-
Notifications
You must be signed in to change notification settings - Fork 20
/
freeipa-realm.json
155 lines (153 loc) · 6.08 KB
/
freeipa-realm.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
{
"id": "freeipa",
"realm": "freeipa",
"enabled": true,
"sslRequired": "none",
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "kerberos", "password" ],
"userFederationProviders" : [
{
"displayName" : "freeipa-ldap",
"providerName" : "ldap",
"priority" : 1,
"config" : {
"usersDn" : "cn=users,cn=accounts,${ldapBaseDn}",
"bindDn" : "uid=admin,cn=users,cn=accounts,${ldapBaseDn}",
"userObjectClasses" : "person",
"baseDn" : "${ldapBaseDn}",
"vendor" : "rhds",
"kerberosRealm" : "${kerberosRealm}",
"syncRegistrations" : "false",
"debug" : "true",
"connectionPooling" : "true",
"serverPrincipal" : "HTTP/${host}@${kerberosRealm}",
"usernameLDAPAttribute" : "uid",
"rdnLDAPAttribute" : "uid",
"uuidLDAPAttribute" : "ipaUniqueID",
"allowKerberosAuthentication" : "true",
"useKerberosForPasswordAuthentication" : "true",
"keyTab" : "/etc/httpd/conf/ipa.keytab",
"bindCredential" : "${password}",
"connectionUrl" : "ldap://${host}:389",
"batchSizeForSync" : "1000",
"editMode" : "WRITABLE",
"pagination" : "true"
}
}
],
"userFederationMappers" : [
{
"name" : "first name",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "firstName",
"read.only" : "false",
"is.mandatory.in.ldap" : "true",
"ldap.attribute" : "givenName",
"always.read.value.from.ldap" : "true"
}
},
{
"name" : "email",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "email",
"read.only" : "false",
"is.mandatory.in.ldap" : "false",
"ldap.attribute" : "mail",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "username",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "username",
"read.only" : "false",
"is.mandatory.in.ldap" : "true",
"ldap.attribute" : "uid",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "fullname - CN",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "full-name-ldap-mapper",
"config" : {
"ldap.full.name.attribute" : "cn",
"read.only" : "false"
}
},
{
"name" : "fullname - gecos",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "full-name-ldap-mapper",
"config" : {
"ldap.full.name.attribute" : "gecos",
"read.only" : "false"
}
},
{
"name" : "fullname - displayName",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "full-name-ldap-mapper",
"config" : {
"ldap.full.name.attribute" : "displayName",
"read.only" : "false"
}
},
{
"name" : "modify date",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "modifyTimestamp",
"read.only" : "true",
"is.mandatory.in.ldap" : "false",
"ldap.attribute" : "modifyTimestamp",
"always.read.value.from.ldap" : "true"
}
},
{
"name" : "last name",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "lastName",
"read.only" : "false",
"is.mandatory.in.ldap" : "true",
"ldap.attribute" : "sn",
"always.read.value.from.ldap" : "true"
}
},
{
"name" : "IPA groups mapper",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "role-ldap-mapper",
"config" : {
"roles.dn" : "cn=groups,cn=accounts,${ldapBaseDn}",
"use.realm.roles.mapping" : "true",
"membership.ldap.attribute" : "member",
"role.object.classes" : "ipaobject,ipausergroup",
"role.name.ldap.attribute" : "cn",
"mode" : "LDAP_ONLY"
}
},
{
"name" : "creation date",
"federationProviderDisplayName" : "freeipa-ldap",
"federationMapperType" : "user-attribute-ldap-mapper",
"config" : {
"user.model.attribute" : "createTimestamp",
"read.only" : "true",
"is.mandatory.in.ldap" : "false",
"ldap.attribute" : "createTimestamp",
"always.read.value.from.ldap" : "true"
}
}
]
}