Search in sources :

Example 6 with GroupLDAPStorageMapper

use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.

the class LDAPGroupMapperTest method test08_ldapOnlyGroupMappingsRanged.

@Test
public void test08_ldapOnlyGroupMappingsRanged() {
    testingClient.server().run(session -> {
        // try to do 3 pages (30+30+1)
        int membersToTest = 61;
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
        appRealm.updateComponent(mapperModel);
        // Ignoring this test on ActiveDirectory and rhds as it's currently impossible to import more than 60 users without timeout
        LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
            return;
        }
        // create big grups that use ranged search
        String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        LDAPObject bigGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "biggroup", descriptionAttrName, "biggroup - description");
        // create the users to use range search and add them to the group
        for (int i = 0; i < membersToTest; i++) {
            String username = String.format("user%02d", i);
            LDAPObject user = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, username, username, username, username + "@email.org", null, "1234");
            LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", bigGroup, user);
        }
        // check if ranged intercetor is in place and working
        GroupMapperConfig config = new GroupMapperConfig(mapperModel);
        bigGroup = LDAPGroupMapperTest.searchObjectInBase(ctx.getLdapProvider(), bigGroup.getDn().toString(), config.getMembershipLdapAttribute());
        Assert.assertNotNull(bigGroup.getAttributes().get(config.getMembershipLdapAttribute()));
        Assert.assertFalse(bigGroup.isRangeComplete(config.getMembershipLdapAttribute()));
        Assert.assertTrue(membersToTest > bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size());
        Assert.assertEquals(bigGroup.getCurrentRange(config.getMembershipLdapAttribute()), bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size() - 1);
        // now check the population of ranged attributes is OK
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
        GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/biggroup");
        // check all the users have the group assigned
        for (int i = 0; i < membersToTest; i++) {
            UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i));
            Assert.assertTrue("User contains biggroup " + i, kcUser.getGroupsStream().collect(Collectors.toSet()).contains(kcBigGroup));
        }
        // check the group contains all the users as member
        List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcBigGroup, 0, membersToTest).collect(Collectors.toList());
        Assert.assertEquals(membersToTest, groupMembers.size());
        Set<String> usernames = groupMembers.stream().map(u -> u.getUsername()).collect(Collectors.toSet());
        for (int i = 0; i < membersToTest; i++) {
            Assert.assertTrue("Group contains user " + i, usernames.contains(String.format("user%02d", i)));
        }
    });
}
Also used : MethodSorters(org.junit.runners.MethodSorters) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) SearchControls(javax.naming.directory.SearchControls) LDAPConstants(org.keycloak.models.LDAPConstants) ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) UserModel(org.keycloak.models.UserModel) LDAPRule(org.keycloak.testsuite.util.LDAPRule) ComponentModel(org.keycloak.component.ComponentModel) GroupModel(org.keycloak.models.GroupModel) ClassRule(org.junit.ClassRule) LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) RealmModel(org.keycloak.models.RealmModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) LDAPTestUtils(org.keycloak.testsuite.util.LDAPTestUtils) Set(java.util.Set) LDAPTestUtils.getGroupDescriptionLDAPAttrName(org.keycloak.testsuite.util.LDAPTestUtils.getGroupDescriptionLDAPAttrName) Test(org.junit.Test) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) Collectors(java.util.stream.Collectors) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) List(java.util.List) Stream(java.util.stream.Stream) LDAPUtils(org.keycloak.storage.ldap.LDAPUtils) ModelException(org.keycloak.models.ModelException) Assert(org.junit.Assert) FixMethodOrder(org.junit.FixMethodOrder) GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 7 with GroupLDAPStorageMapper

use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.

the class LdapManyGroupsInitializerCommand method doRunCommand.

@Override
protected void doRunCommand(KeycloakSession session) {
    String realmName = getArg(0);
    String groupsDn = getArg(1);
    int startOffsetTopGroups = getIntArg(2);
    int topGroupsCount = getIntArg(3);
    int subgroupsInEveryGroup = getIntArg(4);
    RealmModel realm = session.realms().getRealmByName(realmName);
    List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
    if (components.size() != 1) {
        log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
        throw new HandledException();
    }
    ComponentModel ldapModel = components.get(0);
    // Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
    ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
    // Create groups
    for (int i = startOffsetTopGroups; i < startOffsetTopGroups + topGroupsCount; i++) {
        final int iFinal = i;
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
            LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
            RealmModel appRealm = session.realms().getRealmByName(realmName);
            GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
            Set<String> childGroupDns = new HashSet<>();
            for (int j = 0; j < subgroupsInEveryGroup; j++) {
                String groupName = "group-" + iFinal + "-" + j;
                LDAPObject createdGroup = groupMapper.createLDAPGroup(groupName, new HashMap<>());
                childGroupDns.add(createdGroup.getDn().toString());
            }
            String topGroupName = "group-" + iFinal;
            Map<String, Set<String>> groupAttrs = new HashMap<>();
            groupAttrs.put("member", new HashSet<>(childGroupDns));
            groupMapper.createLDAPGroup(topGroupName, groupAttrs);
        });
    }
}
Also used : LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) RealmModel(org.keycloak.models.RealmModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) KeycloakSession(org.keycloak.models.KeycloakSession) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)

Example 8 with GroupLDAPStorageMapper

use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.

the class LdapManyObjectsInitializerCommand method doRunCommand.

