Example 1 with MembershipType
use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.
the class GroupLDAPStorageMapperFactory method validateConfiguration.
@Override
public void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel config) throws ComponentValidationException {
checkMandatoryConfigAttribute(GroupMapperConfig.GROUPS_DN, "LDAP Groups DN", config);
checkMandatoryConfigAttribute(GroupMapperConfig.MODE, "Mode", config);
String mt = config.getConfig().getFirst(CommonLDAPGroupMapperConfig.MEMBERSHIP_ATTRIBUTE_TYPE);
MembershipType membershipType = mt == null ? MembershipType.DN : Enum.valueOf(MembershipType.class, mt);
boolean preserveGroupInheritance = Boolean.parseBoolean(config.getConfig().getFirst(GroupMapperConfig.PRESERVE_GROUP_INHERITANCE));
if (preserveGroupInheritance && membershipType != MembershipType.DN) {
throw new ComponentValidationException("ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType");
}
LDAPUtils.validateCustomLdapFilter(config.getConfig().getFirst(GroupMapperConfig.GROUPS_LDAP_FILTER));
String group = new GroupMapperConfig(config).getGroupsPath();
if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(realm, group) == null) {
throw new ComponentValidationException("ldapErrorMissingGroupsPathGroup");
}
}
Also used :
ComponentValidationException(org.keycloak.component.ComponentValidationException)
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig)
Example 2 with MembershipType
use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.
the class GroupLDAPStorageMapper method getGroupMembers.
// group-user membership operations
@Override
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) {
if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
// only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
return Collections.emptyList();
}
// TODO: with ranged search in AD we can improve the search using the specific range (not done for the moment)
LDAPObject ldapGroup = loadLDAPGroupByName(kcGroup.getName());
if (ldapGroup == null) {
return Collections.emptyList();
}
MembershipType membershipType = config.getMembershipTypeLdapAttribute();
return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used :
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 3 with MembershipType
use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.
the class RoleLDAPStorageMapper method getRoleMembers.
@Override
public List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults) {
if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
// only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
return Collections.emptyList();
}
LDAPObject ldapGroup = loadRoleGroupByName(role.getName());
if (ldapGroup == null) {
return Collections.emptyList();
}
MembershipType membershipType = config.getMembershipTypeLdapAttribute();
return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used :
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Aggregations
MembershipType (org.keycloak.storage.ldap.mappers.membership.MembershipType)3
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)2
ComponentValidationException (org.keycloak.component.ComponentValidationException)1
CommonLDAPGroupMapperConfig (org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig)1
