use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.
the class RoleLDAPStorageMapper method loadRoleGroupByName.
public LDAPObject loadRoleGroupByName(String roleName) {
try (LDAPQuery ldapQuery = createRoleQuery(true)) {
Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
ldapQuery.addWhereCondition(roleNameCondition);
return ldapQuery.getFirstResult();
}
}
use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.
the class RoleLDAPStorageMapper method createRoleQuery.
// TODO: Possible to merge with GroupMapper and move to common class
public LDAPQuery createRoleQuery(boolean includeMemberAttribute) {
LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
// For now, use same search scope, which is configured "globally" and used for user's search.
ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
String rolesDn = config.getRolesDn();
ldapQuery.setSearchDn(rolesDn);
Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
ldapQuery.addObjectClasses(roleObjectClasses);
String rolesRdnAttr = config.getRoleNameLdapAttribute();
String customFilter = config.getCustomLdapFilter();
if (customFilter != null && customFilter.trim().length() > 0) {
Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
ldapQuery.addWhereCondition(customFilterCondition);
}
ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
// Performance improvement
if (includeMemberAttribute) {
String membershipAttr = config.getMembershipLdapAttribute();
ldapQuery.addReturningLdapAttribute(membershipAttr);
}
return ldapQuery;
}
use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.
the class GroupLDAPStorageMapper method createGroupQuery.
// LDAP Group CRUD operations
// !! This function must be always called from try-with-resources block, otherwise vault secret may be leaked !!
public LDAPQuery createGroupQuery(boolean includeMemberAttribute) {
LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
// For now, use same search scope, which is configured "globally" and used for user's search.
ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
String groupsDn = config.getGroupsDn();
ldapQuery.setSearchDn(groupsDn);
Collection<String> groupObjectClasses = config.getGroupObjectClasses(ldapProvider);
ldapQuery.addObjectClasses(groupObjectClasses);
String customFilter = config.getCustomLdapFilter();
if (customFilter != null && customFilter.trim().length() > 0) {
Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
ldapQuery.addWhereCondition(customFilterCondition);
}
ldapQuery.addReturningLdapAttribute(config.getGroupNameLdapAttribute());
// Performance improvement
if (includeMemberAttribute) {
ldapQuery.addReturningLdapAttribute(config.getMembershipLdapAttribute());
}
for (String groupAttr : config.getGroupAttributes()) {
ldapQuery.addReturningLdapAttribute(groupAttr);
}
return ldapQuery;
}
use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.
the class LDAPStorageProvider method queryByEmail.
protected LDAPObject queryByEmail(RealmModel realm, String email) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
// Mapper should replace "email" in parameter name with correct LDAP mapped attribute
Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, email, EscapeStrategy.DEFAULT);
ldapQuery.addWhereCondition(emailCondition);
return ldapQuery.getFirstResult();
}
}
use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.
the class LDAPStorageProvider method searchLDAP.
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String, String> attributes) {
List<LDAPObject> results = new ArrayList<LDAPObject>();
if (attributes.containsKey(UserModel.USERNAME)) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
// Mapper should replace "username" in parameter name with correct LDAP mapped attribute
Condition usernameCondition = conditionsBuilder.equal(UserModel.USERNAME, attributes.get(UserModel.USERNAME), EscapeStrategy.NON_ASCII_CHARS_ONLY);
ldapQuery.addWhereCondition(usernameCondition);
List<LDAPObject> ldapObjects = ldapQuery.getResultList();
results.addAll(ldapObjects);
}
}
if (attributes.containsKey(UserModel.EMAIL)) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
// Mapper should replace "email" in parameter name with correct LDAP mapped attribute
Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, attributes.get(UserModel.EMAIL), EscapeStrategy.NON_ASCII_CHARS_ONLY);
ldapQuery.addWhereCondition(emailCondition);
List<LDAPObject> ldapObjects = ldapQuery.getResultList();
results.addAll(ldapObjects);
}
}
if (attributes.containsKey(UserModel.FIRST_NAME) || attributes.containsKey(UserModel.LAST_NAME)) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
// Mapper should replace parameter with correct LDAP mapped attributes
if (attributes.containsKey(UserModel.FIRST_NAME)) {
ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.FIRST_NAME, attributes.get(UserModel.FIRST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
}
if (attributes.containsKey(UserModel.LAST_NAME)) {
ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.LAST_NAME, attributes.get(UserModel.LAST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
}
List<LDAPObject> ldapObjects = ldapQuery.getResultList();
results.addAll(ldapObjects);
}
}
return results;
}
Aggregations