add connection_pooling params for userfederation Signed-off-by: Wenge Ma <[email protected]>

Author: wenge

docs/resources/ldap_user_federation.md

@@ -70,6 +70,7 @@ resource "keycloak_ldap_user_federation" "ldap_user_federation" {
     - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.
     - `SUBTREE`: Search entire LDAP subtree.
 - `start_tls` - (Optional) When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
+- `connection_pooling` - (Optional) When `true`, LDAP connection pooling is enabled. Defaults to `true`.
 - `use_password_modify_extended_op` - (Optional) When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
 - `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it.
 - `trust_email` - (Optional) If enabled, email provided by this provider is not verified even if verification is enabled for the realm.

keycloak/ldap_user_federation.go

@@ -39,6 +39,7 @@ type LdapUserFederation struct {
 	ConnectionTimeout           string // duration string (ex: 1h30m)
 	ReadTimeout                 string // duration string (ex: 1h30m)
 	Pagination                  bool
+	ConnectionPooling           bool
 
 	ServerPrincipal                      string
 	UseKerberosForPasswordAuthentication bool
@@ -104,6 +105,9 @@ func convertFromLdapUserFederationToComponent(ldap *LdapUserFederation) (*compon
 		"startTls": {
 			strconv.FormatBool(ldap.StartTls),
 		},
+		"connectionPooling": {
+			strconv.FormatBool(ldap.ConnectionPooling),
+		},
 		"usePasswordModifyExtendedOp": {
 			strconv.FormatBool(ldap.UsePasswordModifyExtendedOp),
 		},
@@ -253,6 +257,11 @@ func convertFromComponentToLdapUserFederation(component *component) (*LdapUserFe
 		return nil, err
 	}
 
+	connectionPooling, err := parseBoolAndTreatEmptyStringAsFalse(component.getConfig("connectionPooling"))
+	if err != nil {
+		return nil, err
+	}
+
 	usePasswordModifyExtendedOp, err := parseBoolAndTreatEmptyStringAsFalse(component.getConfig("usePasswordModifyExtendedOp"))
 	if err != nil {
 		return nil, err
@@ -323,6 +332,7 @@ func convertFromComponentToLdapUserFederation(component *component) (*LdapUserFe
 		SearchScope:            component.getConfig("searchScope"),
 
 		StartTls:                    startTls,
+		ConnectionPooling:           connectionPooling,
 		UsePasswordModifyExtendedOp: usePasswordModifyExtendedOp,
 		ValidatePasswordPolicy:      validatePasswordPolicy,
 		TrustEmail:                  trustEmail,

provider/resource_keycloak_ldap_user_federation.go

@@ -147,6 +147,12 @@ func resourceKeycloakLdapUserFederation() *schema.Resource {
 				Default:     false,
 				Description: "When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.",
 			},
+			"connection_pooling": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "When true, Keycloak will use connection pooling when connecting to LDAP.",
+			},
 			"use_password_modify_extended_op": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -341,6 +347,7 @@ func getLdapUserFederationFromData(data *schema.ResourceData, realmInternalId st
 		SearchScope:            data.Get("search_scope").(string),
 
 		StartTls:                    data.Get("start_tls").(bool),
+		ConnectionPooling:           data.Get("connection_pooling").(bool),
 		UsePasswordModifyExtendedOp: data.Get("use_password_modify_extended_op").(bool),
 		ValidatePasswordPolicy:      data.Get("validate_password_policy").(bool),
 		TrustEmail:                  data.Get("trust_email").(bool),
@@ -412,6 +419,7 @@ func setLdapUserFederationData(data *schema.ResourceData, ldap *keycloak.LdapUse
 	data.Set("search_scope", ldap.SearchScope)
 
 	data.Set("start_tls", ldap.StartTls)
+	data.Set("connection_pooling", ldap.ConnectionPooling)
 	data.Set("use_password_modify_extended_op", ldap.UsePasswordModifyExtendedOp)
 	data.Set("validate_password_policy", ldap.ValidatePasswordPolicy)
 	data.Set("trust_email", ldap.TrustEmail)