use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class GroupLDAPStorageMapper method onImportUserFromLDAP.
@Override
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) {
LDAPGroupMapperMode mode = config.getMode();
// For now, import LDAP group mappings just during create
if (mode == LDAPGroupMapperMode.IMPORT && isCreate) {
List<LDAPObject> ldapGroups = getLDAPGroupMappings(ldapUser);
// Import role mappings from LDAP into Keycloak DB
for (LDAPObject ldapGroup : ldapGroups) {
GroupModel kcGroup = findKcGroupOrSyncFromLDAP(realm, ldapGroup, user);
if (kcGroup != null) {
logger.debugf("User '%s' joins group '%s' during import from LDAP", user.getUsername(), kcGroup.getName());
user.joinGroup(kcGroup);
}
}
}
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class GroupLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.
// Sync from Keycloak to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
SynchronizationResult syncResult = new SynchronizationResult() {
@Override
public String getStatus() {
return String.format("%d groups imported to LDAP, %d groups updated to LDAP, %d groups removed from LDAP", getAdded(), getUpdated(), getRemoved());
}
};
if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
return syncResult;
}
logger.debugf("Syncing groups from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
// Query existing LDAP groups
List<LDAPObject> ldapGroups = getAllLDAPGroups(config.isPreserveGroupsInheritance());
// Convert them to Map<String, LDAPObject>
Map<String, LDAPObject> ldapGroupsMap = new HashMap<>();
String groupsRdnAttr = config.getGroupNameLdapAttribute();
for (LDAPObject ldapGroup : ldapGroups) {
String groupName = ldapGroup.getAttributeAsString(groupsRdnAttr);
ldapGroupsMap.put(groupName, ldapGroup);
}
// Map to track all LDAP groups also exist in Keycloak
Set<String> ldapGroupNames = new HashSet<>();
// Create or update KC groups to LDAP including their attributes
getKcSubGroups(realm, null).forEach(kcGroup -> processKeycloakGroupSyncToLDAP(kcGroup, ldapGroupsMap, ldapGroupNames, syncResult));
// If dropNonExisting, then drop all groups, which doesn't exist in KC from LDAP as well
if (config.isDropNonExistingGroupsDuringSync()) {
Set<String> copy = new HashSet<>(ldapGroupsMap.keySet());
for (String groupName : copy) {
if (!ldapGroupNames.contains(groupName)) {
LDAPObject ldapGroup = ldapGroupsMap.remove(groupName);
ldapProvider.getLdapIdentityStore().remove(ldapGroup);
syncResult.increaseRemoved();
}
}
}
// Finally process memberships,
if (config.isPreserveGroupsInheritance()) {
getKcSubGroups(realm, null).forEach(kcGroup -> processKeycloakGroupMembershipsSyncToLDAP(kcGroup, ldapGroupsMap));
}
return syncResult;
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class GroupLDAPStorageMapper method getGroupMembers.
// group-user membership operations
@Override
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) {
if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
// only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
return Collections.emptyList();
}
// TODO: with ranged search in AD we can improve the search using the specific range (not done for the moment)
LDAPObject ldapGroup = loadLDAPGroupByName(kcGroup.getName());
if (ldapGroup == null) {
return Collections.emptyList();
}
MembershipType membershipType = config.getMembershipTypeLdapAttribute();
return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class GroupLDAPStorageMapper method createLDAPGroup.
public LDAPObject createLDAPGroup(String groupName, Map<String, Set<String>> additionalAttributes) {
LDAPObject ldapGroup = LDAPUtils.createLDAPGroup(ldapProvider, groupName, config.getGroupNameLdapAttribute(), config.getGroupObjectClasses(ldapProvider), config.getGroupsDn(), additionalAttributes, config.getMembershipLdapAttribute());
logger.debugf("Creating group [%s] to LDAP with DN [%s]", groupName, ldapGroup.getDn().toString());
return ldapGroup;
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class RoleLDAPStorageMapper method addRoleMappingInLDAP.
public void addRoleMappingInLDAP(String roleName, LDAPObject ldapUser) {
LDAPObject ldapRole = loadLDAPRoleByName(roleName);
if (ldapRole == null) {
ldapRole = createLDAPRole(roleName);
}
String membershipUserAttrName = getMembershipUserLdapAttribute();
LDAPUtils.addMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserAttrName, ldapRole, ldapUser);
}
Aggregations