Client ID of the Mailcow OIDC client inside the realm.
Client secret paired with client_id. Sent back from Mailcow as
"*" once configured.
Optionaldefault_If no matching attribute mapping exists for a user, the default template is used when creating the mailbox (not on update). Mailcow expects the template name as configured under "Mailbox templates".
Optionalignore_Skip TLS certificate validation when contacting the auth source.
Optionalimport_Whether new users discovered during a sync should be imported into Mailcow as mailboxes.
Optionalmailpassword_Validate user passwords via the Keycloak admin REST API instead of relying only on the Authorization Code Flow. Required for IMAP/SMTP to keep working when Keycloak is the source of truth for passwords.
OptionalmappersAttribute values used to match a mailbox template. Each element pairs
positionally with templates -- the n-th mappers entry selects the
n-th templates entry.
Optionalperiodic_Whether Mailcow should periodically pull every user from the auth
source. Defaults to false; combine with sync_interval and
import_users to enable scheduled syncs.
Keycloak realm where the Mailcow client is configured.
Primary redirect URL configured for the Mailcow client in Keycloak.
Optionalredirect_Additional accepted redirect URLs.
Base URL of the Keycloak server (no trailing slash needed).
Optionalsync_Interval, in minutes, between periodic syncs.
OptionaltemplatesMailbox template names. See mappers for how the two arrays are
correlated.
Keycloak version (for example 26.1.3). Mailcow uses this to pick
the right admin API shape internally.
Identity provider attributes for an external Keycloak server.