Patch User Federation
DescriptionPartially Update the requested user federation configuration. This request doesn’t requires full object for update, individual object params can be updated.
Request
URLURL
Path Parameters
Path Parameters
User provider federation configuration id.
Request Body
{
"bind_dn": "ou=users",
"bind_type": "simple",
"connection_url": "http://<ip:port>",
"edit_mode": "READ_ONLY",
"enabled": true,
"import_enabled": true,
"name": "my-ldap-config",
"priority": 1,
"rdn_ldap_attribute": "uid",
"sync_registration": false,
"user_object_classes": "inetOrgPerson, organizationalPerson",
"username_ldap_attribute": "cn",
"users_dn": "ou=users,dc=tco,dc=com",
"uuid_ldap_attribute": "uid",
"vendor": "AD"
}
The request body contains advanced parameter to configure user preference.
Password of LDAP admin.
DN of ldap admin which will be used by Keycloak to access LDAP server.
Type of Authentication method used during LDAP bind operation.Supported values are ‘simple’ and ’none’. Default is ‘simple’
Connection url to your ldap server.
There are 3 possible values, READ_ONLY,WRITABLE and UNSYNCED. READ_ONLY is read-only ldap store. WRITABLE means data will be synced back to the LDAP on demand and UNSYNCED means user data will be imported but not synced back to LDAP. DEFAULT is “READ_ONLY”.
If provider is disabled, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again. The values could be “true” or “false”. The default is “true”
If true, users will imported into keycloak DB and configured by the sync policies. The values could be “true” or “false”. The default is “true”
The request body contains parameter to map between Keycloak and Ldap.
Name of the user-federation configuration
Priority of provider when doing a user lookup. Lower first.
The name of attribute which is used as RDN(top attribute) of typical user DN. Usually its same as LDAP Username attribute, however its not required. For example for Active directory its common to use ‘cn’ as RDN attribute when username attribute might be ‘sAMAccountName’.
Should newly created user will be created with LDAP store. Priority effect which provider is chosen to sync new user. The setting is applied only for WRITABLE edit mode.
All values of LDAP Object class attribute for users in LDAP divided by comma.
Name of LDAP attribute which is mapped as keycloak user name. For many LDAP server vendor it can be uid. For active directory it can be sAMAccountName" or cn. The attribute should be filed for all user records you want to import from LDAP to keycloak.
Full DN of LDAP tree where your users are.
Name of the LDAP attribute which is used as unique object identifier for objects in LDAP.
LDAP vendor (provider). For Active Directory use ‘AD’ and for ‘Redhat directory server’ use ‘rhds’.
Authentication
Errors
Errors
Invalid Request sent by the user
User authentication failed
Access to the requested resource/operation is forbidden
Cannot find requested resource
Internal server error
