use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.
the class LDAPGroupMapperTest method test08_ldapOnlyGroupMappingsRanged.
@Test
public void test08_ldapOnlyGroupMappingsRanged() {
testingClient.server().run(session -> {
// try to do 3 pages (30+30+1)
int membersToTest = 61;
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
// Ignoring this test on ActiveDirectory and rhds as it's currently impossible to import more than 60 users without timeout
LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
return;
}
// create big grups that use ranged search
String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
LDAPObject bigGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "biggroup", descriptionAttrName, "biggroup - description");
// create the users to use range search and add them to the group
for (int i = 0; i < membersToTest; i++) {
String username = String.format("user%02d", i);
LDAPObject user = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, username, username, username, username + "@email.org", null, "1234");
LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", bigGroup, user);
}
// check if ranged intercetor is in place and working
GroupMapperConfig config = new GroupMapperConfig(mapperModel);
bigGroup = LDAPGroupMapperTest.searchObjectInBase(ctx.getLdapProvider(), bigGroup.getDn().toString(), config.getMembershipLdapAttribute());
Assert.assertNotNull(bigGroup.getAttributes().get(config.getMembershipLdapAttribute()));
Assert.assertFalse(bigGroup.isRangeComplete(config.getMembershipLdapAttribute()));
Assert.assertTrue(membersToTest > bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size());
Assert.assertEquals(bigGroup.getCurrentRange(config.getMembershipLdapAttribute()), bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size() - 1);
// now check the population of ranged attributes is OK
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/biggroup");
// check all the users have the group assigned
for (int i = 0; i < membersToTest; i++) {
UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i));
Assert.assertTrue("User contains biggroup " + i, kcUser.getGroupsStream().collect(Collectors.toSet()).contains(kcBigGroup));
}
// check the group contains all the users as member
List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcBigGroup, 0, membersToTest).collect(Collectors.toList());
Assert.assertEquals(membersToTest, groupMembers.size());
Set<String> usernames = groupMembers.stream().map(u -> u.getUsername()).collect(Collectors.toSet());
for (int i = 0; i < membersToTest; i++) {
Assert.assertTrue("Group contains user " + i, usernames.contains(String.format("user%02d", i)));
}
});
}
use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.
the class LdapManyGroupsInitializerCommand method doRunCommand.
@Override
protected void doRunCommand(KeycloakSession session) {
String realmName = getArg(0);
String groupsDn = getArg(1);
int startOffsetTopGroups = getIntArg(2);
int topGroupsCount = getIntArg(3);
int subgroupsInEveryGroup = getIntArg(4);
RealmModel realm = session.realms().getRealmByName(realmName);
List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
if (components.size() != 1) {
log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
throw new HandledException();
}
ComponentModel ldapModel = components.get(0);
// Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
// Create groups
for (int i = startOffsetTopGroups; i < startOffsetTopGroups + topGroupsCount; i++) {
final int iFinal = i;
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
RealmModel appRealm = session.realms().getRealmByName(realmName);
GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
Set<String> childGroupDns = new HashSet<>();
for (int j = 0; j < subgroupsInEveryGroup; j++) {
String groupName = "group-" + iFinal + "-" + j;
LDAPObject createdGroup = groupMapper.createLDAPGroup(groupName, new HashMap<>());
childGroupDns.add(createdGroup.getDn().toString());
}
String topGroupName = "group-" + iFinal;
Map<String, Set<String>> groupAttrs = new HashMap<>();
groupAttrs.put("member", new HashSet<>(childGroupDns));
groupMapper.createLDAPGroup(topGroupName, groupAttrs);
});
}
}
use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.
the class LdapManyObjectsInitializerCommand method doRunCommand.
@Override
protected void doRunCommand(KeycloakSession session) {
String realmName = getArg(0);
String groupsDn = getArg(1);
int startOffsetUsers = getIntArg(2);
int countUsers = getIntArg(3);
int batchCount = 100;
int startOffsetGroups = getIntArg(4);
int countGroups = getIntArg(5);
RealmModel realm = session.realms().getRealmByName(realmName);
List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
if (components.size() != 1) {
log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
throw new HandledException();
}
ComponentModel ldapModel = components.get(0);
// Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
getMapperModel(realm, ldapModel, "streetMapper");
ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
// Create users
Set<String> createdUserDNs = new HashSet<>();
BatchTaskRunner.runInBatches(startOffsetUsers, countUsers, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
RealmModel appRealm = session.realms().getRealmByName(realmName);
for (int i = firstIt; i < firstIt + countInIt; i++) {
String username = "user-" + i;
String firstName = "John-" + i;
String lastName = "Doe-" + i;
String email = "user" + i + "@email.cz";
LDAPObject createdUser = addLDAPUser(ldapProvider, appRealm, username, firstName, lastName, email, groupsDn, startOffsetGroups, countGroups);
createdUserDNs.add(createdUser.getDn().toString());
}
log.infof("Created LDAP users from: %d to %d", firstIt, firstIt + countInIt - 1);
});
// Create groups
BatchTaskRunner.runInBatches(startOffsetGroups, countGroups, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
RealmModel appRealm = session.realms().getRealmByName(realmName);
GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
for (int i = firstIt; i < firstIt + countInIt; i++) {
String groupName = "group" + i;
Map<String, Set<String>> groupAttrs = new HashMap<>();
groupAttrs.put("member", new HashSet<>(createdUserDNs));
groupMapper.createLDAPGroup(groupName, groupAttrs);
}
log.infof("Created LDAP groups from: %d to %d", firstIt, firstIt + countInIt - 1);
});
}
use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.
the class LDAPSyncTest method test08LDAPGroupSyncAfterGroupRename.
@Test
public void test08LDAPGroupSyncAfterGroupRename() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// Add group mapper
LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY, descriptionAttrName);
LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group1", descriptionAttrName, "group1 - description");
LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, group1);
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
ctx.getRealm().updateComponent(mapperModel);
// sync groups to Keycloak
new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// Add group mapper
LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
LDAPObject group1Loaded = groupMapper.loadLDAPGroupByName("group1");
// update group name and description
group1Loaded.setSingleAttribute(group1Loaded.getRdnAttributeNames().get(0), "group5");
group1Loaded.setSingleAttribute(descriptionAttrName, "group5 - description");
LDAPTestUtils.updateLDAPGroup(session, appRealm, ctx.getLdapModel(), group1Loaded);
// sync to Keycloak should pass without an error
SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
Assert.assertThat(syncResult.getFailed(), Matchers.is(0));
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// load previously synced group (a new group has been created in Keycloak)
GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
});
}
use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.
the class LDAPGroupMapperTest method test04_groupReferencingNonExistentMember.
// KEYCLOAK-2682
@Test
public void test04_groupReferencingNonExistentMember() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
// Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
if (config.isActiveDirectory()) {
return;
}
String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// 1 - Add some group to LDAP for testing
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
// 2 - Add one existing user rob to LDAP group
LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, jamesLdap);
// 3 - Add non-existing user to LDAP group
LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
nonExistentDn.addFirst(jamesLdap.getRdnAttributeNames().get(0), "nonexistent");
LDAPObject nonExistentLdapUser = new LDAPObject();
nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
// 4 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5).collect(Collectors.toList());
Assert.assertEquals(1, groupUsers.size());
UserModel rob = groupUsers.get(0);
Assert.assertEquals("jameskeycloak", rob.getUsername());
});
}
Aggregations