in the LDAP tree of my user federation, I have so called roles with member attributes:
dn: uid=21579852,ou=roles,o=foo,o=example,c=com objectClass: organizationalUnit cn: myrolename uid: 21579852 member: uid=u1,ou=users,ou=foo,o=example,c=com member: uid=u2,ou=users,ou=foo,o=example,c=com member: uid=u3,ou=users,ou=foo,o=example,c=com
I now may easily map LDAP-cn myrolename to roles or groups in Keycloak. Now I want to do some aggregation based on an object which is called
spRightObject, the attribute
uid is the same in both objects:
dn: righttypeid=2001673,uid=21579852,ou=roles,o=foo,o=example,c=com righttypeid: 2001673 objectClass: top objectClass: spRightObject uid: 21579852 rightname: system1 rightname: system2 rightname: system3
I now want to somehow achieve, that only groups or maybe roles with the rightname system1 are able to use a certain client. What would be the best approach here?
Thanks for answers in advance