...
Create a new secret using the public .crt file for the LDAP server and replace the existing secret keycloak-ldap-cert.yaml file, you should do this in the folder where this yaml file exists
Code Block kubectl create secret generic keycloak-ldap-cert --from-file=<location of your public .crt file> -o yaml --dry-run > keycloak-ldap-cert.yaml
Update the password for the keystore to something that is inline with your policies for keycloak-credentials.yaml
Code Block apiVersion: v1 kind: Secret metadata: name: keycloak-credentials type: Opaque stringData: POSTGRES_USER: keycloak<postgres_user> POSTGRES_PASSWORD: kadamakedatagreatagain<postgres_pass> KEYCLOAK_USER: admin<keycloak_user> KEYCLOAK_PASSWORD: kadamakedatagreatagain<postgres_pass> LDAPS_KEYSTORE_PASSWORD: changeit <---- this password here
Once that’s done you are ready to apply and replace the configurations for these two files
Code Block kubectl apply -f keycloak-credentials.yaml kubectl apply -f keycloak-ldap-cert.yaml
Now delete the keycloak pod so the truststore takes effect when it spins up again
Code Block kubectl delete pod <keycloak pod id>
Check that it comes up and is stable
Code Block kubectl get pods
Once it is stable access the keycloak console and setup the LDAP federation with Keycloak
Code Block https://<your domain>/keycloak/auth
Log into the console using the Keycloak admin credentials that you saw in the above credentials file
Head to user federation
Add a provider LDAP
Then populate the fields accordingly to the below table and then save and synchronise from LDAP. The synchronise option will only appear after you save. Ensure you test your configurations before you save. The screen shot here is only an example as depending on the provider it may differ slightly.
...