Search in sources :

Example 1 with LDAPQueryConditionsBuilder

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.

the class RoleLDAPStorageMapper method loadRoleGroupByName.

public LDAPObject loadRoleGroupByName(String roleName) {
    try (LDAPQuery ldapQuery = createRoleQuery(true)) {
        Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
        ldapQuery.addWhereCondition(roleNameCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 2 with LDAPQueryConditionsBuilder

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.

the class RoleLDAPStorageMapper method createRoleQuery.

// TODO: Possible to merge with GroupMapper and move to common class
public LDAPQuery createRoleQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String rolesDn = config.getRolesDn();
    ldapQuery.setSearchDn(rolesDn);
    Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(roleObjectClasses);
    String rolesRdnAttr = config.getRoleNameLdapAttribute();
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
    // Performance improvement
    if (includeMemberAttribute) {
        String membershipAttr = config.getMembershipLdapAttribute();
        ldapQuery.addReturningLdapAttribute(membershipAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 3 with LDAPQueryConditionsBuilder

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.

the class GroupLDAPStorageMapper method createGroupQuery.

// LDAP Group CRUD operations
// !! This function must be always called from try-with-resources block, otherwise vault secret may be leaked !!
public LDAPQuery createGroupQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String groupsDn = config.getGroupsDn();
    ldapQuery.setSearchDn(groupsDn);
    Collection<String> groupObjectClasses = config.getGroupObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(groupObjectClasses);
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(config.getGroupNameLdapAttribute());
    // Performance improvement
    if (includeMemberAttribute) {
        ldapQuery.addReturningLdapAttribute(config.getMembershipLdapAttribute());
    }
    for (String groupAttr : config.getGroupAttributes()) {
        ldapQuery.addReturningLdapAttribute(groupAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 4 with LDAPQueryConditionsBuilder

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.

the class LDAPStorageProvider method queryByEmail.

protected LDAPObject queryByEmail(RealmModel realm, String email) {
    try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
        LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
        // Mapper should replace "email" in parameter name with correct LDAP mapped attribute
        Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, email, EscapeStrategy.DEFAULT);
        ldapQuery.addWhereCondition(emailCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 5 with LDAPQueryConditionsBuilder

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder in project keycloak by keycloak.

the class LDAPStorageProvider method searchLDAP.

protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String, String> attributes) {
    List<LDAPObject> results = new ArrayList<LDAPObject>();
    if (attributes.containsKey(UserModel.USERNAME)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace "username" in parameter name with correct LDAP mapped attribute
            Condition usernameCondition = conditionsBuilder.equal(UserModel.USERNAME, attributes.get(UserModel.USERNAME), EscapeStrategy.NON_ASCII_CHARS_ONLY);
            ldapQuery.addWhereCondition(usernameCondition);
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    if (attributes.containsKey(UserModel.EMAIL)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace "email" in parameter name with correct LDAP mapped attribute
            Condition emailCondition = conditionsBuilder.equal(UserModel.EMAIL, attributes.get(UserModel.EMAIL), EscapeStrategy.NON_ASCII_CHARS_ONLY);
            ldapQuery.addWhereCondition(emailCondition);
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    if (attributes.containsKey(UserModel.FIRST_NAME) || attributes.containsKey(UserModel.LAST_NAME)) {
        try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
            LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
            // Mapper should replace parameter with correct LDAP mapped attributes
            if (attributes.containsKey(UserModel.FIRST_NAME)) {
                ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.FIRST_NAME, attributes.get(UserModel.FIRST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
            }
            if (attributes.containsKey(UserModel.LAST_NAME)) {
                ldapQuery.addWhereCondition(conditionsBuilder.equal(UserModel.LAST_NAME, attributes.get(UserModel.LAST_NAME), EscapeStrategy.NON_ASCII_CHARS_ONLY));
            }
            List<LDAPObject> ldapObjects = ldapQuery.getResultList();
            results.addAll(ldapObjects);
        }
    }
    return results;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ArrayList(java.util.ArrayList) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Aggregations

Condition (org.keycloak.storage.ldap.idm.query.Condition)12 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)12 LDAPQueryConditionsBuilder (org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)12 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)3 ArrayList (java.util.ArrayList)1 ComponentModel (org.keycloak.component.ComponentModel)1 UserModel (org.keycloak.models.UserModel)1 CachedUserModel (org.keycloak.models.cache.CachedUserModel)1 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)1