Examples with LDAPConfig org.keycloak.storage.ldap.LDAPConfig used on opensource projects

Search in sources :

Example 11 with LDAPConfig

use of org.keycloak.storage.ldap.LDAPConfig in project keycloak by keycloak.

the class FullNameLDAPStorageMapperFactory method getConfigProps.

private static List<ProviderConfigProperty> getConfigProps(ComponentModel parent) {
    boolean readOnly = false;
    if (parent != null) {
        LDAPConfig config = new LDAPConfig(parent.getConfig());
        readOnly = config.getEditMode() != UserStorageProvider.EditMode.WRITABLE;
    }
    return ProviderConfigurationBuilder.create().property().name(FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE).label("LDAP Full Name Attribute").helpText("Name of LDAP attribute, which contains fullName of user. Usually it will be 'cn' ").type(ProviderConfigProperty.STRING_TYPE).defaultValue(LDAPConstants.CN).add().property().name(FullNameLDAPStorageMapper.READ_ONLY).label("Read Only").helpText("For Read-only is data imported from LDAP to Keycloak DB, but it's not saved back to LDAP when user is updated in Keycloak.").type(ProviderConfigProperty.BOOLEAN_TYPE).defaultValue(String.valueOf(readOnly)).add().property().name(FullNameLDAPStorageMapper.WRITE_ONLY).label("Write Only").helpText("For Write-only is data propagated to LDAP when user is created or updated in Keycloak. But this mapper is not used to propagate data from LDAP back into Keycloak. " + "This setting is useful if you configured separate firstName and lastName attribute mappers and you want to use those to read attribute from LDAP into Keycloak").type(ProviderConfigProperty.BOOLEAN_TYPE).defaultValue(String.valueOf(!readOnly)).add().build();
}
Also used : LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)

Example 12 with LDAPConfig

use of org.keycloak.storage.ldap.LDAPConfig in project keycloak by keycloak.

the class LDAPMappersComparatorTest method testCompareWithSAMAccountNameUsername.

@Test
public void testCompareWithSAMAccountNameUsername() {
    MultivaluedHashMap<String, String> cfg = new MultivaluedHashMap<>();
    cfg.add(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, LDAPConstants.SAM_ACCOUNT_NAME);
    LDAPMappersComparator ldapMappersComparator = new LDAPMappersComparator(new LDAPConfig(cfg));
    List<ComponentModel> mappers = getMappers();
    Collections.sort(mappers, ldapMappersComparator.sortAsc());
    assertOrder(mappers, "sAMAccountName", "username-cn", "first name", "full name");
    Collections.sort(mappers, ldapMappersComparator.sortDesc());
    assertOrder(mappers, "full name", "first name", "username-cn", "sAMAccountName");
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) LDAPMappersComparator(org.keycloak.storage.ldap.mappers.LDAPMappersComparator) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) ComponentModel(org.keycloak.component.ComponentModel) Test(org.junit.Test)

Example 13 with LDAPConfig

use of org.keycloak.storage.ldap.LDAPConfig in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method testLDAPUserDeletionImport.

// 
// KEYCLOAK-4533
// 
@Test
public void testLDAPUserDeletionImport() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        // Make sure mary is gone
        LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), ctx.getRealm(), config, "maryjane");
        // Create the user in LDAP and register him
        LDAPObject mary = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "maryjane", "mary", "yram", "mj@testing.redhat.cz", null, "12398");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), mary, "Password1");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        // Delete LDAP User
        LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), ctx.getRealm(), config, "maryjane");
        // Make sure the deletion took place.
        Assert.assertEquals(0, session.users().searchForUserStream(ctx.getRealm(), "mary yram").count());
    });
}
Also used : LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 14 with LDAPConfig

use of org.keycloak.storage.ldap.LDAPConfig in project keycloak by keycloak.

the class LDAPGroupMapperTest method test04_groupReferencingNonExistentMember.

