https://github.com/zner0l/keycloak-openldap-ppolicy-mapper

A UserStorageMapper for Keycloak that maps the "disabled" value to the pwdAccountLockedTime in OpenLDAP entries
https://github.com/zner0l/keycloak-openldap-ppolicy-mapper

keycloak keycloak-spi openldap ppolicy

Last synced: about 1 year ago
JSON representation

A UserStorageMapper for Keycloak that maps the "disabled" value to the pwdAccountLockedTime in OpenLDAP entries

• Host: GitHub
• URL: https://github.com/zner0l/keycloak-openldap-ppolicy-mapper
• Owner: zner0L
• License: mit
• Created: 2021-12-01T01:40:37.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2021-12-01T01:50:51.000Z (over 4 years ago)
• Last Synced: 2025-01-29T09:45:03.625Z (over 1 year ago)
• Topics: keycloak, keycloak-spi, openldap, ppolicy
• Language: Java
• Homepage:
• Size: 9.77 KB
• Stars: 4
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Keycloak OpenLDAP ppolicy mapper

This is a plugin for the authentication provider [keycloak](https://keycloak.org). It maps the keycloak user's disabled state to the ppolicy `pwdAccountLockedTime` attribute. To properly work, the time set as `pwdLockoutDuration` in the password policy of the affected records should be set in the mapper settings.

**Warning:** This provider relies on private SPIs which may change at any point without notice. Please test the provider before you update your production deployment.

## Features

- Manually enable/disable users in OpenLDAP from Keycloak

- Disable users for the lockout duration if the password policy mandates it (e.g. too many dailed attempts)

## Deploy from source

1. To deploy from source, you must first build the plugin. You can use Maven to do so: `mvn clean package`.

2. Copy the target (from the `target` folder) into the `deployments` folder of your keycloak installation. (Typically: `/opt/keycloak/standalone/deployments`)