Remove ldapsOnly (console and docs)

Closes: #9313
This commit is contained in:
Hynek Mlnarik 2023-06-16 16:39:45 +02:00 committed by Hynek Mlnařík
parent c092c76ae8
commit b8149d66ca
8 changed files with 13 additions and 15 deletions

View file

@ -1607,7 +1607,7 @@ $ kcadm.sh create components -r demorealm -s parentId=demorealmId -s id=demokerb
+ +
[options="nowrap"] [options="nowrap"]
---- ----
$ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]' $ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["always"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]'
---- ----
[discrete] [discrete]
@ -1662,7 +1662,7 @@ For example:
+ +
[options="nowrap"] [options="nowrap"]
---- ----
$ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly $ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
---- ----
[discrete] [discrete]
@ -1676,7 +1676,7 @@ For example:
+ +
[options="nowrap"] [options="nowrap"]
---- ----
$ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly $ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
---- ----

View file

@ -29,7 +29,7 @@ const ldapVendor = "Active Directory";
// connection and authentication settings // connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004"; const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple"; const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps"; const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000"; const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test"; const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user"; const bindCredsValid = "user";
@ -93,7 +93,7 @@ describe("User Fed LDAP mapper tests", () => {
providersPage.fillLdapConnectionData( providersPage.fillLdapConnectionData(
connectionUrlValid, connectionUrlValid,
bindTypeSimple, bindTypeSimple,
truststoreSpiOnlyLdaps, truststoreSpiAlways,
connectionTimeoutTwoSecs, connectionTimeoutTwoSecs,
bindDnCnDc, bindDnCnDc,
bindCredsValid bindCredsValid

View file

@ -23,7 +23,7 @@ const ldapVendor = "Active Directory";
// connection and authentication settings // connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004"; const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple"; const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps"; const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000"; const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test"; const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user"; const bindCredsValid = "user";
@ -96,7 +96,7 @@ describe("User Fed LDAP mapper tests", () => {
providersPage.fillLdapConnectionData( providersPage.fillLdapConnectionData(
connectionUrlValid, connectionUrlValid,
bindTypeSimple, bindTypeSimple,
truststoreSpiOnlyLdaps, truststoreSpiAlways,
connectionTimeoutTwoSecs, connectionTimeoutTwoSecs,
bindDnCnDc, bindDnCnDc,
bindCredsValid bindCredsValid

View file

@ -23,7 +23,7 @@ const updatedLdapName = `${firstLdapName}-updated`;
// connection and authentication settings // connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004"; const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple"; const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps"; const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000"; const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test"; const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user"; const bindCredsValid = "user";
@ -269,7 +269,7 @@ describe("User Federation LDAP tests", () => {
providersPage.fillLdapConnectionData( providersPage.fillLdapConnectionData(
connectionUrlValid, connectionUrlValid,
bindTypeSimple, bindTypeSimple,
truststoreSpiOnlyLdaps, truststoreSpiAlways,
connectionTimeoutTwoSecs, connectionTimeoutTwoSecs,
bindDnCnDc, bindDnCnDc,
bindCredsValid bindCredsValid

View file

@ -7,7 +7,7 @@
"ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.", "ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.",
"consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server", "consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server",
"enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling", "enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling",
"useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in standalone.xml/domain.sml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use it if your connection URL use ldaps. Note that even if standalone.xml/domain.xml is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.", "useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in command-line options. 'Always' means that it will always use it. 'Never' means that it will not use it. Note that even if Keycloak truststore is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.",
"connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.", "connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.",
"connectionTimeoutHelp": "LDAP connection timeout in milliseconds", "connectionTimeoutHelp": "LDAP connection timeout in milliseconds",
"bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.", "bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.",

View file

@ -71,7 +71,6 @@
"updateFirstLogin": "Update first login", "updateFirstLogin": "Update first login",
"always": "Always", "always": "Always",
"never": "Never", "never": "Never",
"onlyLdaps": "Only for ldaps",
"oneLevel": "One Level", "oneLevel": "One Level",
"subtree": "Subtree", "subtree": "Subtree",
"saveSuccess": "User federation provider successfully saved", "saveSuccess": "User federation provider successfully saved",

View file

@ -183,7 +183,7 @@ export const LdapSettingsConnection = ({
<Controller <Controller
name="config.useTruststoreSpi[0]" name="config.useTruststoreSpi[0]"
control={form.control} control={form.control}
defaultValue="ldapsOnly" defaultValue="always"
render={({ field }) => ( render={({ field }) => (
<Select <Select
toggleId="kc-use-truststore-spi" toggleId="kc-use-truststore-spi"
@ -198,7 +198,6 @@ export const LdapSettingsConnection = ({
selections={field.value} selections={field.value}
> >
<SelectOption value="always">{t("always")}</SelectOption> <SelectOption value="always">{t("always")}</SelectOption>
<SelectOption value="ldapsOnly">{t("onlyLdaps")}</SelectOption>
<SelectOption value="never">{t("never")}</SelectOption> <SelectOption value="never">{t("never")}</SelectOption>
</Select> </Select>
)} )}

View file

@ -413,7 +413,7 @@ describe("Realms", () => {
connectionTimeout: "", connectionTimeout: "",
connectionUrl: "1", connectionUrl: "1",
startTls: "", startTls: "",
useTruststoreSpi: "ldapsOnly", useTruststoreSpi: "always",
} }
); );
fail("exception should have been thrown"); fail("exception should have been thrown");
@ -455,7 +455,7 @@ describe("Realms", () => {
connectionTimeout: "", connectionTimeout: "",
connectionUrl: "1", connectionUrl: "1",
startTls: "", startTls: "",
useTruststoreSpi: "ldapsOnly", useTruststoreSpi: "always",
} }
); );
fail("exception should have been thrown"); fail("exception should have been thrown");