// KEYCLOAK-2682
@Test
public void test04_groupReferencingNonExistentMember() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
        appRealm.updateComponent(mapperModel);
        // Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
        LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        if (config.isActiveDirectory()) {
            return;
        }
        String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // 1 - Add some group to LDAP for testing
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
        // 2 - Add one existing user rob to LDAP group
        LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, jamesLdap);
        // 3 - Add non-existing user to LDAP group
        LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
        nonExistentDn.addFirst(jamesLdap.getRdnAttributeNames().get(0), "nonexistent");
        LDAPObject nonExistentLdapUser = new LDAPObject();
        nonExistentLdapUser.setDn(nonExistentDn);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
        // 4 - Check group members. Just existing user rob should be present
        groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
        List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5).collect(Collectors.toList());
        Assert.assertEquals(1, groupUsers.size());
        UserModel rob = groupUsers.get(0);
        Assert.assertEquals("jameskeycloak", rob.getUsername());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 15 with LDAPConfig

use of org.keycloak.storage.ldap.LDAPConfig in project keycloak by keycloak.

the class LDAPGroupMapperTest method test09_emptyMemberOnDeletionWorks.

@Test
public void test09_emptyMemberOnDeletionWorks() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        // Ignoring this test on ActiveDirectory (same for rhds) as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
        LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
            return;
        }
        // create a group with an existing user alone
        String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        LDAPObject deleteGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "deletegroup", descriptionAttrName, "deletegroup - description");
        LDAPObject maryLdap = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "marykeycloak");
        LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", deleteGroup, maryLdap);
        LDAPObject empty = new LDAPObject();
        empty.setDn(LDAPDn.fromString(LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE));
        LDAPUtils.deleteMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, descriptionAttrName, deleteGroup, empty);
        deleteGroup = LDAPGroupMapperTest.searchObjectInBase(ctx.getLdapProvider(), deleteGroup.getDn().toString(), LDAPConstants.MEMBER);
        Assert.assertNotNull(deleteGroup);
        Assert.assertEquals(1, deleteGroup.getAttributeAsSet(LDAPConstants.MEMBER).size());
        Assert.assertEquals(maryLdap.getDn(), LDAPDn.fromString(deleteGroup.getAttributeAsString(LDAPConstants.MEMBER)));
        // import into keycloak
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
        // check everything is OK
        GroupModel kcDeleteGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/deletegroup");
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcDeleteGroup, 0, 5).collect(Collectors.toList());
        Assert.assertEquals(1, groupMembers.size());
        Assert.assertEquals("marykeycloak", groupMembers.get(0).getUsername());
        Set<GroupModel> maryGroups = mary.getGroupsStream().collect(Collectors.toSet());
        Assert.assertEquals(1, maryGroups.size());
        Assert.assertEquals("deletegroup", maryGroups.iterator().next().getName());
        // delete the group from mary to force schema violation and assingment of the empty value
        mary.leaveGroup(kcDeleteGroup);
        // check now the group has the empty member instead of mary
        deleteGroup = LDAPGroupMapperTest.searchObjectInBase(ctx.getLdapProvider(), deleteGroup.getDn().toString(), LDAPConstants.MEMBER);
        Assert.assertNotNull(deleteGroup);
        Assert.assertEquals(1, deleteGroup.getAttributeAsSet(LDAPConstants.MEMBER).size());
        Assert.assertEquals(LDAPDn.fromString(LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE), LDAPDn.fromString(deleteGroup.getAttributeAsString(LDAPConstants.MEMBER)));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Aggregations

LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)15 Test (org.junit.Test)7 ComponentModel (org.keycloak.component.ComponentModel)6 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)6 GroupModel (org.keycloak.models.GroupModel)4 RealmModel (org.keycloak.models.RealmModel)4 UserModel (org.keycloak.models.UserModel)3 ProviderConfigurationBuilder (org.keycloak.provider.ProviderConfigurationBuilder)3 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)3 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)3 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)3 LinkedList (java.util.LinkedList)2 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)2 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)2 LDAPMappersComparator (org.keycloak.storage.ldap.mappers.LDAPMappersComparator)2 UserRolesRetrieveStrategy (org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy)2 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 List (java.util.List)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial