Containerized Keycloak development environment, using Docker, with:
To spin up the Docker containers for all services mentioned above, run:
docker-compose -p keycloak-dev up -dYou can also use
DC='mycompany',DC=comas the Base DN, but beware that it will make overall usage of LDAP Admin and AD syncs a lot slower.
| Parameter | Value |
|---|---|
| Port (LDAP) | 389 |
| Base | CN=Users,DC=mycompany,DC=com |
| Username | Administrator |
| Password | Pa$$w0rd |
By default, Samba requires a secure connection in order to allow simple (i.e. authenticated) binds. This means that for a system to be able to perform LDAP queries, LDAPS must be enabled.
To avoid the hassle of re-generating a self-signed certificate with the correct alt name entry and
adding its CA to every container / host that interacts with it, include the following lines to
/var/lib/samba/private/smb.conf and restart the container:
References:
# Global parameters
[global]
dns forwarder = 127.0.0.11
netbios name = MYCOMPANY
realm = MYCOMPANY.COM
server role = active directory domain controller
workgroup = DEV-AD
idmap_ldb:use rfc2307 = yes
+
+ client ldap sasl wrapping = sign
+ ldap server require strong auth = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/mycompany.com/scripts
read only = No
Create a new connection, using the following configurations:
| Parameter | Value |
|---|---|
| URL | http://localhost:8080/ |
| Username | admin |
| Password | admin |
Navigate to User federation >> LDAP and use the following configurations:
For more information regarding LDAP integration in Keycloak, read the following resources:
| Parameter | Value |
|---|---|
| Port | 1521 |
| Service Name | ORCLPDB1 |
| Username | SYS AS SYSDBA / KEYCLOAK |
| Password | root |