Search in sources :

Example 66 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class GroupLDAPStorageMapper method onImportUserFromLDAP.

@Override
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) {
    LDAPGroupMapperMode mode = config.getMode();
    // For now, import LDAP group mappings just during create
    if (mode == LDAPGroupMapperMode.IMPORT && isCreate) {
        List<LDAPObject> ldapGroups = getLDAPGroupMappings(ldapUser);
        // Import role mappings from LDAP into Keycloak DB
        for (LDAPObject ldapGroup : ldapGroups) {
            GroupModel kcGroup = findKcGroupOrSyncFromLDAP(realm, ldapGroup, user);
            if (kcGroup != null) {
                logger.debugf("User '%s' joins group '%s' during import from LDAP", user.getUsername(), kcGroup.getName());
                user.joinGroup(kcGroup);
            }
        }
    }
}
Also used : LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel)

Example 67 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class GroupLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.

// Sync from Keycloak to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d groups imported to LDAP, %d groups updated to LDAP, %d groups removed from LDAP", getAdded(), getUpdated(), getRemoved());
        }
    };
    if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
        logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
        return syncResult;
    }
    logger.debugf("Syncing groups from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Query existing LDAP groups
    List<LDAPObject> ldapGroups = getAllLDAPGroups(config.isPreserveGroupsInheritance());
    // Convert them to Map<String, LDAPObject>
    Map<String, LDAPObject> ldapGroupsMap = new HashMap<>();
    String groupsRdnAttr = config.getGroupNameLdapAttribute();
    for (LDAPObject ldapGroup : ldapGroups) {
        String groupName = ldapGroup.getAttributeAsString(groupsRdnAttr);
        ldapGroupsMap.put(groupName, ldapGroup);
    }
    // Map to track all LDAP groups also exist in Keycloak
    Set<String> ldapGroupNames = new HashSet<>();
    // Create or update KC groups to LDAP including their attributes
    getKcSubGroups(realm, null).forEach(kcGroup -> processKeycloakGroupSyncToLDAP(kcGroup, ldapGroupsMap, ldapGroupNames, syncResult));
    // If dropNonExisting, then drop all groups, which doesn't exist in KC from LDAP as well
    if (config.isDropNonExistingGroupsDuringSync()) {
        Set<String> copy = new HashSet<>(ldapGroupsMap.keySet());
        for (String groupName : copy) {
            if (!ldapGroupNames.contains(groupName)) {
                LDAPObject ldapGroup = ldapGroupsMap.remove(groupName);
                ldapProvider.getLdapIdentityStore().remove(ldapGroup);
                syncResult.increaseRemoved();
            }
        }
    }
    // Finally process memberships,
    if (config.isPreserveGroupsInheritance()) {
        getKcSubGroups(realm, null).forEach(kcGroup -> processKeycloakGroupMembershipsSyncToLDAP(kcGroup, ldapGroupsMap));
    }
    return syncResult;
}
Also used : HashMap(java.util.HashMap) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) HashSet(java.util.HashSet)

Example 68 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class GroupLDAPStorageMapper method getGroupMembers.

// group-user membership operations
@Override
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) {
    if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
        // only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
        return Collections.emptyList();
    }
    // TODO: with ranged search in AD we can improve the search using the specific range (not done for the moment)
    LDAPObject ldapGroup = loadLDAPGroupByName(kcGroup.getName());
    if (ldapGroup == null) {
        return Collections.emptyList();
    }
    MembershipType membershipType = config.getMembershipTypeLdapAttribute();
    return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used : MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 69 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class GroupLDAPStorageMapper method createLDAPGroup.

public LDAPObject createLDAPGroup(String groupName, Map<String, Set<String>> additionalAttributes) {
    LDAPObject ldapGroup = LDAPUtils.createLDAPGroup(ldapProvider, groupName, config.getGroupNameLdapAttribute(), config.getGroupObjectClasses(ldapProvider), config.getGroupsDn(), additionalAttributes, config.getMembershipLdapAttribute());
    logger.debugf("Creating group [%s] to LDAP with DN [%s]", groupName, ldapGroup.getDn().toString());
    return ldapGroup;
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 70 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class RoleLDAPStorageMapper method addRoleMappingInLDAP.

public void addRoleMappingInLDAP(String roleName, LDAPObject ldapUser) {
    LDAPObject ldapRole = loadLDAPRoleByName(roleName);
    if (ldapRole == null) {
        ldapRole = createLDAPRole(roleName);
    }
    String membershipUserAttrName = getMembershipUserLdapAttribute();
    LDAPUtils.addMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserAttrName, ldapRole, ldapUser);
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6