Search in sources :

Example 11 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProviderFactory method createQuery.

/**
 *  !! This function must be called from try-with-resources block, otherwise Vault secrets may be leaked !!
 * @param sessionFactory
 * @param realmId
 * @param model
 * @return
 */
private LDAPQuery createQuery(KeycloakSessionFactory sessionFactory, final String realmId, final ComponentModel model) {
    class QueryHolder {

        LDAPQuery query;
    }
    final QueryHolder queryHolder = new QueryHolder();
    KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {

        @Override
        public void run(KeycloakSession session) {
            session.getContext().setRealm(session.realms().getRealm(realmId));
            LDAPStorageProvider ldapFedProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, model);
            RealmModel realm = session.realms().getRealm(realmId);
            queryHolder.query = LDAPUtils.createQueryForUserSearch(ldapFedProvider, realm);
        }
    });
    return queryHolder.query;
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) KeycloakSessionTask(org.keycloak.models.KeycloakSessionTask) KeycloakSession(org.keycloak.models.KeycloakSession)

Example 12 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProviderFactory method syncSince.

@Override
public SynchronizationResult syncSince(Date lastSync, KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
    syncMappers(sessionFactory, realmId, model);
    logger.infof("Sync changed users from LDAP to local store: realm: %s, federation provider: %s, last sync time: " + lastSync, realmId, model.getName());
    // Sync newly created and updated users
    LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
    Condition createCondition = conditionsBuilder.greaterThanOrEqualTo(LDAPConstants.CREATE_TIMESTAMP, lastSync);
    Condition modifyCondition = conditionsBuilder.greaterThanOrEqualTo(LDAPConstants.MODIFY_TIMESTAMP, lastSync);
    Condition orCondition = conditionsBuilder.orCondition(createCondition, modifyCondition);
    try (LDAPQuery userQuery = createQuery(sessionFactory, realmId, model)) {
        userQuery.addWhereCondition(orCondition);
        SynchronizationResult result = syncImpl(sessionFactory, userQuery, realmId, model);
        logger.infof("Sync changed users finished: %s", result.getStatus());
        return result;
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 13 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPUtils method createQueryForUserSearch.

public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig();
    ldapQuery.setSearchScope(config.getSearchScope());
    ldapQuery.setSearchDn(config.getUsersDn());
    ldapQuery.addObjectClasses(config.getUserObjectClasses());
    String customFilter = config.getCustomUserSearchFilter();
    if (customFilter != null) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    List<ComponentModel> mapperModels = realm.getComponentsStream(ldapProvider.getModel().getId(), LDAPStorageMapper.class.getName()).collect(Collectors.toList());
    ldapQuery.addMappers(mapperModels);
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ComponentModel(org.keycloak.component.ComponentModel) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 14 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPUtils method createLdapQueryForRangeAttribute.

private static LDAPQuery createLdapQueryForRangeAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name) {
    LDAPQuery q = new LDAPQuery(ldapProvider);
    q.setSearchDn(ldapObject.getDn().toString());
    q.setSearchScope(SearchControls.OBJECT_SCOPE);
    q.addReturningLdapAttribute(name + ";range=" + (ldapObject.getCurrentRange(name) + 1) + "-*");
    return q;
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)

Example 15 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProvider method searchForUserByUserAttributeStream.

@Override
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) {
    try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
        LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
        Condition attrCondition = conditionsBuilder.equal(attrName, attrValue, EscapeStrategy.DEFAULT);
        ldapQuery.addWhereCondition(attrCondition);
        List<LDAPObject> ldapObjects = ldapQuery.getResultList();
        return ldapObjects.stream().map(ldapUser -> {
            String ldapUsername = LDAPUtils.getUsername(ldapUser, this.ldapIdentityStore.getConfig());
            UserModel localUser = session.userLocalStorage().getUserByUsername(realm, ldapUsername);
            if (localUser == null) {
                return importUserFromLDAP(session, realm, ldapUser);
            } else {
                return proxy(realm, localUser, ldapUser, false);
            }
        });
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Aggregations

LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)20 Condition (org.keycloak.storage.ldap.idm.query.Condition)13 LDAPQueryConditionsBuilder (org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)13 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)8 ComponentModel (org.keycloak.component.ComponentModel)4 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)4 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)3 RealmModel (org.keycloak.models.RealmModel)2 RoleContainerModel (org.keycloak.models.RoleContainerModel)2 UserModel (org.keycloak.models.UserModel)2 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Objects (java.util.Objects)1 Set (java.util.Set)1 Consumer (java.util.function.Consumer)1 Collectors (java.util.stream.Collectors)1 Stream (java.util.stream.Stream)1