Search in sources :

Example 1 with Condition

use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.

the class RoleLDAPStorageMapper method loadRoleGroupByName.

public LDAPObject loadRoleGroupByName(String roleName) {
    try (LDAPQuery ldapQuery = createRoleQuery(true)) {
        Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
        ldapQuery.addWhereCondition(roleNameCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 2 with Condition

use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.

the class RoleLDAPStorageMapper method createRoleQuery.

// TODO: Possible to merge with GroupMapper and move to common class
public LDAPQuery createRoleQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String rolesDn = config.getRolesDn();
    ldapQuery.setSearchDn(rolesDn);
    Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(roleObjectClasses);
    String rolesRdnAttr = config.getRoleNameLdapAttribute();
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
    // Performance improvement
    if (includeMemberAttribute) {
        String membershipAttr = config.getMembershipLdapAttribute();
        ldapQuery.addReturningLdapAttribute(membershipAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 3 with Condition

use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.

the class LDAPIdentityStore method createIdentityTypeSearchFilter.

// ************ END CREDENTIALS AND USER SPECIFIC STUFF
protected StringBuilder createIdentityTypeSearchFilter(final LDAPQuery identityQuery) {
    StringBuilder filter = new StringBuilder();
    for (Condition condition : identityQuery.getConditions()) {
        condition.applyCondition(filter);
    }
    filter.insert(0, "(&");
    filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
    filter.append(")");
    if (logger.isTraceEnabled()) {
        logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", filter, identityQuery.getSearchDn());
    }
    return filter;
}
Also used : EqualCondition(org.keycloak.storage.ldap.idm.query.internal.EqualCondition) Condition(org.keycloak.storage.ldap.idm.query.Condition)

Example 4 with Condition

use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.

the class GroupLDAPStorageMapper method createGroupQuery.

// LDAP Group CRUD operations
// !! This function must be always called from try-with-resources block, otherwise vault secret may be leaked !!
public LDAPQuery createGroupQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String groupsDn = config.getGroupsDn();
    ldapQuery.setSearchDn(groupsDn);
    Collection<String> groupObjectClasses = config.getGroupObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(groupObjectClasses);
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(config.getGroupNameLdapAttribute());
    // Performance improvement
    if (includeMemberAttribute) {
        ldapQuery.addReturningLdapAttribute(config.getMembershipLdapAttribute());
    }
    for (String groupAttr : config.getGroupAttributes()) {
        ldapQuery.addReturningLdapAttribute(groupAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 5 with Condition

use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.

the class LDAPStorageProvider method queryByEmail.

protected LDAPObject queryByEmail(RealmModel realm, String email) {
    try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
        LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
        // Mapper should replace "email" in parameter name with correct LDAP mapped attribute
        Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, email, EscapeStrategy.DEFAULT);
        ldapQuery.addWhereCondition(emailCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Aggregations

Condition (org.keycloak.storage.ldap.idm.query.Condition)18 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)12 LDAPQueryConditionsBuilder (org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)12 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)4 EqualCondition (org.keycloak.storage.ldap.idm.query.internal.EqualCondition)4 ArrayList (java.util.ArrayList)2 IOException (java.io.IOException)1 HashSet (java.util.HashSet)1 NoSuchElementException (java.util.NoSuchElementException)1 AuthenticationException (javax.naming.AuthenticationException)1 NamingException (javax.naming.NamingException)1 AttributeInUseException (javax.naming.directory.AttributeInUseException)1 NoSuchAttributeException (javax.naming.directory.NoSuchAttributeException)1 SchemaViolationException (javax.naming.directory.SchemaViolationException)1 SearchResult (javax.naming.directory.SearchResult)1 ComponentModel (org.keycloak.component.ComponentModel)1 ModelException (org.keycloak.models.ModelException)1 UserModel (org.keycloak.models.UserModel)1 CachedUserModel (org.keycloak.models.cache.CachedUserModel)1 EscapeStrategy (org.keycloak.storage.ldap.idm.query.EscapeStrategy)1