Example 1 with LDAPDn
use of org.keycloak.storage.ldap.idm.model.LDAPDn in project keycloak by keycloak.
the class GroupLDAPStorageMapper method processKeycloakGroupMembershipsSyncToLDAP.
// Update memberships of group in LDAP based on subgroups from KC. Do it recursively
private void processKeycloakGroupMembershipsSyncToLDAP(GroupModel kcGroup, Map<String, LDAPObject> ldapGroupsMap) {
LDAPObject ldapGroup = ldapGroupsMap.get(kcGroup.getName());
Set<LDAPDn> toRemoveSubgroupsDNs = getLDAPSubgroups(ldapGroup);
// Not applicable for groups, but needs to be here
String membershipUserLdapAttrName = getMembershipUserLdapAttribute();
// Add LDAP subgroups, which are KC subgroups
Set<GroupModel> kcSubgroups = kcGroup.getSubGroupsStream().collect(Collectors.toSet());
for (GroupModel kcSubgroup : kcSubgroups) {
LDAPObject ldapSubgroup = ldapGroupsMap.get(kcSubgroup.getName());
if (!toRemoveSubgroupsDNs.remove(ldapSubgroup.getDn())) {
// if the group is not in the ldap group => add it
LDAPUtils.addMember(ldapProvider, MembershipType.DN, config.getMembershipLdapAttribute(), membershipUserLdapAttrName, ldapGroup, ldapSubgroup);
}
}
// Remove LDAP subgroups, which are not members in KC anymore
for (LDAPDn toRemoveDN : toRemoveSubgroupsDNs) {
LDAPObject fakeGroup = new LDAPObject();
fakeGroup.setDn(toRemoveDN);
LDAPUtils.deleteMember(ldapProvider, MembershipType.DN, config.getMembershipLdapAttribute(), membershipUserLdapAttrName, ldapGroup, fakeGroup);
}
for (GroupModel kcSubgroup : kcSubgroups) {
processKeycloakGroupMembershipsSyncToLDAP(kcSubgroup, ldapGroupsMap);
}
}
Also used :
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
Example 2 with LDAPDn
use of org.keycloak.storage.ldap.idm.model.LDAPDn in project keycloak by keycloak.
the class LDAPUtils method createLDAPGroup.
// roles & groups
public static LDAPObject createLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String, Set<String>> additionalAttributes, String membershipLdapAttribute) {
LDAPObject ldapObject = new LDAPObject();
ldapObject.setRdnAttributeName(groupNameAttribute);
ldapObject.setObjectClasses(objectClasses);
ldapObject.setSingleAttribute(groupNameAttribute, groupName);
for (String objectClassValue : objectClasses) {
// require empty member attribute if no members have joined yet
if ((objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_NAMES) || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_ENTRIES) || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_UNIQUE_NAMES)) && additionalAttributes.get(membershipLdapAttribute) == null) {
ldapObject.setSingleAttribute(membershipLdapAttribute, LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE);
}
}
LDAPDn roleDn = LDAPDn.fromString(parentDn);
roleDn.addFirst(groupNameAttribute, groupName);
ldapObject.setDn(roleDn);
for (Map.Entry<String, Set<String>> attrEntry : additionalAttributes.entrySet()) {
ldapObject.setAttribute(attrEntry.getKey(), attrEntry.getValue());
}
ldapProvider.getLdapIdentityStore().add(ldapObject);
return ldapObject;
}Example 3 with LDAPDn
use of org.keycloak.storage.ldap.idm.model.LDAPDn in project keycloak by keycloak.
the class GroupLDAPStorageMapper method convertGroupsToInternalRep.
private void convertGroupsToInternalRep(List<LDAPObject> ldapGroups, Map<String, LDAPObject> ldapGroupsMap, List<GroupTreeResolver.Group> ldapGroupsRep) {
String groupsRdnAttr = config.getGroupNameLdapAttribute();
for (LDAPObject ldapGroup : ldapGroups) {
String groupName = ldapGroup.getAttributeAsString(groupsRdnAttr);
if (config.isPreserveGroupsInheritance()) {
Set<String> subgroupNames = new HashSet<>();
for (LDAPDn groupDn : getLDAPSubgroups(ldapGroup)) {
String subGroupName = groupDn.getFirstRdn().getAttrValue(groupsRdnAttr);
subgroupNames.add(subGroupName);
}
ldapGroupsRep.add(new GroupTreeResolver.Group(groupName, subgroupNames));
}
ldapGroupsMap.put(groupName, ldapGroup);
}
}
Also used :
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
HashSet(java.util.HashSet)
Example 4 with LDAPDn
use of org.keycloak.storage.ldap.idm.model.LDAPDn in project keycloak by keycloak.
the class LdapManyObjectsInitializerCommand method addLDAPUser.
private static LDAPObject addLDAPUser(LDAPStorageProvider ldapProvider, RealmModel realm, final String username, final String firstName, final String lastName, final String email, String groupsDN, int startOffsetGroups, int countGroups) {
UserModel helperUser = new UserModelDelegate(null) {
@Override
public String getUsername() {
return username;
}
@Override
public String getFirstName() {
return firstName;
}
@Override
public String getLastName() {
return lastName;
}
@Override
public String getEmail() {
return email;
}
@Override
public Stream<String> getAttributeStream(String name) {
if (UserModel.FIRST_NAME.equals(name)) {
return Stream.of(firstName);
} else if (UserModel.LAST_NAME.equals(name)) {
return Stream.of(lastName);
} else if (UserModel.EMAIL.equals(name)) {
return Stream.of(email);
} else if (UserModel.USERNAME.equals(name)) {
return Stream.of(username);
} else if ("street".equals(name)) {
Stream.Builder<String> builder = Stream.builder();
for (int i = startOffsetGroups; i < startOffsetGroups + countGroups; i++) {
String groupName = "group" + i;
LDAPDn groupDn = LDAPDn.fromString(groupsDN);
groupDn.addFirst("cn", groupName);
builder.add(groupDn.toString());
}
return builder.build();
} else {
return Stream.empty();
}
}
};
return LDAPUtils.addUserToLDAP(ldapProvider, realm, helperUser);
}
Also used :
UserModel(org.keycloak.models.UserModel)
UserModelDelegate(org.keycloak.models.utils.UserModelDelegate)
Stream(java.util.stream.Stream)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
Example 5 with LDAPDn
use of org.keycloak.storage.ldap.idm.model.LDAPDn in project keycloak by keycloak.
the class LDAPUtils method computeAndSetDn.
// ldapUser has filled attributes, but doesn't have filled dn.
public static void computeAndSetDn(LDAPConfig config, LDAPObject ldapUser) {
String rdnLdapAttrName = config.getRdnLdapAttribute();
String rdnLdapAttrValue = ldapUser.getAttributeAsString(rdnLdapAttrName);
if (rdnLdapAttrValue == null) {
throw new ModelException("RDN Attribute [" + rdnLdapAttrName + "] is not filled. Filled attributes: " + ldapUser.getAttributes());
}
LDAPDn dn = LDAPDn.fromString(config.getUsersDn());
dn.addFirst(rdnLdapAttrName, rdnLdapAttrValue);
ldapUser.setDn(dn);
}
Also used :
ModelException(org.keycloak.models.ModelException)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
Aggregations
LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)6
HashSet (java.util.HashSet)2
GroupModel (org.keycloak.models.GroupModel)2
ModelException (org.keycloak.models.ModelException)2
UserModel (org.keycloak.models.UserModel)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
LinkedHashSet (java.util.LinkedHashSet)1
Map (java.util.Map)1
NoSuchElementException (java.util.NoSuchElementException)1
Set (java.util.Set)1
TreeSet (java.util.TreeSet)1
Matcher (java.util.regex.Matcher)1
Stream (java.util.stream.Stream)1
AuthenticationException (javax.naming.AuthenticationException)1
NamingException (javax.naming.NamingException)1
Attribute (javax.naming.directory.Attribute)1
AttributeInUseException (javax.naming.directory.AttributeInUseException)1
