To sync FreeIPA groups to Keycloak, you can use the LDAP synchronization feature in Keycloak. Here are the general steps to follow:
- Configure LDAP connection in Keycloak:
- Go to the Keycloak Admin Console.
- Navigate to the “Realm Settings” -> “LDAP” tab.
- Configure the LDAP connection settings such as the LDAP URL, bind DN, and credentials for the LDAP server where FreeIPA is running.
- Save the configuration.
- Map FreeIPA group attributes to Keycloak group attributes:
- Go to the “Mappers” tab of the LDAP configuration screen.
- Create a new mapper by clicking the “Create” button.
- Select “Group LDAP Mapper” as the mapper type.
- Map the FreeIPA group attributes (e.g., cn, gidNumber) to Keycloak group attributes (e.g., name, id).
- Save the mapper.
- Configure LDAP synchronization:
- Go to the “Synchronization” tab of the LDAP configuration screen.
- Enable synchronization by selecting the “Enabled” checkbox.
- Choose the synchronization mode (e.g., import or sync).
- Configure the synchronization schedule (e.g., hourly, daily).
- Save the configuration.
After completing these steps, Keycloak should automatically synchronize FreeIPA groups to Keycloak groups according to the synchronization schedule you defined. You can verify that the synchronization is working correctly by checking the Keycloak groups that correspond to your FreeIPA groups.