Search in sources :

Example 46 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPSyncTest method test01LDAPSync.

// @Test
// public void test01runit() throws Exception {
// Thread.sleep(10000000);
// }
@Test
public void test01LDAPSync() {
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    // Sync 5 users from LDAP
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 5, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        // Assert users imported
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user3", "User3FN", "User3LN", "user3@email.org", "123");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user4", "User4FN", "User4LN", "user4@email.org", "124");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        // Assert lastSync time updated
        Assert.assertTrue(ctx.getLdapModel().getLastSync() > 0);
        testRealm.getUserStorageProvidersStream().forEachOrdered(persistentFedModel -> {
            if (LDAPStorageProviderFactory.PROVIDER_NAME.equals(persistentFedModel.getProviderId())) {
                Assert.assertTrue(persistentFedModel.getLastSync() > 0);
            } else {
                // Dummy provider has still 0
                Assert.assertEquals(0, persistentFedModel.getLastSync());
            }
        });
    });
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Add user to LDAP and update 'user5' in LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), testRealm, "user6", "User6FN", "User6LN", "user6@email.org", null, "126");
        LDAPObject ldapUser5 = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "user5");
        // NOTE: Changing LDAP attributes directly here
        ldapUser5.setSingleAttribute(LDAPConstants.EMAIL, "user5Updated@email.org");
        ldapUser5.setSingleAttribute(LDAPConstants.POSTAL_CODE, "521");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser5);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "user6"));
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 1, 1, 0, 0);
    });
    testingClient.server().run(session -> {
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5updated@email.org", "521");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", "126");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 47 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPSyncTest method test02duplicateUsernameAndEmailSync.

@Test
public void test02duplicateUsernameAndEmailSync() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        LDAPTestUtils.addLocalUser(session, ctx.getRealm(), "user7", "user7@email.org", "password");
        // Add user to LDAP with duplicated username "user7"
        LDAPObject duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7", "User7FN", "User7LN", "user7-something@email.org", null, "126");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Assert syncing from LDAP fails due to duplicated username
        SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(1, result.getFailed());
        // Remove "user7" from LDAP
        LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7");
        ctx.getLdapProvider().getLdapIdentityStore().remove(duplicatedLdapUser);
        // Add user to LDAP with duplicated email "user7@email.org"
        duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7-something", "User7FNN", "User7LNL", "user7@email.org", null, "126");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Assert syncing from LDAP fails due to duplicated email
        SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(1, result.getFailed());
        Assert.assertNull(session.userLocalStorage().getUserByUsername(ctx.getRealm(), "user7-something"));
        // Update LDAP user to avoid duplicated email
        LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7-something");
        duplicatedLdapUser.setSingleAttribute(LDAPConstants.EMAIL, "user7-changed@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(duplicatedLdapUser);
        // Assert user successfully synced now
        result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel());
        Assert.assertEquals(0, result.getFailed());
    });
    // Assert user was imported. Use another transaction for that
    testingClient.server().run(session -> {
        RealmModel testRealm = session.realms().getRealm("test");
        LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 48 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPSyncTest method test03LDAPSyncWhenUsernameChanged.

@Test
public void test03LDAPSyncWhenUsernameChanged() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        // Add user to LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "beckybecks", "Becky", "Becks", "becky-becks@email.org", null, "123");
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Update user 'beckybecks' in LDAP
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckybecks");
        // NOTE: Changing LDAP Username directly here
        String userNameLdapAttributeName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
        ldapUser.setSingleAttribute(userNameLdapAttributeName, "beckyupdated");
        ldapUser.setSingleAttribute(LDAPConstants.EMAIL, "becky-updated@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "beckybecks", "Becky", "Becks", "becky-becks@email.org", "123");
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(session.users(), testRealm, "beckyupdated", "Becky", "Becks", "becky-updated@email.org", "123");
        UserModel updatedLocalUser = userProvider.getUserByUsername(testRealm, "beckyupdated");
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckyupdated");
        // Assert old user 'beckybecks' does not exists locally
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "beckybecks"));
        // Assert UUID didn't change
        Assert.assertEquals(updatedLocalUser.getAttributeStream(LDAPConstants.LDAP_ID).findFirst().get(), ldapUser.getUuid());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 49 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPNoMSADTest method testMultivaluedRDN.

// KEYCLOAK-12842
@Test
public void testMultivaluedRDN() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel snMapper = null;
        // Create LDAP user with both "uid" and "sn" attribute in RDN. Something like "uid=johnkeycloak3+sn=Doe3,ou=People,dc=domain,dc=com"
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        LDAPObject john2 = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnkeycloak3", "John3", "Doe3", "john3@email.org", null, "4321");
        john2.addRdnAttributeName("sn");
        ldapProvider.getLdapIdentityStore().update(john2);
        // Assert DN was changed
        String rdnAttrName = ldapProvider.getLdapIdentityStore().getConfig().getRdnLdapAttribute();
        Assert.assertEquals(rdnAttrName + "=johnkeycloak3+sn=Doe3", john2.getDn().getFirstRdn().toString());
    });
    // Update some user attributes not mapped to DN. DN won't be changed
    String userId = testRealm().users().search("johnkeycloak3").get(0).getId();
    UserResource user = testRealm().users().get(userId);
    UserRepresentation userRep = user.toRepresentation();
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3");
    userRep.setEmail("newemail@email.cz");
    user.update(userRep);
    userRep = user.toRepresentation();
    Assert.assertEquals("newemail@email.cz", userRep.getEmail());
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3");
    // Update some user attributes mapped to DN. DN will be changed
    userRep.setLastName("Doe3Changed");
    user.update(userRep);
    userRep = user.toRepresentation();
    // ApacheDS bug causes that attribute, which was added to DN, is lowercased. Works for other LDAPs (RHDS, OpenLDAP)
    Assert.assertThat("Doe3Changed", equalToIgnoringCase(userRep.getLastName()));
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3Changed");
    // Remove user
    user.remove();
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 50 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPReadOnlyTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel());
        // Delete all LDAP users and add some new for testing
        LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
        LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, "Password1");
        LDAPObject existing = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678");
        appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        ldapFedProvider.getModel().put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString());
        appRealm.updateComponent(ldapFedProvider.getModel());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6