use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPMSADMapperTest method test03UpdatePasswordWithLDAPDirectly.
// KEYCLOAK-19039
@Test
public void test03UpdatePasswordWithLDAPDirectly() {
// Add required action to user johnkeycloak through Keycloak admin API
UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
UserRepresentation johnRep = john.toRepresentation();
johnRep.setRequiredActions(Collections.singletonList(UserModel.RequiredAction.UPDATE_PASSWORD.name()));
john.update(johnRep);
// Check in LDAP, that johnkeycloak has pwdLastSet set to 0 in LDAP
Assert.assertEquals(0, getPwdLastSetOfJohn());
// Update password directly in MSAD
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), ldapJohn, "Password1");
});
// Check in LDAP, that johnkeycloak does not have pwdLastSet set to 0
Assert.assertThat(getPwdLastSetOfJohn(), Matchers.greaterThan(0L));
// Check in admin REST API, that johnkeycloak does not have required action on him
johnRep = john.toRepresentation();
Assert.assertTrue(johnRep.getRequiredActions().isEmpty());
// Logout and login again. There should not be a need to update required action anymore
john.logout();
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPMSADMapperTest method isJohnEnabledInMSAD.
private boolean isJohnEnabledInMSAD() {
String userAccountControls = testingClient.server().fetchString(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String userAccountControl = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
return userAccountControl;
});
if (userAccountControls == null) {
Assert.fail("LDAP user johnkeycloak does not have userAccountControl attribute on him");
}
// Need to remove double quotes TODO: Ideally fix fetchString method and all the tests, which uses it as it is dummy to need to remove quotes in each test individually...
UserAccountControl acControl = new UserAccountControl(Long.parseLong(userAccountControls.replace("\"", "")));
return !acControl.has(UserAccountControl.ACCOUNTDISABLE);
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPUserLoginTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
try {
getTestingClient().server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
// Add some new LDAP users for testing
LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, DEFAULT_TEST_USERS.get("VALID_USER_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_FIRST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_LAST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_EMAIL"), DEFAULT_TEST_USERS.get("VALID_USER_STREET"), DEFAULT_TEST_USERS.get("VALID_USER_POSTAL_CODE"));
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, DEFAULT_TEST_USERS.get("VALID_USER_PASSWORD"));
});
} catch (RunOnServerException ex) {
Assume.assumeFalse("Work around JDK-8214440", ex.getCause() instanceof ModelException && ex.getCause().getCause() instanceof ModelException && ex.getCause().getCause().getCause() instanceof javax.naming.AuthenticationException && Objects.equals(ex.getCause().getCause().getCause().getMessage(), "Could not negotiate TLS"));
}
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LdapUsernameAttributeTest method testUsernameChange.
@Test
public void testUsernameChange() {
// create a user johndow
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().addUser(appRealm, "johndow");
john.setEmail("johndow@email.cz");
john.setFirstName("johndow");
john.setLastName("johndow");
});
// check it is there
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().getUserByUsername(appRealm, "johndow");
Assert.assertNotNull(john);
Assert.assertNotNull(john.getFederationLink());
Assert.assertEquals("johndow", john.getUsername());
Assert.assertEquals("johndow@email.cz", john.getEmail());
Assert.assertEquals("johndow", john.getFirstName());
Assert.assertEquals("johndow", john.getLastName());
LDAPObject johnLdap = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johndow");
Assert.assertNotNull(johnLdap);
LDAPDn.RDN firstRdnEntry = johnLdap.getDn().getFirstRdn();
Assert.assertEquals("johndow", firstRdnEntry.getAttrValue(firstRdnEntry.getAllKeys().get(0)));
});
// rename to johndow2
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().getUserByUsername(appRealm, "johndow");
john.setUsername("johndow2");
john.setEmail("johndow2@email.cz");
john.setFirstName("johndow2");
john.setLastName("johndow2");
});
// check it is johndow2 and remove
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
Assert.assertNull(session.users().getUserByUsername(appRealm, "johndow"));
UserModel john2 = session.users().getUserByUsername(appRealm, "johndow2");
Assert.assertNotNull(john2);
Assert.assertNotNull(john2.getFederationLink());
Assert.assertEquals("johndow2", john2.getUsername());
Assert.assertEquals("johndow2@email.cz", john2.getEmail());
Assert.assertEquals("johndow2", john2.getFirstName());
Assert.assertEquals("johndow2", john2.getLastName());
LDAPObject johnLdap2 = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johndow2");
Assert.assertNotNull(johnLdap2);
LDAPDn.RDN firstRdnEntry = johnLdap2.getDn().getFirstRdn();
Assert.assertEquals("johndow2", firstRdnEntry.getAttrValue(firstRdnEntry.getAllKeys().get(0)));
session.users().removeUser(appRealm, john2);
Assert.assertNull(session.users().getUserByUsername(appRealm, "johndow2"));
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPRoleMappingsNoImportTest method deleteRoleMappingsInLDAP.
private static void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) {
LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName);
roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1);
}
Aggregations