Skip to content
/ Keycloak-OpenLDAP-ppolicy-mapper Public

A UserStorageMapper for Keycloak that maps the "disabled" value to the pwdAccountLockedTime in OpenLDAP entries

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zner0L/Keycloak-OpenLDAP-ppolicy-mapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

src/main

src/main

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Keycloak OpenLDAP ppolicy mapper

This is a plugin for the authentication provider keycloak. It maps the keycloak user's disabled state to the ppolicy pwdAccountLockedTime attribute. To properly work, the time set as pwdLockoutDuration in the password policy of the affected records should be set in the mapper settings.

Warning: This provider relies on private SPIs which may change at any point without notice. Please test the provider before you update your production deployment.

Features

  • Manually enable/disable users in OpenLDAP from Keycloak
  • Disable users for the lockout duration if the password policy mandates it (e.g. too many dailed attempts)

Deploy from source

  1. To deploy from source, you must first build the plugin. You can use Maven to do so: mvn clean package.
  2. Copy the target (from the target folder) into the deployments folder of your keycloak installation. (Typically: /opt/keycloak/standalone/deployments)

About

A UserStorageMapper for Keycloak that maps the "disabled" value to the pwdAccountLockedTime in OpenLDAP entries

Topics

keycloak openldap ppolicy keycloak-spi

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

Version 1.0.0 Latest
Dec 1, 2021

Languages