }) => (
|
render={({ field }) => (
|
||||||
<Select
|
<Select
|
||||||
toggleId="kc-use-truststore-spi"
|
toggleId="kc-use-truststore-spi"
|
||||||
|
@ -198,7 +198,6 @@ export const LdapSettingsConnection = ({
|
||||||
selections={field.value}
|
selections={field.value}
|
||||||
>
|
>
|
||||||
<SelectOption value="always">{t("always")}</SelectOption>
|
<SelectOption value="always">{t("always")}</SelectOption>
|
||||||
<SelectOption value="ldapsOnly">{t("onlyLdaps")}</SelectOption>
|
|
||||||
<SelectOption value="never">{t("never")}</SelectOption>
|
<SelectOption value="never">{t("never")}</SelectOption>
|
||||||
</Select>
|
</Select>
|
||||||
)}
|
)}
|
||||||
|
|
|
@ -413,7 +413,7 @@ describe("Realms", () => {
|
||||||
connectionTimeout: "",
|
connectionTimeout: "",
|
||||||
connectionUrl: "1",
|
connectionUrl: "1",
|
||||||
startTls: "",
|
startTls: "",
|
||||||
useTruststoreSpi: "ldapsOnly",
|
useTruststoreSpi: "always",
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
fail("exception should have been thrown");
|
fail("exception should have been thrown");
|
||||||
|
@ -455,7 +455,7 @@ describe("Realms", () => {
|
||||||
connectionTimeout: "",
|
connectionTimeout: "",
|
||||||
connectionUrl: "1",
|
connectionUrl: "1",
|
||||||
startTls: "",
|
startTls: "",
|
||||||
useTruststoreSpi: "ldapsOnly",
|
useTruststoreSpi: "always",
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
fail("exception should have been thrown");
|
fail("exception should have been thrown");
|
||||||
|
|
Loading…
Reference in a new issue