Search in sources :

Example 6 with UserStorageSyncManager

use of org.keycloak.services.managers.UserStorageSyncManager in project keycloak by keycloak.

the class LDAPSyncTest method test09MembershipUsingDifferentAttributes.

// KEYCLOAK-14696
@Test
public void test09MembershipUsingDifferentAttributes() throws Exception {
    final Map<String, String> previousConf = testingClient.server().fetch(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Remove all users from model
        session.userLocalStorage().getUsersStream(ctx.getRealm(), true).peek(user -> System.out.println("trying to delete user: " + user.getUsername())).collect(Collectors.toList()).forEach(user -> {
            UserCache userCache = session.userCache();
            if (userCache != null) {
                userCache.evict(ctx.getRealm(), user);
            }
            session.userLocalStorage().removeUser(ctx.getRealm(), user);
        });
        Map<String, String> orig = new HashMap<>();
        orig.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.RDN_LDAP_ATTRIBUTE));
        orig.put(LDAPConstants.USERS_DN, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.USERS_DN));
        orig.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.USERNAME_LDAP_ATTRIBUTE));
        // create an OU and this test will work below it, set RDN to CN and username to uid/samaccountname
        LDAPTestUtils.addLdapOU(ctx.getLdapProvider(), "KC14696");
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, "ou=KC14696," + orig.get(LDAPConstants.USERS_DN));
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory() ? LDAPConstants.SAM_ACCOUNT_NAME : LDAPConstants.UID);
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "username");
        mapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory() ? LDAPConstants.SAM_ACCOUNT_NAME : LDAPConstants.UID);
        ctx.getRealm().updateComponent(mapperModel);
        LDAPTestUtils.addUserAttributeMapper(appRealm, LDAPTestUtils.getLdapProviderModel(appRealm), "cnMapper", "firstName", LDAPConstants.CN);
        return orig;
    }, Map.class);
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // create a user8 inside the usersDn
        LDAPObject user8 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8", "User8FN", "User8LN", "user8@email.org", "user8street", "126");
        // create a sample ou inside usersDn
        LDAPTestUtils.addLdapOU(ctx.getLdapProvider(), "sample-org");
        // create a user below the sample org with the same common-name but different username
        String usersDn = ctx.getLdapModel().get(LDAPConstants.USERS_DN);
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, "ou=sample-org," + usersDn);
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8bis", "User8FN", "User8LN", "user8bis@email.org", "user8street", "126");
        // get back to parent usersDn
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, usersDn);
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        // create a group with user8 as a member
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        LDAPObject user8Group = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "user8group", descriptionAttrName, "user8group - description");
        LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", user8Group, user8);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(2, syncResult.getAdded());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        GroupModel user8Group = KeycloakModelUtils.findGroupByPath(appRealm, "/user8group");
        Assert.assertNotNull(user8Group);
        UserModel user8 = session.users().getUserByUsername(appRealm, "user8");
        Assert.assertNotNull(user8);
        UserModel user8Bis = session.users().getUserByUsername(appRealm, "user8bis");
        Assert.assertNotNull(user8Bis);
        Assert.assertTrue("User user8 contains the group", user8.getGroupsStream().collect(Collectors.toSet()).contains(user8Group));
        Assert.assertFalse("User user8bis does not contain the group", user8Bis.getGroupsStream().collect(Collectors.toSet()).contains(user8Group));
        List<String> members = session.users().getGroupMembersStream(appRealm, user8Group).map(u -> u.getUsername()).collect(Collectors.toList());
        Assert.assertEquals("Group contains only user8", members, Collections.singletonList("user8"));
    });
    // revert changes
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        session.users().removeImportedUsers(appRealm, ldapModelId);
        LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), appRealm, ctx.getLdapProvider().getLdapIdentityStore().getConfig(), "user8");
        LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), appRealm, ctx.getLdapProvider().getLdapIdentityStore().getConfig(), "user8bis");
        LDAPObject ou = new LDAPObject();
        ou.setDn(LDAPDn.fromString("ou=sample-org,ou=KC14696," + previousConf.get(LDAPConstants.USERS_DN)));
        ctx.getLdapProvider().getLdapIdentityStore().remove(ou);
        ou.setDn(LDAPDn.fromString("ou=KC14696," + previousConf.get(LDAPConstants.USERS_DN)));
        ctx.getLdapProvider().getLdapIdentityStore().remove(ou);
        for (Map.Entry<String, String> e : previousConf.entrySet()) {
            if (e.getValue() == null) {
                ctx.getLdapModel().getConfig().remove(e.getKey());
            } else {
                ctx.getLdapModel().getConfig().putSingle(e.getKey(), e.getValue());
            }
        }
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        ComponentModel cnMapper = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "cnMapper");
        ctx.getRealm().removeComponent(cnMapper);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "username");
        mapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute());
        ctx.getRealm().updateComponent(mapperModel);
    });
}
Also used : MethodSorters(org.junit.runners.MethodSorters) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) HashMap(java.util.HashMap) SynchronizationResultRepresentation(org.keycloak.representations.idm.SynchronizationResultRepresentation) LDAPConstants(org.keycloak.models.LDAPConstants) ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) UserModel(org.keycloak.models.UserModel) LDAPRule(org.keycloak.testsuite.util.LDAPRule) Map(java.util.Map) ComponentModel(org.keycloak.component.ComponentModel) GroupModel(org.keycloak.models.GroupModel) BadRequestException(javax.ws.rs.BadRequestException) ClassRule(org.junit.ClassRule) LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) WaitUtils(org.keycloak.testsuite.util.WaitUtils) RealmModel(org.keycloak.models.RealmModel) LDAPTestUtils(org.keycloak.testsuite.util.LDAPTestUtils) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) LDAPStorageProviderFactory(org.keycloak.storage.ldap.LDAPStorageProviderFactory) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) Collectors(java.util.stream.Collectors) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserProvider(org.keycloak.models.UserProvider) List(java.util.List) UserCache(org.keycloak.models.cache.UserCache) UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper) LDAPUtils(org.keycloak.storage.ldap.LDAPUtils) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Assert(org.junit.Assert) FixMethodOrder(org.junit.FixMethodOrder) Collections(java.util.Collections) GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) HashMap(java.util.HashMap) GroupModel(org.keycloak.models.GroupModel) UserCache(org.keycloak.models.cache.UserCache) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Example 7 with UserStorageSyncManager

