Example 41 with LDAPStorageProvider
use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.
the class LDAPGroupMapperTest method test04_groupReferencingNonExistentMember.
// KEYCLOAK-2682
@Test
public void test04_groupReferencingNonExistentMember() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
// Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
if (config.isActiveDirectory()) {
return;
}
String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// 1 - Add some group to LDAP for testing
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
// 2 - Add one existing user rob to LDAP group
LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, jamesLdap);
// 3 - Add non-existing user to LDAP group
LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
nonExistentDn.addFirst(jamesLdap.getRdnAttributeNames().get(0), "nonexistent");
LDAPObject nonExistentLdapUser = new LDAPObject();
nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
// 4 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5).collect(Collectors.toList());
Assert.assertEquals(1, groupUsers.size());
UserModel rob = groupUsers.get(0);
Assert.assertEquals("jameskeycloak", rob.getUsername());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
Test(org.junit.Test)
Example 42 with LDAPStorageProvider
use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.
the class LDAPLegacyImportTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel ldapModel = appRealm.getComponentsStream(appRealm.getId(), UserStorageProvider.class.getName()).findFirst().get();
LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app");
// Delete all LDAP users and add some new for testing
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678");
appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserStorageProvider(org.keycloak.storage.UserStorageProvider)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 43 with LDAPStorageProvider
use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.
the class LDAPNoCacheTest method changeEmailAddressInLDAP.
private static void changeEmailAddressInLDAP(KeycloakTestingClient testingClient, String newEmail) {
testingClient.server().run((KeycloakSession session) -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
LDAPStorageProvider ldapProvider = ctx.getLdapProvider();
LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(realm, "johnkeycloak");
ldapUser.setSingleAttribute(LDAPConstants.EMAIL, newEmail);
ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
KeycloakSession(org.keycloak.models.KeycloakSession)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 44 with LDAPStorageProvider
use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.
the class LDAPPasswordModifyExtensionTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Enable Password Modify extension
UserStorageProviderModel model = ctx.getLdapModel();
model.put(LDAPConstants.USE_PASSWORD_MODIFY_EXTENDED_OP, true);
appRealm.updateComponent(model);
ComponentModel randomLDAPPasswordMapper = KeycloakModelUtils.createComponentModel("random initial password", model.getId(), HardcodedLDAPAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_NAME, LDAPConstants.USER_PASSWORD_ATTRIBUTE, HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_VALUE, HardcodedLDAPAttributeMapper.RANDOM_ATTRIBUTE_VALUE);
appRealm.addComponentModel(randomLDAPPasswordMapper);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Delete all LDAP users and add some new for testing
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)
Example 45 with LDAPStorageProvider
use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.
the class LDAPBinaryAttributesTest method test02ReadOnly.
@Test
public void test02ReadOnly() {
String mapperId = addPhotoMapper(testingClient);
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Add user directly to LDAP
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
addLDAPUser(ldapFedProvider, appRealm, "johnphoto", "John", "Photo", "john@photo.org", JPEG_PHOTO_BASE64);
// Set mapper to be read-only
ComponentModel ldapComponentMapper = appRealm.getComponent(mapperId);
ldapComponentMapper.put(UserAttributeLDAPStorageMapper.READ_ONLY, true);
appRealm.updateComponent(ldapComponentMapper);
});
// Assert john found
getUserAndAssertPhoto("johnphoto", true);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
Test(org.junit.Test)
Aggregations
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)56
RealmModel (org.keycloak.models.RealmModel)46
ComponentModel (org.keycloak.component.ComponentModel)44
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34
Test (org.junit.Test)29
UserModel (org.keycloak.models.UserModel)17
GroupModel (org.keycloak.models.GroupModel)12
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)9
UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)8
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)8
LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7
UserStorageProvider (org.keycloak.storage.UserStorageProvider)6
Path (javax.ws.rs.Path)4
KeycloakSession (org.keycloak.models.KeycloakSession)4
LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)4
HashMap (java.util.HashMap)3
Set (java.util.Set)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
