Search in sources :

Example 26 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LdapManyGroupsInitializerCommand method doRunCommand.

@Override
protected void doRunCommand(KeycloakSession session) {
    String realmName = getArg(0);
    String groupsDn = getArg(1);
    int startOffsetTopGroups = getIntArg(2);
    int topGroupsCount = getIntArg(3);
    int subgroupsInEveryGroup = getIntArg(4);
    RealmModel realm = session.realms().getRealmByName(realmName);
    List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
    if (components.size() != 1) {
        log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
        throw new HandledException();
    }
    ComponentModel ldapModel = components.get(0);
    // Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
    ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
    // Create groups
    for (int i = startOffsetTopGroups; i < startOffsetTopGroups + topGroupsCount; i++) {
        final int iFinal = i;
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
            LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
            RealmModel appRealm = session.realms().getRealmByName(realmName);
            GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
            Set<String> childGroupDns = new HashSet<>();
            for (int j = 0; j < subgroupsInEveryGroup; j++) {
                String groupName = "group-" + iFinal + "-" + j;
                LDAPObject createdGroup = groupMapper.createLDAPGroup(groupName, new HashMap<>());
                childGroupDns.add(createdGroup.getDn().toString());
            }
            String topGroupName = "group-" + iFinal;
            Map<String, Set<String>> groupAttrs = new HashMap<>();
            groupAttrs.put("member", new HashSet<>(childGroupDns));
            groupMapper.createLDAPGroup(topGroupName, groupAttrs);
        });
    }
}
Also used : LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) RealmModel(org.keycloak.models.RealmModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) KeycloakSession(org.keycloak.models.KeycloakSession) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)

Example 27 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LdapManyObjectsInitializerCommand method doRunCommand.

@Override
protected void doRunCommand(KeycloakSession session) {
    String realmName = getArg(0);
    String groupsDn = getArg(1);
    int startOffsetUsers = getIntArg(2);
    int countUsers = getIntArg(3);
    int batchCount = 100;
    int startOffsetGroups = getIntArg(4);
    int countGroups = getIntArg(5);
    RealmModel realm = session.realms().getRealmByName(realmName);
    List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
    if (components.size() != 1) {
        log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
        throw new HandledException();
    }
    ComponentModel ldapModel = components.get(0);
    // Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
    getMapperModel(realm, ldapModel, "streetMapper");
    ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
    // Create users
    Set<String> createdUserDNs = new HashSet<>();
    BatchTaskRunner.runInBatches(startOffsetUsers, countUsers, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
        LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
        RealmModel appRealm = session.realms().getRealmByName(realmName);
        for (int i = firstIt; i < firstIt + countInIt; i++) {
            String username = "user-" + i;
            String firstName = "John-" + i;
            String lastName = "Doe-" + i;
            String email = "user" + i + "@email.cz";
            LDAPObject createdUser = addLDAPUser(ldapProvider, appRealm, username, firstName, lastName, email, groupsDn, startOffsetGroups, countGroups);
            createdUserDNs.add(createdUser.getDn().toString());
        }
        log.infof("Created LDAP users from: %d to %d", firstIt, firstIt + countInIt - 1);
    });
    // Create groups
    BatchTaskRunner.runInBatches(startOffsetGroups, countGroups, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
        LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
        RealmModel appRealm = session.realms().getRealmByName(realmName);
        GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
        for (int i = firstIt; i < firstIt + countInIt; i++) {
            String groupName = "group" + i;
            Map<String, Set<String>> groupAttrs = new HashMap<>();
            groupAttrs.put("member", new HashSet<>(createdUserDNs));
            groupMapper.createLDAPGroup(groupName, groupAttrs);
        }
        log.infof("Created LDAP groups from: %d to %d", firstIt, firstIt + countInIt - 1);
    });
}
Also used : LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) RealmModel(org.keycloak.models.RealmModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) KeycloakSession(org.keycloak.models.KeycloakSession) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) HashSet(java.util.HashSet)

Example 28 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPSyncTest method test08LDAPGroupSyncAfterGroupRename.

@Test
public void test08LDAPGroupSyncAfterGroupRename() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY, descriptionAttrName);
        LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group1", descriptionAttrName, "group1 - description");
        LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
        LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, group1);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        ctx.getRealm().updateComponent(mapperModel);
        // sync groups to Keycloak
        new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        LDAPObject group1Loaded = groupMapper.loadLDAPGroupByName("group1");
        // update group name and description
        group1Loaded.setSingleAttribute(group1Loaded.getRdnAttributeNames().get(0), "group5");
        group1Loaded.setSingleAttribute(descriptionAttrName, "group5 - description");
        LDAPTestUtils.updateLDAPGroup(session, appRealm, ctx.getLdapModel(), group1Loaded);
        // sync to Keycloak should pass without an error
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
        Assert.assertThat(syncResult.getFailed(), Matchers.is(0));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // load previously synced group (a new group has been created in Keycloak)
        GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 29 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPSyncTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    // Don't sync registrations in this test
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
        // Remove all LDAP groups
        LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ctx.getLdapModel(), "groupsMapper");
        ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
        ldapModel.put(LDAPConstants.SYNC_REGISTRATIONS, "false");
        appRealm.updateComponent(ldapModel);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app");
        ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
        LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel);
        // Delete all LDAP users and add 5 new users for testing
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
        LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
        for (int i = 1; i <= 5; i++) {
            LDAPObject ldapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", null, "12" + i);
            LDAPTestUtils.updateLDAPPassword(ldapFedProvider, ldapUser, "Password1");
        }
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 30 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPTestContext method init.

public static LDAPTestContext init(KeycloakSession session) {
    RealmModel testRealm = session.realms().getRealm(AbstractLDAPTest.TEST_REALM_NAME);
    ComponentModel ldapCompModel = LDAPTestUtils.getLdapProviderModel(testRealm);
    UserStorageProviderModel ldapModel = new UserStorageProviderModel(ldapCompModel);
    LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    return new LDAPTestContext(testRealm, ldapModel, ldapProvider);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)

Aggregations

LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)56 RealmModel (org.keycloak.models.RealmModel)46 ComponentModel (org.keycloak.component.ComponentModel)44 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34 Test (org.junit.Test)29 UserModel (org.keycloak.models.UserModel)17 GroupModel (org.keycloak.models.GroupModel)12 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)9 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)8 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)8 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 UserStorageProvider (org.keycloak.storage.UserStorageProvider)6 Path (javax.ws.rs.Path)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)4 HashMap (java.util.HashMap)3 Set (java.util.Set)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3