Search in sources :

Example 71 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class RoleLDAPStorageMapper method getRoleMembers.

@Override
public List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults) {
    if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
        // only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
        return Collections.emptyList();
    }
    LDAPObject ldapGroup = loadRoleGroupByName(role.getName());
    if (ldapGroup == null) {
        return Collections.emptyList();
    }
    MembershipType membershipType = config.getMembershipTypeLdapAttribute();
    return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used : MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 72 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class RoleLDAPStorageMapper method createLDAPRole.

public LDAPObject createLDAPRole(String roleName) {
    LDAPObject ldapRole = LDAPUtils.createLDAPGroup(ldapProvider, roleName, config.getRoleNameLdapAttribute(), config.getRoleObjectClasses(ldapProvider), config.getRolesDn(), Collections.<String, Set<String>>emptyMap(), config.getMembershipLdapAttribute());
    logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, ldapRole.getDn().toString());
    return ldapRole;
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 73 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class UserAttributeLDAPStorageMapper method onRegisterUserToLDAP.

@Override
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) {
    String userModelAttrName = getUserModelAttribute();
    String ldapAttrName = getLdapAttributeName();
    boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
    String attributeDefaultValue = getAttributeDefaultValue();
    Property<Object> userModelProperty = userModelProperties.get(userModelAttrName.toLowerCase());
    if (userModelProperty != null) {
        // we have java property on UserModel. Assuming we support just properties of simple types
        Object attrValue = userModelProperty.getValue(localUser);
        if (attrValue == null) {
            if (isMandatoryInLdap) {
                ldapUser.setSingleAttribute(ldapAttrName, attributeDefaultValue);
            } else {
                ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
            }
        } else {
            ldapUser.setSingleAttribute(ldapAttrName, attrValue.toString());
        }
    } else {
        // we don't have java property. Let's set attribute
        List<String> attrValues = localUser.getAttributeStream(userModelAttrName).collect(Collectors.toList());
        if (attrValues.isEmpty()) {
            if (isMandatoryInLdap) {
                ldapUser.setSingleAttribute(ldapAttrName, attributeDefaultValue);
            } else {
                ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<>());
            }
        } else {
            ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<>(attrValues));
        }
    }
    if (isReadOnly()) {
        ldapUser.addReadOnlyAttributeName(ldapAttrName);
    }
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 74 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPSyncTest method test05MissingLDAPUsernameSync.

// KEYCLOAK-1728
@Test
public void test05MissingLDAPUsernameSync() {
    String origUsernameAttrName = testingClient.server().fetch(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Remove all users from model
        session.userLocalStorage().getUsersStream(ctx.getRealm(), true).peek(user -> System.out.println("trying to delete user: " + user.getUsername())).collect(Collectors.toList()).forEach(user -> {
            UserCache userCache = session.userCache();
            if (userCache != null) {
                userCache.evict(ctx.getRealm(), user);
            }
            session.userLocalStorage().removeUser(ctx.getRealm(), user);
        });
        // Add street mapper and add some user including street
        ComponentModel streetMapper = LDAPTestUtils.addUserAttributeMapper(ctx.getRealm(), ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET);
        LDAPObject streetUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8", "User8FN", "User8LN", "user8@email.org", "user8street", "126");
        // Change name of username attribute name to street
        String origUsernameAttrNamee = ctx.getLdapModel().get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, "street");
        // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed
        ctx.getLdapModel().put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10");
        ctx.getRealm().updateComponent(ctx.getLdapModel());
        return origUsernameAttrNamee;
    }, String.class);
    // Just user8 synced. All others failed to sync
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(1, syncResult.getAdded());
        Assert.assertTrue(syncResult.getFailed() > 0);
    });
    // Revert config changes
    ComponentRepresentation ldapRep = testRealm().components().component(ldapModelId).toRepresentation();
    if (origUsernameAttrName == null) {
        ldapRep.getConfig().remove(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
    } else {
        ldapRep.getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, origUsernameAttrName);
    }
    testRealm().components().component(ldapModelId).update(ldapRep);
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Revert config changes
        ComponentModel streetMapper = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "streetMapper");
        ctx.getRealm().removeComponent(streetMapper);
    });
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) UserCache(org.keycloak.models.cache.UserCache) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 75 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPSyncTest method test08LDAPGroupSyncAfterGroupRename.

@Test
public void test08LDAPGroupSyncAfterGroupRename() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY, descriptionAttrName);
        LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group1", descriptionAttrName, "group1 - description");
        LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
        LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, group1);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        ctx.getRealm().updateComponent(mapperModel);
        // sync groups to Keycloak
        new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        LDAPObject group1Loaded = groupMapper.loadLDAPGroupByName("group1");
        // update group name and description
        group1Loaded.setSingleAttribute(group1Loaded.getRdnAttributeNames().get(0), "group5");
        group1Loaded.setSingleAttribute(descriptionAttrName, "group5 - description");
        LDAPTestUtils.updateLDAPGroup(session, appRealm, ctx.getLdapModel(), group1Loaded);
        // sync to Keycloak should pass without an error
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
        Assert.assertThat(syncResult.getFailed(), Matchers.is(0));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // load previously synced group (a new group has been created in Keycloak)
        GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6