Example 16 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupLDAPStorageMapper method addGroupMappingInLDAP.
public void addGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser) {
String groupName = kcGroup.getName();
LDAPObject ldapGroup = loadLDAPGroupByName(groupName);
if (ldapGroup == null) {
// Needs to partially sync Keycloak groups to LDAP
if (config.isPreserveGroupsInheritance()) {
GroupModel groupsPathGroup = getKcGroupsPathGroup(realm);
GroupModel highestGroupToSync = getHighestPredecessorNotExistentInLdap(groupsPathGroup, kcGroup);
logger.debugf("Will sync group '%s' and it's subgroups from DB to LDAP", highestGroupToSync.getName());
Map<String, LDAPObject> syncedLDAPGroups = new HashMap<>();
processKeycloakGroupSyncToLDAP(highestGroupToSync, syncedLDAPGroups, new HashSet<>(), new SynchronizationResult());
processKeycloakGroupMembershipsSyncToLDAP(highestGroupToSync, syncedLDAPGroups);
ldapGroup = loadLDAPGroupByName(groupName);
// Finally update LDAP membership in the parent group
if (highestGroupToSync.getParent() != groupsPathGroup) {
LDAPObject ldapParentGroup = loadLDAPGroupByName(highestGroupToSync.getParent().getName());
LDAPUtils.addMember(ldapProvider, MembershipType.DN, config.getMembershipLdapAttribute(), getMembershipUserLdapAttribute(), ldapParentGroup, ldapGroup);
}
} else {
// No care about group inheritance. Let's just sync current group
logger.debugf("Will sync group '%s' from DB to LDAP", groupName);
processKeycloakGroupSyncToLDAP(kcGroup, new HashMap<>(), new HashSet<>(), new SynchronizationResult());
ldapGroup = loadLDAPGroupByName(groupName);
}
}
String membershipUserLdapAttrName = getMembershipUserLdapAttribute();
LDAPUtils.addMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserLdapAttrName, ldapGroup, ldapUser);
}
Also used :
HashMap(java.util.HashMap)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Example 17 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupLDAPStorageMapper method updateKeycloakGroupTreeEntry.
private void updateKeycloakGroupTreeEntry(RealmModel realm, GroupTreeResolver.GroupTreeEntry groupTreeEntry, Map<String, LDAPObject> ldapGroups, GroupModel kcParent, SynchronizationResult syncResult, Set<String> visitedGroupIds) {
String groupName = groupTreeEntry.getGroupName();
// Check if group already exists
GroupModel kcGroup = getKcSubGroups(realm, kcParent).filter(g -> Objects.equals(g.getName(), groupName)).findFirst().orElse(null);
if (kcGroup != null) {
logger.debugf("Updated Keycloak group '%s' from LDAP", kcGroup.getName());
updateAttributesOfKCGroup(kcGroup, ldapGroups.get(kcGroup.getName()));
syncResult.increaseUpdated();
} else {
kcGroup = createKcGroup(realm, groupTreeEntry.getGroupName(), kcParent);
if (kcGroup.getParent() == null) {
logger.debugf("Imported top-level group '%s' from LDAP", kcGroup.getName());
} else {
logger.debugf("Imported group '%s' from LDAP as child of group '%s'", kcGroup.getName(), kcGroup.getParent().getName());
}
updateAttributesOfKCGroup(kcGroup, ldapGroups.get(kcGroup.getName()));
syncResult.increaseAdded();
}
visitedGroupIds.add(kcGroup.getId());
for (GroupTreeResolver.GroupTreeEntry childEntry : groupTreeEntry.getChildren()) {
updateKeycloakGroupTreeEntry(realm, childEntry, ldapGroups, kcGroup, syncResult, visitedGroupIds);
}
}
Also used :
GroupModel(org.keycloak.models.GroupModel)
Example 18 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupLDAPStorageMapper method getAllKcGroups.
/**
* Provides a stream of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.
*/
protected Stream<GroupModel> getAllKcGroups(RealmModel realm) {
GroupModel topParentGroup = getKcGroupsPathGroup(realm);
Stream<GroupModel> allGroups = realm.getGroupsStream();
if (topParentGroup == null)
return allGroups;
return allGroups.filter(group -> {
// Check if group is descendant of the topParentGroup (which is group configured by "Groups Path")
GroupModel parent = group.getParent();
while (parent != null) {
if (parent.getId().equals(topParentGroup.getId())) {
return true;
}
parent = parent.getParent();
}
return false;
});
}
Also used :
GroupModel(org.keycloak.models.GroupModel)
Example 19 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupLDAPStorageMapper method findKcGroupOrSyncFromLDAP.
protected GroupModel findKcGroupOrSyncFromLDAP(RealmModel realm, LDAPObject ldapGroup, UserModel user) {
GroupModel kcGroup = findKcGroupByLDAPGroup(realm, ldapGroup);
if (kcGroup == null) {
if (config.isPreserveGroupsInheritance()) {
// Better to sync all groups from LDAP with preserved inheritance
if (!syncFromLDAPPerformedInThisTransaction) {
syncDataFromFederationProviderToKeycloak(realm);
kcGroup = findKcGroupByLDAPGroup(realm, ldapGroup);
}
} else {
String groupNameAttr = config.getGroupNameLdapAttribute();
String groupName = ldapGroup.getAttributeAsString(groupNameAttr);
kcGroup = createKcGroup(realm, groupName, null);
updateAttributesOfKCGroup(kcGroup, ldapGroup);
}
// Could theoretically happen on some LDAP servers if 'memberof' style is used and 'memberof' attribute of user references non-existing group
if (kcGroup == null) {
String groupName = ldapGroup.getAttributeAsString(config.getGroupNameLdapAttribute());
logger.warnf("User '%s' is member of group '%s', which doesn't exist in LDAP", user.getUsername(), groupName);
}
}
return kcGroup;
}
Also used :
GroupModel(org.keycloak.models.GroupModel)
Example 20 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class HardcodedLDAPGroupStorageMapperFactory method validateConfiguration.
@Override
public void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel config) throws ComponentValidationException {
String groupName = config.getConfig().getFirst(HardcodedLDAPGroupStorageMapper.GROUP);
if (groupName == null) {
throw new ComponentValidationException("Group can't be null");
}
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupName);
if (group == null) {
throw new ComponentValidationException("There is no group corresponding to configured value");
}
}
Also used :
ComponentValidationException(org.keycloak.component.ComponentValidationException)
GroupModel(org.keycloak.models.GroupModel)
Aggregations
GroupModel (org.keycloak.models.GroupModel)72
RealmModel (org.keycloak.models.RealmModel)40
Test (org.junit.Test)26
ComponentModel (org.keycloak.component.ComponentModel)23
UserModel (org.keycloak.models.UserModel)20
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)18
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)13
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
RoleModel (org.keycloak.models.RoleModel)10
ClientModel (org.keycloak.models.ClientModel)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
List (java.util.List)8
NotFoundException (javax.ws.rs.NotFoundException)7
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)7
HashSet (java.util.HashSet)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Path (javax.ws.rs.Path)6
Policy (org.keycloak.authorization.model.Policy)6
