Skip to content
K8SaaS

LDAP

LDAP configuration

Section titled “LDAP configuration”

This configuration sets up LDAP as a user federation provider in Keycloak. LDAP integration allows user data to be synchronized or accessed directly from an external directory service. The example below configures connection details, user attributes, and synchronization options, following the crossplane references.

apiVersion: ldap.keycloak.crossplane.io/v1alpha1
kind: UserFederation
metadata:
  name: ldap
spec:
  forProvider:
    name: ldap
    connectionUrl: "ldap://your-url"
    startTls: false
    bindDn: "cn=admin,dc=example,dc=local"
    bindCredentialSecretRef:
      key: "password"
      name: "ldap-password"
      namespace: "crossplane-system"
    editMode: "UNSYNCED"
    usersDn: "ou=users,dc=example,dc=local"
    usernameLdapAttribute: "sAMAccountName"
    rdnLdapAttribute: "cn"
    uuidLdapAttribute: "sAMAccountName"
    userObjectClasses: ["person", "organizationalPerson","user"]
    searchScope: "SUBTREE"
    importEnabled: true
    batchSizeForSync: 100
    changedSyncPeriod: 604800
    validatePasswordPolicy: false
    realmRef:
      name: realmname
  providerConfigRef:
    name: keycloak-provider-config