Search in sources :

Example 1 with MembershipType

use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.

the class GroupLDAPStorageMapperFactory method validateConfiguration.

@Override
public void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel config) throws ComponentValidationException {
    checkMandatoryConfigAttribute(GroupMapperConfig.GROUPS_DN, "LDAP Groups DN", config);
    checkMandatoryConfigAttribute(GroupMapperConfig.MODE, "Mode", config);
    String mt = config.getConfig().getFirst(CommonLDAPGroupMapperConfig.MEMBERSHIP_ATTRIBUTE_TYPE);
    MembershipType membershipType = mt == null ? MembershipType.DN : Enum.valueOf(MembershipType.class, mt);
    boolean preserveGroupInheritance = Boolean.parseBoolean(config.getConfig().getFirst(GroupMapperConfig.PRESERVE_GROUP_INHERITANCE));
    if (preserveGroupInheritance && membershipType != MembershipType.DN) {
        throw new ComponentValidationException("ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType");
    }
    LDAPUtils.validateCustomLdapFilter(config.getConfig().getFirst(GroupMapperConfig.GROUPS_LDAP_FILTER));
    String group = new GroupMapperConfig(config).getGroupsPath();
    if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(realm, group) == null) {
        throw new ComponentValidationException("ldapErrorMissingGroupsPathGroup");
    }
}
Also used : ComponentValidationException(org.keycloak.component.ComponentValidationException) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig)

Example 2 with MembershipType

use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.

the class GroupLDAPStorageMapper method getGroupMembers.

// group-user membership operations
@Override
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) {
    if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
        // only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
        return Collections.emptyList();
    }
    // TODO: with ranged search in AD we can improve the search using the specific range (not done for the moment)
    LDAPObject ldapGroup = loadLDAPGroupByName(kcGroup.getName());
    if (ldapGroup == null) {
        return Collections.emptyList();
    }
    MembershipType membershipType = config.getMembershipTypeLdapAttribute();
    return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used : MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 3 with MembershipType

use of org.keycloak.storage.ldap.mappers.membership.MembershipType in project keycloak by keycloak.

the class RoleLDAPStorageMapper method getRoleMembers.

@Override
public List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults) {
    if (config.getMode() == LDAPGroupMapperMode.IMPORT) {
        // only results from Keycloak should be returned, or imported LDAP and KC items will duplicate
        return Collections.emptyList();
    }
    LDAPObject ldapGroup = loadRoleGroupByName(role.getName());
    if (ldapGroup == null) {
        return Collections.emptyList();
    }
    MembershipType membershipType = config.getMembershipTypeLdapAttribute();
    return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults);
}
Also used : MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Aggregations

MembershipType (org.keycloak.storage.ldap.mappers.membership.MembershipType)3 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)2 ComponentValidationException (org.keycloak.component.ComponentValidationException)1 CommonLDAPGroupMapperConfig (org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig)1