I am using Puppet to automate the configuration of my Keycloak server and one thing I
automate is the addition of LDAP authentication backends. I have discovered that
bindCredential comes back as "**********" [1] which prevents Puppet from knowing
if the value is set correctly. Is there a way to have Keycloak return the actual value
that’s stored in the database? I have found where in the database this is stored but I’d
rather not have to resort to direct database queries with Puppet as that would severely
limit the database backends I can support.
If there is no way to expose actual bindCredential value, is there a way to test that the
currently set bind credentials actually work? I have noticed that something like
testLDAPConnection has to be provided the bind credentials rather than reading them from
the realm’s configured LDAP.
Thanks,
- Trey
[1]
$ /opt/keycloak/bin/kcadm.sh get components/OSC-LDAP-osc -r osc --no-config --server
http://localhost:8080/auth --realm master --user admin --password <OMIT> | jq
.config.bindCredential
Logging into
http://localhost:8080/auth as user admin of realm master
[
"**********"
]
--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center