use of org.keycloak.services.managers.UserStorageSyncManager in project keycloak by keycloak.

the class LDAPSyncTest method test01LDAPSync.

// @Test
// public void test01runit() throws Exception {
// Thread.sleep(10000000);
// }
@Test
public void test01LDAPSync() {
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    // Sync 5 users from LDAP
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 5, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        // Assert users imported
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user3", "User3FN", "User3LN", "user3@email.org", "123");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user4", "User4FN", "User4LN", "user4@email.org", "124");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        // Assert lastSync time updated
        Assert.assertTrue(ctx.getLdapModel().getLastSync() > 0);
        testRealm.getUserStorageProvidersStream().forEachOrdered(persistentFedModel -> {
            if (LDAPStorageProviderFactory.PROVIDER_NAME.equals(persistentFedModel.getProviderId())) {
                Assert.assertTrue(persistentFedModel.getLastSync() > 0);
            } else {
                // Dummy provider has still 0
                Assert.assertEquals(0, persistentFedModel.getLastSync());
            }
        });
    });
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Add user to LDAP and update 'user5' in LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), testRealm, "user6", "User6FN", "User6LN", "user6@email.org", null, "126");
        LDAPObject ldapUser5 = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "user5");
        // NOTE: Changing LDAP attributes directly here
        ldapUser5.setSingleAttribute(LDAPConstants.EMAIL, "user5Updated@email.org");
        ldapUser5.setSingleAttribute(LDAPConstants.POSTAL_CODE, "521");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser5);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "user6"));
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 1, 1, 0, 0);
    });
    testingClient.server().run(session -> {
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5updated@email.org", "521");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", "126");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 8 with UserStorageSyncManager

use of org.keycloak.services.managers.UserStorageSyncManager in project keycloak by keycloak.

the class LDAPSyncTest method test04SameUUIDAndUsernameSync.

// KEYCLOAK-1571
@Test
public void test04SameUUIDAndUsernameSync() {
    String origUuidAttrName = testingClient.server().fetch(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Remove all users from model
        session.userLocalStorage().getUsersStream(ctx.getRealm(), true).collect(Collectors.toList()).forEach(user -> session.userLocalStorage().removeUser(ctx.getRealm(), user));
        // Change name of UUID attribute to same like usernameAttribute
        String uidAttrName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
        String origUuidAttrNamee = ctx.getLdapModel().get(LDAPConstants.UUID_LDAP_ATTRIBUTE);
        ctx.getLdapModel().put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uidAttrName);
        // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed
        ctx.getLdapModel().put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10");
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        return origUuidAttrNamee;
    }, String.class);
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Assert users imported with correct LDAP_ID
        LDAPTestAsserts.assertUserImported(session.users(), ctx.getRealm(), "user1", "User1FN", "User1LN", "user1@email.org", "121");
        LDAPTestAsserts.assertUserImported(session.users(), ctx.getRealm(), "user2", "User2FN", "User2LN", "user2@email.org", "122");
        UserModel user1 = session.users().getUserByUsername(ctx.getRealm(), "user1");
        Assert.assertEquals("user1", user1.getFirstAttribute(LDAPConstants.LDAP_ID));
    });
    // Revert config changes
    ComponentRepresentation ldapRep = testRealm().components().component(ldapModelId).toRepresentation();
    ldapRep.getConfig().putSingle(LDAPConstants.UUID_LDAP_ATTRIBUTE, origUuidAttrName);
    testRealm().components().component(ldapModelId).update(ldapRep);
}
Also used : UserModel(org.keycloak.models.UserModel) ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 9 with UserStorageSyncManager

