[keycloak-user] Unable to query currently set bindCredentials for LDAP
Dockendorf, Trey
tdockendorf at osc.edu
Thu Dec 13 11:44:39 EST 2018
I am using Puppet to automate the configuration of my Keycloak server and one thing I automate is the addition of LDAP authentication backends. I have discovered that bindCredential comes back as "**********" [1] which prevents Puppet from knowing if the value is set correctly. Is there a way to have Keycloak return the actual value that’s stored in the database? I have found where in the database this is stored but I’d rather not have to resort to direct database queries with Puppet as that would severely limit the database backends I can support.
If there is no way to expose actual bindCredential value, is there a way to test that the currently set bind credentials actually work? I have noticed that something like testLDAPConnection has to be provided the bind credentials rather than reading them from the realm’s configured LDAP.
Thanks,
- Trey
[1]
$ /opt/keycloak/bin/kcadm.sh get components/OSC-LDAP-osc -r osc --no-config --server http://localhost:8080/auth --realm master --user admin --password <OMIT> | jq .config.bindCredential
Logging into http://localhost:8080/auth as user admin of realm master
[
"**********"
]
--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center
More information about the keycloak-user
mailing list