Class UserAttributeMapper

# keycloak.ldap.UserAttributeMapper

Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP.

The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model.

Example Usage

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "test",
    });
    var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new Keycloak.Ldap.UserFederationArgs
    {
        BindCredential = "admin",
        BindDn = "cn=admin,dc=example,dc=org",
        ConnectionUrl = "ldap://openldap",
        RdnLdapAttribute = "cn",
        RealmId = realm.Id,
        UserObjectClasses = 
        {
            "simpleSecurityObject",
            "organizationalRole",
        },
        UsernameLdapAttribute = "cn",
        UsersDn = "dc=example,dc=org",
        UuidLdapAttribute = "entryDN",
    });
    var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper("ldapUserAttributeMapper", new Keycloak.Ldap.UserAttributeMapperArgs
    {
        LdapAttribute = "bar",
        LdapUserFederationId = ldapUserFederation.Id,
        RealmId = realm.Id,
        UserModelAttribute = "foo",
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm that this LDAP mapper will exist in.
  • ldap_user_federation_id - (Required) The ID of the LDAP user federation provider to attach this mapper to.
  • name - (Required) Display name of this mapper when displayed in the console.
  • user_model_attribute - (Required) Name of the user property or attribute you want to map the LDAP attribute into.
  • ldap_attribute - (Required) Name of the mapped attribute on the LDAP object.
  • read_only - (Optional) When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to false.
  • always_read_value_from_ldap - (Optional) When true, the value fetched from LDAP will override the value stored in Keycloak. Defaults to false.
  • is_mandatory_in_ldap - (Optional) When true, this attribute must exist in LDAP. Defaults to false.
Inheritance
System.Object
Resource
CustomResource
UserAttributeMapper
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak.Ldap
Assembly: Pulumi.Keycloak.dll
Syntax
public class UserAttributeMapper : CustomResource

Constructors

View Source

UserAttributeMapper(String, UserAttributeMapperArgs, CustomResourceOptions)

Create a UserAttributeMapper resource with the given unique name, arguments, and options.

Declaration
public UserAttributeMapper(string name, UserAttributeMapperArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
UserAttributeMapperArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AlwaysReadValueFromLdap

When true, the value fetched from LDAP will override the value stored in Keycloak.

Declaration
public Output<bool?> AlwaysReadValueFromLdap { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

IsMandatoryInLdap

When true, this attribute must exist in LDAP.

Declaration
public Output<bool?> IsMandatoryInLdap { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

LdapAttribute

Name of the mapped attribute on LDAP object.

Declaration
public Output<string> LdapAttribute { get; }
Property Value
Type Description
Output<System.String>
View Source

LdapUserFederationId

The ldap user federation provider to attach this mapper to.

Declaration
public Output<string> LdapUserFederationId { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

Display name of the mapper when displayed in the console.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

ReadOnly

When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.

Declaration
public Output<bool?> ReadOnly { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

RealmId

The realm in which the ldap user federation provider exists.

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>
View Source

UserModelAttribute

Name of the UserModel property or attribute you want to map the LDAP attribute into.

Declaration
public Output<string> UserModelAttribute { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, UserAttributeMapperState, CustomResourceOptions)

Get an existing UserAttributeMapper resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static UserAttributeMapper Get(string name, Input<string> id, UserAttributeMapperState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
UserAttributeMapperState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
UserAttributeMapper