Examples with LDAPQuery org.keycloak.storage.ldap.idm.query.internal.LDAPQuery used on opensource projects

Example 11 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProviderFactory method createQuery.

/**
 *  !! This function must be called from try-with-resources block, otherwise Vault secrets may be leaked !!
 * @param sessionFactory
 * @param realmId
 * @param model
 * @return
 */
private LDAPQuery createQuery(KeycloakSessionFactory sessionFactory, final String realmId, final ComponentModel model) {
    class QueryHolder {

        LDAPQuery query;
    }
    final QueryHolder queryHolder = new QueryHolder();
    KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {

        @Override
        public void run(KeycloakSession session) {
            session.getContext().setRealm(session.realms().getRealm(realmId));
            LDAPStorageProvider ldapFedProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, model);
            RealmModel realm = session.realms().getRealm(realmId);
            queryHolder.query = LDAPUtils.createQueryForUserSearch(ldapFedProvider, realm);
        }
    });
    return queryHolder.query;
}

Example 12 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProviderFactory method syncSince.

@Override
public SynchronizationResult syncSince(Date lastSync, KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
    syncMappers(sessionFactory, realmId, model);
    logger.infof("Sync changed users from LDAP to local store: realm: %s, federation provider: %s, last sync time: " + lastSync, realmId, model.getName());
    // Sync newly created and updated users
    LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
    Condition createCondition = conditionsBuilder.greaterThanOrEqualTo(LDAPConstants.CREATE_TIMESTAMP, lastSync);
    Condition modifyCondition = conditionsBuilder.greaterThanOrEqualTo(LDAPConstants.MODIFY_TIMESTAMP, lastSync);
    Condition orCondition = conditionsBuilder.orCondition(createCondition, modifyCondition);
    try (LDAPQuery userQuery = createQuery(sessionFactory, realmId, model)) {
        userQuery.addWhereCondition(orCondition);
        SynchronizationResult result = syncImpl(sessionFactory, userQuery, realmId, model);
        logger.infof("Sync changed users finished: %s", result.getStatus());
        return result;
    }
}

Example 13 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPUtils method createQueryForUserSearch.

public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig();
    ldapQuery.setSearchScope(config.getSearchScope());
    ldapQuery.setSearchDn(config.getUsersDn());
    ldapQuery.addObjectClasses(config.getUserObjectClasses());
    String customFilter = config.getCustomUserSearchFilter();
    if (customFilter != null) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    List<ComponentModel> mapperModels = realm.getComponentsStream(ldapProvider.getModel().getId(), LDAPStorageMapper.class.getName()).collect(Collectors.toList());
    ldapQuery.addMappers(mapperModels);
    return ldapQuery;
}

Example 14 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPUtils method createLdapQueryForRangeAttribute.

private static LDAPQuery createLdapQueryForRangeAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name) {
    LDAPQuery q = new LDAPQuery(ldapProvider);
    q.setSearchDn(ldapObject.getDn().toString());
    q.setSearchScope(SearchControls.OBJECT_SCOPE);
    q.addReturningLdapAttribute(name + ";range=" + (ldapObject.getCurrentRange(name) + 1) + "-*");
    return q;
}

Example 15 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPStorageProvider method searchForUserByUserAttributeStream.

@Override
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) {
    try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
        LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
        Condition attrCondition = conditionsBuilder.equal(attrName, attrValue, EscapeStrategy.DEFAULT);
        ldapQuery.addWhereCondition(attrCondition);
        List<LDAPObject> ldapObjects = ldapQuery.getResultList();
        return ldapObjects.stream().map(ldapUser -> {
            String ldapUsername = LDAPUtils.getUsername(ldapUser, this.ldapIdentityStore.getConfig());
            UserModel localUser = session.userLocalStorage().getUserByUsername(realm, ldapUsername);
            if (localUser == null) {
                return importUserFromLDAP(session, realm, ldapUser);
            } else {
                return proxy(realm, localUser, ldapUser, false);
            }
        });
    }
}