use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.
the class RoleLDAPStorageMapper method loadRoleGroupByName.
public LDAPObject loadRoleGroupByName(String roleName) {
try (LDAPQuery ldapQuery = createRoleQuery(true)) {
Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
ldapQuery.addWhereCondition(roleNameCondition);
return ldapQuery.getFirstResult();
}
}
use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.
the class RoleLDAPStorageMapper method createRoleQuery.
// TODO: Possible to merge with GroupMapper and move to common class
public LDAPQuery createRoleQuery(boolean includeMemberAttribute) {
LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
// For now, use same search scope, which is configured "globally" and used for user's search.
ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
String rolesDn = config.getRolesDn();
ldapQuery.setSearchDn(rolesDn);
Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
ldapQuery.addObjectClasses(roleObjectClasses);
String rolesRdnAttr = config.getRoleNameLdapAttribute();
String customFilter = config.getCustomLdapFilter();
if (customFilter != null && customFilter.trim().length() > 0) {
Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
ldapQuery.addWhereCondition(customFilterCondition);
}
ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
// Performance improvement
if (includeMemberAttribute) {
String membershipAttr = config.getMembershipLdapAttribute();
ldapQuery.addReturningLdapAttribute(membershipAttr);
}
return ldapQuery;
}
use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.
the class LDAPIdentityStore method createIdentityTypeSearchFilter.
// ************ END CREDENTIALS AND USER SPECIFIC STUFF
protected StringBuilder createIdentityTypeSearchFilter(final LDAPQuery identityQuery) {
StringBuilder filter = new StringBuilder();
for (Condition condition : identityQuery.getConditions()) {
condition.applyCondition(filter);
}
filter.insert(0, "(&");
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
filter.append(")");
if (logger.isTraceEnabled()) {
logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", filter, identityQuery.getSearchDn());
}
return filter;
}
use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.
the class GroupLDAPStorageMapper method createGroupQuery.
// LDAP Group CRUD operations
// !! This function must be always called from try-with-resources block, otherwise vault secret may be leaked !!
public LDAPQuery createGroupQuery(boolean includeMemberAttribute) {
LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
// For now, use same search scope, which is configured "globally" and used for user's search.
ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
String groupsDn = config.getGroupsDn();
ldapQuery.setSearchDn(groupsDn);
Collection<String> groupObjectClasses = config.getGroupObjectClasses(ldapProvider);
ldapQuery.addObjectClasses(groupObjectClasses);
String customFilter = config.getCustomLdapFilter();
if (customFilter != null && customFilter.trim().length() > 0) {
Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
ldapQuery.addWhereCondition(customFilterCondition);
}
ldapQuery.addReturningLdapAttribute(config.getGroupNameLdapAttribute());
// Performance improvement
if (includeMemberAttribute) {
ldapQuery.addReturningLdapAttribute(config.getMembershipLdapAttribute());
}
for (String groupAttr : config.getGroupAttributes()) {
ldapQuery.addReturningLdapAttribute(groupAttr);
}
return ldapQuery;
}
use of org.keycloak.storage.ldap.idm.query.Condition in project keycloak by keycloak.
the class LDAPStorageProvider method queryByEmail.
protected LDAPObject queryByEmail(RealmModel realm, String email) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
// Mapper should replace "email" in parameter name with correct LDAP mapped attribute
Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, email, EscapeStrategy.DEFAULT);
ldapQuery.addWhereCondition(emailCondition);
return ldapQuery.getFirstResult();
}
}
Aggregations