Search in sources :

Example 31 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPMSADMapperTest method test03UpdatePasswordWithLDAPDirectly.

// KEYCLOAK-19039
@Test
public void test03UpdatePasswordWithLDAPDirectly() {
    // Add required action to user johnkeycloak through Keycloak admin API
    UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
    UserRepresentation johnRep = john.toRepresentation();
    johnRep.setRequiredActions(Collections.singletonList(UserModel.RequiredAction.UPDATE_PASSWORD.name()));
    john.update(johnRep);
    // Check in LDAP, that johnkeycloak has pwdLastSet set to 0 in LDAP
    Assert.assertEquals(0, getPwdLastSetOfJohn());
    // Update password directly in MSAD
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), ldapJohn, "Password1");
    });
    // Check in LDAP, that johnkeycloak does not have pwdLastSet set to 0
    Assert.assertThat(getPwdLastSetOfJohn(), Matchers.greaterThan(0L));
    // Check in admin REST API, that johnkeycloak does not have required action on him
    johnRep = john.toRepresentation();
    Assert.assertTrue(johnRep.getRequiredActions().isEmpty());
    // Logout and login again. There should not be a need to update required action anymore
    john.logout();
    loginPage.open();
    loginPage.login("johnkeycloak", "Password1");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 32 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPMSADMapperTest method isJohnEnabledInMSAD.

private boolean isJohnEnabledInMSAD() {
    String userAccountControls = testingClient.server().fetchString(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
        String userAccountControl = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
        return userAccountControl;
    });
    if (userAccountControls == null) {
        Assert.fail("LDAP user johnkeycloak does not have userAccountControl attribute on him");
    }
    // Need to remove double quotes TODO: Ideally fix fetchString method and all the tests, which uses it as it is dummy to need to remove quotes in each test individually...
    UserAccountControl acControl = new UserAccountControl(Long.parseLong(userAccountControls.replace("\"", "")));
    return !acControl.has(UserAccountControl.ACCOUNTDISABLE);
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserAccountControl(org.keycloak.storage.ldap.mappers.msad.UserAccountControl) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 33 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPUserLoginTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    try {
        getTestingClient().server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
            // Delete all LDAP users
            LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
            // Add some new LDAP users for testing
            LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, DEFAULT_TEST_USERS.get("VALID_USER_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_FIRST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_LAST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_EMAIL"), DEFAULT_TEST_USERS.get("VALID_USER_STREET"), DEFAULT_TEST_USERS.get("VALID_USER_POSTAL_CODE"));
            LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, DEFAULT_TEST_USERS.get("VALID_USER_PASSWORD"));
        });
    } catch (RunOnServerException ex) {
        Assume.assumeFalse("Work around JDK-8214440", ex.getCause() instanceof ModelException && ex.getCause().getCause() instanceof ModelException && ex.getCause().getCause().getCause() instanceof javax.naming.AuthenticationException && Objects.equals(ex.getCause().getCause().getCause().getMessage(), "Could not negotiate TLS"));
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) ModelException(org.keycloak.models.ModelException) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RunOnServerException(org.keycloak.testsuite.runonserver.RunOnServerException)

Example 34 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LdapUsernameAttributeTest method testUsernameChange.

@Test
public void testUsernameChange() {
    // create a user johndow
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel john = session.users().addUser(appRealm, "johndow");
        john.setEmail("johndow@email.cz");
        john.setFirstName("johndow");
        john.setLastName("johndow");
    });
    // check it is there
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel john = session.users().getUserByUsername(appRealm, "johndow");
        Assert.assertNotNull(john);
        Assert.assertNotNull(john.getFederationLink());
        Assert.assertEquals("johndow", john.getUsername());
        Assert.assertEquals("johndow@email.cz", john.getEmail());
        Assert.assertEquals("johndow", john.getFirstName());
        Assert.assertEquals("johndow", john.getLastName());
        LDAPObject johnLdap = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johndow");
        Assert.assertNotNull(johnLdap);
        LDAPDn.RDN firstRdnEntry = johnLdap.getDn().getFirstRdn();
        Assert.assertEquals("johndow", firstRdnEntry.getAttrValue(firstRdnEntry.getAllKeys().get(0)));
    });
    // rename to johndow2
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel john = session.users().getUserByUsername(appRealm, "johndow");
        john.setUsername("johndow2");
        john.setEmail("johndow2@email.cz");
        john.setFirstName("johndow2");
        john.setLastName("johndow2");
    });
    // check it is johndow2 and remove
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        Assert.assertNull(session.users().getUserByUsername(appRealm, "johndow"));
        UserModel john2 = session.users().getUserByUsername(appRealm, "johndow2");
        Assert.assertNotNull(john2);
        Assert.assertNotNull(john2.getFederationLink());
        Assert.assertEquals("johndow2", john2.getUsername());
        Assert.assertEquals("johndow2@email.cz", john2.getEmail());
        Assert.assertEquals("johndow2", john2.getFirstName());
        Assert.assertEquals("johndow2", john2.getLastName());
        LDAPObject johnLdap2 = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johndow2");
        Assert.assertNotNull(johnLdap2);
        LDAPDn.RDN firstRdnEntry = johnLdap2.getDn().getFirstRdn();
        Assert.assertEquals("johndow2", firstRdnEntry.getAttrValue(firstRdnEntry.getAllKeys().get(0)));
        session.users().removeUser(appRealm, john2);
        Assert.assertNull(session.users().getUserByUsername(appRealm, "johndow2"));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) Test(org.junit.Test)

Example 35 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPRoleMappingsNoImportTest method deleteRoleMappingsInLDAP.

private static void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) {
    LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName);
    roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1);
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6