Examples with LDAPQuery org.keycloak.storage.ldap.idm.query.internal.LDAPQuery used on opensource projects

Search in sources :

Example 6 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProviderFactory method sync.

@Override
public SynchronizationResult sync(KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
    syncMappers(sessionFactory, realmId, model);
    logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s", realmId, model.getName());
    try (LDAPQuery userQuery = createQuery(sessionFactory, realmId, model)) {
        SynchronizationResult syncResult = syncImpl(sessionFactory, userQuery, realmId, model);
        // TODO: Remove all existing keycloak users, which have federation links, but are not in LDAP. Perhaps don't check users, which were just added or updated during this sync?
        logger.infof("Sync all users finished: %s", syncResult.getStatus());
        return syncResult;
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)

Example 7 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPUtils method fillRangedAttribute.

/**
 * Performs iterative searches over an LDAPObject to return an attribute that is ranged.
 * @param ldapProvider The provider to use
 * @param ldapObject The current object with the ranged attribute not complete
 * @param name The attribute name
 */
public static void fillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name) {
    LDAPObject newObject = ldapObject;
    while (!newObject.isRangeComplete(name)) {
        try (LDAPQuery q = createLdapQueryForRangeAttribute(ldapProvider, ldapObject, name)) {
            newObject = q.getFirstResult();
            ldapObject.populateRangedAttribute(newObject, name);
        }
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 8 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class GroupLDAPStorageMapper method createGroupQuery.

// LDAP Group CRUD operations
// !! This function must be always called from try-with-resources block, otherwise vault secret may be leaked !!
public LDAPQuery createGroupQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String groupsDn = config.getGroupsDn();
    ldapQuery.setSearchDn(groupsDn);
    Collection<String> groupObjectClasses = config.getGroupObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(groupObjectClasses);
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(config.getGroupNameLdapAttribute());
    // Performance improvement
    if (includeMemberAttribute) {
        ldapQuery.addReturningLdapAttribute(config.getMembershipLdapAttribute());
    }
    for (String groupAttr : config.getGroupAttributes()) {
        ldapQuery.addReturningLdapAttribute(groupAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 9 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProvider method queryByEmail.

protected LDAPObject queryByEmail(RealmModel realm, String email) {
    try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
        LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
        // Mapper should replace "email" in parameter name with correct LDAP mapped attribute
        Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, email, EscapeStrategy.DEFAULT);
        ldapQuery.addWhereCondition(emailCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 10 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProvider method searchLDAP.

protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String, String> attributes) {
    List<LDAPObject> results = new ArrayList<LDAPObject>();
    if (attributes.containsKey(UserModel.USERNAME)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace "username" in parameter name with correct LDAP mapped attribute
            Condition usernameCondition = conditionsBuilder.equal(UserModel.USERNAME, attributes.get(UserModel.USERNAME), EscapeStrategy.NON_ASCII_CHARS_ONLY);
            ldapQuery.addWhereCondition(usernameCondition);
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    if (attributes.containsKey(UserModel.EMAIL)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace "email" in parameter name with correct LDAP mapped attribute
            Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, attributes.get(UserModel.EMAIL), EscapeStrategy.NON_ASCII_CHARS_ONLY);
            ldapQuery.addWhereCondition(emailCondition);
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    if (attributes.containsKey(UserModel.FIRST_NAME) || attributes.containsKey(UserModel.LAST_NAME)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace parameter with correct LDAP mapped attributes
            if (attributes.containsKey(UserModel.FIRST_NAME)) {
                ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.FIRST_NAME, attributes.get(UserModel.FIRST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
            }
            if (attributes.containsKey(UserModel.LAST_NAME)) {
                ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.LAST_NAME, attributes.get(UserModel.LAST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
            }
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    return results;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ArrayList(java.util.ArrayList) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Aggregations

LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)20 Condition (org.keycloak.storage.ldap.idm.query.Condition)13 LDAPQueryConditionsBuilder (org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)13 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)8 ComponentModel (org.keycloak.component.ComponentModel)4 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)4 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)3 RealmModel (org.keycloak.models.RealmModel)2 RoleContainerModel (org.keycloak.models.RoleContainerModel)2 UserModel (org.keycloak.models.UserModel)2 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Objects (java.util.Objects)1 Set (java.util.Set)1 Consumer (java.util.function.Consumer)1 Collectors (java.util.stream.Collectors)1 Stream (java.util.stream.Stream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial