From a8923242bebdc2464f760f906fddd135a8c13abb Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 26 Dec 2021 19:07:49 +0300
Subject: fix(ops/keycloak): trust email addresses from LDAP

Verified emails are required for some things, like e.g. oauth2_proxy

Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
---
 ops/keycloak/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 95902476bba2..d6c01442ecd3 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -32,6 +32,7 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
   uuid_ldap_attribute     = "cn"
   rdn_ldap_attribute      = "cn"
   full_sync_period        = 86400
+  trust_email             = true
 
   user_object_classes = [
     "inetOrgPerson",
-- 
cgit 1.4.1