Comments (3)
Hi @f-trivino I looked into this more, it appears the ldap_user_extra_attrs
line is not being added to sssd.conf during the intg domain add operation (Adding it manually fixes the issue)., even though the ipa-client-install on the bridge is successful and the plugin is added successfully.
ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname
I am testing using ipa-tuura master, on the keycloak system I use following commands to add the plugin and then test a user lookup. scimurl
is replaced with the system IP address I am deploying with IDM-CI.
./kcadm.sh config credentials \
--server http://localhost:8080 \
--realm master --user admin --password redhat
./kcadm.sh create components \
-r master \
-s name=scimipa \
-s providerId=scim \
-s providerType=org.keycloak.storage.UserStorageProvider \
-s 'config.scimurl=["10.0.198.183:8000"]' \
-s 'config.loginusername=["djangoadmin"]' \
-s 'config.loginpassword=["redhat"]' \
-s 'config.domain=["http://server.ipa.test"]' \
-s 'config.domainname=["ipa.test"]' \
-s 'config.domaindesc=["Bridge_to_ipa"]' \
-s 'config.domainurl=["https://server.ipa.test"]' \
-s 'config.domainclientid=["admin"]' \
-s 'config.domainclientsecret=["Secret123"]' \
-s 'config.idprovider=["ipa"]' \
-s 'config.cacert=["/etc/ipa/ca.crt"]' \
-s 'config.extraattrs=["mail:mail, sn:sn, givenname:givenname"]' \
-s 'config.users_dn=["ou=people,dc=ipa,dc=test"]' \
-s 'config.addintgdomain=["True"]' \
-s 'config.delintgdomain=["True"]'
The plugin sends the outgoing POST to the domains endpoint:
2023-07-24 12:14:56,968 DEBUG [org.apache.http.wire] (executor-thread-3) http-outgoing-1 >> "{"integration_domain_url":"https://server.ipa.test","name":"ipa.test","description":"Bridge_to_ipa","client_id":"admin","client_secret":"Secret12
3","id_provider":"ipa","user_extra_attrs":"mail:mail, sn:sn, givenname:givenname","ldap_tls_cacert":"/etc/ipa/ca.crt","users_dn":"ou=people,dc=ipa,dc=test"}"
Successful response from ipa-tuura
2023-07-24 12:15:14,261 INFO [keycloak.scim_user_spi.Scim] (executor-thread-3) Result is {"id":2,"name":"ipa.test","description":"Bridge_to_ipa","integration_domain_url":"https://server.ipa.test","client_id":"admin","client_secret":"Secret123","id_provider":"ipa","user_extra_attrs":"mail:mail, sn:sn, givenname:givenname","user_object_classes":"","users_dn":"ou=people,dc=ipa,dc=test","ldap_tls_cacert":"/etc/ipa/ca.crt"}
2023-07-24 12:15:14,262 INFO [keycloak.scim_user_spi.SCIMUserStorageProviderFactory] (executor-thread-3) Add intgDomains Result is true
from ipa-tuura.
@justin-stephenson Is this one fixed by #61 ?
from ipa-tuura.
@spoore1 Yes that should fix this.
from ipa-tuura.
Related Issues (20)
- Iipa-tuura package creation (github) HOT 5
- ISSUE: IPA domain needs ldap_user_extra_attrs in sssd.conf HOT 1
- ISSUE: django-rest-swagger is unmaintained and should be replaced HOT 1
- RFE: split users_dn so that user can use different OUs for READ and WRITE
- ISSUE: naming of the django apps is confusing HOT 1
- RFE: implement Integration Domain UnitTests with Mock
- failure adding user in ldap when domain requires custom user_object_classes HOT 7
- realm join failing to AD domain HOT 3
- AD users missing attributes
- New AD users not seen in Keycloak HOT 9
- unit tests: false failures related to changes to sssd.conf HOT 3
- Enable CSRF protection for the creds app HOT 4
- Interoperability issues between Domains and SCIM apps
- Applying image updates to a running container make the service to stop working HOT 1
- Adding IPA integration domain is broken HOT 1
- Excessive amount of layers in container
- Allow to configure encryption types during AD domain addition
- Dependency Dashboard
- keycloak errors on first get for ldap user HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipa-tuura.