Search in sources :

Example 11 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPTestUtils method removeAllLDAPGroups.

public static void removeAllLDAPGroups(KeycloakSession session, RealmModel appRealm, ComponentModel ldapModel, String mapperName) {
    ComponentModel mapperModel = getSubcomponentByName(appRealm, ldapModel, mapperName);
    LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    LDAPQuery query = null;
    if (GroupLDAPStorageMapperFactory.PROVIDER_ID.equals(mapperModel.getProviderId())) {
        query = getGroupMapper(mapperModel, ldapProvider, appRealm).createGroupQuery(false);
    } else {
        query = getRoleMapper(mapperModel, ldapProvider, appRealm).createRoleQuery(false);
    }
    try (LDAPQuery roleQuery = query) {
        List<LDAPObject> ldapRoles = roleQuery.getResultList();
        for (LDAPObject ldapRole : ldapRoles) {
            ldapProvider.getLdapIdentityStore().remove(ldapRole);
        }
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 12 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPStorageProviderFactory method syncImpl.

protected SynchronizationResult syncImpl(KeycloakSessionFactory sessionFactory, LDAPQuery userQuery, final String realmId, final ComponentModel fedModel) {
    final SynchronizationResult syncResult = new SynchronizationResult();
    LDAPConfig ldapConfig = new LDAPConfig(fedModel.getConfig());
    boolean pagination = ldapConfig.isPagination();
    if (pagination) {
        int pageSize = ldapConfig.getBatchSizeForSync();
        boolean nextPage = true;
        while (nextPage) {
            userQuery.setLimit(pageSize);
            final List<LDAPObject> users = userQuery.getResultList();
            nextPage = userQuery.getPaginationContext().hasNextPage();
            SynchronizationResult currentPageSync = importLdapUsers(sessionFactory, realmId, fedModel, users);
            syncResult.add(currentPageSync);
        }
    } else {
        // LDAP pagination not available. Do everything in single transaction
        final List<LDAPObject> users = userQuery.getResultList();
        SynchronizationResult currentSync = importLdapUsers(sessionFactory, realmId, fedModel, users);
        syncResult.add(currentSync);
    }
    return syncResult;
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)

Example 13 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPUtils method createLDAPGroup.

// roles & groups
public static LDAPObject createLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String, Set<String>> additionalAttributes, String membershipLdapAttribute) {
    LDAPObject ldapObject = new LDAPObject();
    ldapObject.setRdnAttributeName(groupNameAttribute);
    ldapObject.setObjectClasses(objectClasses);
    ldapObject.setSingleAttribute(groupNameAttribute, groupName);
    for (String objectClassValue : objectClasses) {
        // require empty member attribute if no members have joined yet
        if ((objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_NAMES) || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_ENTRIES) || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_UNIQUE_NAMES)) && additionalAttributes.get(membershipLdapAttribute) == null) {
            ldapObject.setSingleAttribute(membershipLdapAttribute, LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE);
        }
    }
    LDAPDn roleDn = LDAPDn.fromString(parentDn);
    roleDn.addFirst(groupNameAttribute, groupName);
    ldapObject.setDn(roleDn);
    for (Map.Entry<String, Set<String>> attrEntry : additionalAttributes.entrySet()) {
        ldapObject.setAttribute(attrEntry.getKey(), attrEntry.getValue());
    }
    ldapProvider.getLdapIdentityStore().add(ldapObject);
    return ldapObject;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) HashMap(java.util.HashMap) Map(java.util.Map)

Example 14 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPUtils method fillRangedAttribute.

/**
 * Performs iterative searches over an LDAPObject to return an attribute that is ranged.
 * @param ldapProvider The provider to use
 * @param ldapObject The current object with the ranged attribute not complete
 * @param name The attribute name
 */
public static void fillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name) {
    LDAPObject newObject = ldapObject;
    while (!newObject.isRangeComplete(name)) {
        try (LDAPQuery q = createLdapQueryForRangeAttribute(ldapProvider, ldapObject, name)) {
            newObject = q.getFirstResult();
            ldapObject.populateRangedAttribute(newObject, name);
        }
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 15 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPQuery method getResultList.

public List<LDAPObject> getResultList() {
    // Apply mappers now
    LDAPMappersComparator ldapMappersComparator = new LDAPMappersComparator(ldapFedProvider.getLdapIdentityStore().getConfig());
    Collections.sort(mappers, ldapMappersComparator.sortAsc());
    for (ComponentModel mapperModel : mappers) {
        LDAPStorageMapper fedMapper = ldapFedProvider.getMapperManager().getMapper(mapperModel);
        fedMapper.beforeLDAPQuery(this);
    }
    List<LDAPObject> result = new ArrayList<LDAPObject>();
    try {
        for (LDAPObject ldapObject : ldapFedProvider.getLdapIdentityStore().fetchQueryResults(this)) {
            result.add(ldapObject);
        }
    } catch (Exception e) {
        throw new ModelException("LDAP Query failed", e);
    }
    return result;
}
Also used : LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) LDAPMappersComparator(org.keycloak.storage.ldap.mappers.LDAPMappersComparator) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) NamingException(javax.naming.NamingException) ModelException(org.keycloak.models.ModelException) ModelDuplicateException(org.keycloak.models.ModelDuplicateException)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6