use of org.keycloak.services.managers.UserStorageSyncManager in project keycloak by keycloak.

the class LDAPSyncTest method test02duplicateUsernameAndEmailSync.

@Test
public void test02duplicateUsernameAndEmailSync() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        LDAPTestUtils.addLocalUser(session, ctx.getRealm(), "user7", "user7@email.org", "password");
        // Add user to LDAP with duplicated username "user7"
        LDAPObject duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7", "User7FN", "User7LN", "user7-something@email.org", null, "126");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Assert syncing from LDAP fails due to duplicated username
        SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(1, result.getFailed());
        // Remove "user7" from LDAP
        LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7");
        ctx.getLdapProvider().getLdapIdentityStore().remove(duplicatedLdapUser);
        // Add user to LDAP with duplicated email "user7@email.org"
        duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7-something", "User7FNN", "User7LNL", "user7@email.org", null, "126");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Assert syncing from LDAP fails due to duplicated email
        SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(1, result.getFailed());
        Assert.assertNull(session.userLocalStorage().getUserByUsername(ctx.getRealm(), "user7-something"));
        // Update LDAP user to avoid duplicated email
        LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7-something");
        duplicatedLdapUser.setSingleAttribute(LDAPConstants.EMAIL, "user7-changed@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(duplicatedLdapUser);
        // Assert user successfully synced now
        result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(0, result.getFailed());
    });
    // Assert user was imported. Use another transaction for that
    testingClient.server().run(session -> {
        RealmModel testRealm = session.realms().getRealm("test");
        LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 10 with UserStorageSyncManager

use of org.keycloak.services.managers.UserStorageSyncManager in project keycloak by keycloak.

the class LDAPSyncTest method test03LDAPSyncWhenUsernameChanged.

@Test
public void test03LDAPSyncWhenUsernameChanged() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        // Add user to LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "beckybecks", "Becky", "Becks", "becky-becks@email.org", null, "123");
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Update user 'beckybecks' in LDAP
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckybecks");
        // NOTE: Changing LDAP Username directly here
        String userNameLdapAttributeName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
        ldapUser.setSingleAttribute(userNameLdapAttributeName, "beckyupdated");
        ldapUser.setSingleAttribute(LDAPConstants.EMAIL, "becky-updated@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "beckybecks", "Becky", "Becks", "becky-becks@email.org", "123");
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(session.users(), testRealm, "beckyupdated", "Becky", "Becks", "becky-updated@email.org", "123");
        UserModel updatedLocalUser = userProvider.getUserByUsername(testRealm, "beckyupdated");
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckyupdated");
        // Assert old user 'beckybecks' does not exists locally
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "beckybecks"));
        // Assert UUID didn't change
        Assert.assertEquals(updatedLocalUser.getAttributeStream(LDAPConstants.LDAP_ID).findFirst().get(), ldapUser.getUuid());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Aggregations

UserStorageSyncManager (org.keycloak.services.managers.UserStorageSyncManager)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)12 Test (org.junit.Test)11 RealmModel (org.keycloak.models.RealmModel)10 ComponentModel (org.keycloak.component.ComponentModel)8 KeycloakSessionFactory (org.keycloak.models.KeycloakSessionFactory)8 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)7 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)6 HashMap (java.util.HashMap)4 UserModel (org.keycloak.models.UserModel)4 UserProvider (org.keycloak.models.UserProvider)4 BadRequestException (javax.ws.rs.BadRequestException)3 UserCache (org.keycloak.models.cache.UserCache)3 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)3 UserStorageProvider (org.keycloak.storage.UserStorageProvider)3 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)3 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)3 NotFoundException (javax.ws.rs.NotFoundException)2 Matchers (org.hamcrest.Matchers)2 ComponentFactory (org.keycloak.component.ComponentFactory)2