I have setup user federation with a OpenLDAP (bi-directional sync) that has users that need the "posixAccount" class. When I create a new user on Keycloak it fails due to missing mandatory fields (e.g., uidNumber, gidNumber, etc.) I used a LDAP hardcoded attribute mapper as a workaround (as if it was a default value) but that means that those attributes aren't updatable on Keycloak. If I set a normal LDAP attribute mapper with the mandatory option enabled, the default value of a whitespace does not work.
I have had a quick look through Keycloak code and I think I can implement functionality that would allow the administrative user to add a default value for mandatory attributes in the normal LDAP attribute mapper. But before I invest time into it, I want to know if this would be something the Keycloak project would be interested in?
Also if my strategy of adding a default value field to UserAttributeLDAPStorageMapper.java (customizable by the administrator when creating the attribute mappers) is a sound one. Extra things that I have considered that will require changes are the UI and possibly the API. Anything I'm missing or any caveats I should be aware?
Thanks in advance.
Related issues I could find:
PS: I really don't want to be running my fork of Keycloak hehehe