Hello,
in the LDAP tree of my user federation, I have so called roles with member attributes:
dn: uid=21579852,ou=roles,o=foo,o=example,c=com
objectClass: organizationalUnit
cn: myrolename
uid: 21579852
member: uid=u1,ou=users,ou=foo,o=example,c=com
member: uid=u2,ou=users,ou=foo,o=example,c=com
member: uid=u3,ou=users,ou=foo,o=example,c=com
I now may easily map LDAP-cn myrolename to roles or groups in Keycloak. Now I want to do some aggregation based on an object which is called spRightObject
, the attribute uid
is the same in both objects:
dn: righttypeid=2001673,uid=21579852,ou=roles,o=foo,o=example,c=com
righttypeid: 2001673
objectClass: top
objectClass: spRightObject
uid: 21579852
rightname: system1
rightname: system2
rightname: system3
I now want to somehow achieve, that only groups or maybe roles with the rightname system1 are able to use a certain client. What would be the best approach here?
Thanks for answers in advance
Mirko