@Override
protected void doRunCommand(KeycloakSession session) {
    String realmName = getArg(0);
    String groupsDn = getArg(1);
    int startOffsetUsers = getIntArg(2);
    int countUsers = getIntArg(3);
    int batchCount = 100;
    int startOffsetGroups = getIntArg(4);
    int countGroups = getIntArg(5);
    RealmModel realm = session.realms().getRealmByName(realmName);
    List<ComponentModel> components = realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).collect(Collectors.toList());
    if (components.size() != 1) {
        log.errorf("Expected 1 LDAP Provider, but found: %d providers", components.size());
        throw new HandledException();
    }
    ComponentModel ldapModel = components.get(0);
    // Check that street mapper exists. It's required for now, so that "street" attribute is written to the LDAP
    getMapperModel(realm, ldapModel, "streetMapper");
    ComponentModel groupMapperModel = getMapperModel(realm, ldapModel, "groupsMapper");
    // Create users
    Set<String> createdUserDNs = new HashSet<>();
    BatchTaskRunner.runInBatches(startOffsetUsers, countUsers, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
        LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
        RealmModel appRealm = session.realms().getRealmByName(realmName);
        for (int i = firstIt; i < firstIt + countInIt; i++) {
            String username = "user-" + i;
            String firstName = "John-" + i;
            String lastName = "Doe-" + i;
            String email = "user" + i + "@email.cz";
            LDAPObject createdUser = addLDAPUser(ldapProvider, appRealm, username, firstName, lastName, email, groupsDn, startOffsetGroups, countGroups);
            createdUserDNs.add(createdUser.getDn().toString());
        }
        log.infof("Created LDAP users from: %d to %d", firstIt, firstIt + countInIt - 1);
    });
    // Create groups
    BatchTaskRunner.runInBatches(startOffsetGroups, countGroups, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession kcSession, int firstIt, int countInIt) -> {
        LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, ldapModel);
        RealmModel appRealm = session.realms().getRealmByName(realmName);
        GroupLDAPStorageMapper groupMapper = (GroupLDAPStorageMapper) session.getProvider(LDAPStorageMapper.class, groupMapperModel);
        for (int i = firstIt; i < firstIt + countInIt; i++) {
            String groupName = "group" + i;
            Map<String, Set<String>> groupAttrs = new HashMap<>();
            groupAttrs.put("member", new HashSet<>(createdUserDNs));
            groupMapper.createLDAPGroup(groupName, groupAttrs);
        }
        log.infof("Created LDAP groups from: %d to %d", firstIt, firstIt + countInIt - 1);
    });
}
Also used : LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) RealmModel(org.keycloak.models.RealmModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) KeycloakSession(org.keycloak.models.KeycloakSession) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) HashSet(java.util.HashSet)

Example 9 with GroupLDAPStorageMapper

use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.

the class LDAPSyncTest method test08LDAPGroupSyncAfterGroupRename.

@Test
public void test08LDAPGroupSyncAfterGroupRename() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY, descriptionAttrName);
        LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group1", descriptionAttrName, "group1 - description");
        LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
        LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, group1);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        ctx.getRealm().updateComponent(mapperModel);
        // sync groups to Keycloak
        new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Add group mapper
        LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        LDAPObject group1Loaded = groupMapper.loadLDAPGroupByName("group1");
        // update group name and description
        group1Loaded.setSingleAttribute(group1Loaded.getRdnAttributeNames().get(0), "group5");
        group1Loaded.setSingleAttribute(descriptionAttrName, "group5 - description");
        LDAPTestUtils.updateLDAPGroup(session, appRealm, ctx.getLdapModel(), group1Loaded);
        // sync to Keycloak should pass without an error
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
        Assert.assertThat(syncResult.getFailed(), Matchers.is(0));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // load previously synced group (a new group has been created in Keycloak)
        GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5");
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 10 with GroupLDAPStorageMapper

use of org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper in project keycloak by keycloak.

the class LDAPGroupMapperTest method test04_groupReferencingNonExistentMember.

// KEYCLOAK-2682
@Test
public void test04_groupReferencingNonExistentMember() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
        appRealm.updateComponent(mapperModel);
        // Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
        LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
        if (config.isActiveDirectory()) {
            return;
        }
        String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // 1 - Add some group to LDAP for testing
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
        LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
        // 2 - Add one existing user rob to LDAP group
        LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, jamesLdap);
        // 3 - Add non-existing user to LDAP group
        LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
        nonExistentDn.addFirst(jamesLdap.getRdnAttributeNames().get(0), "nonexistent");
        LDAPObject nonExistentLdapUser = new LDAPObject();
        nonExistentLdapUser.setDn(nonExistentDn);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
        // 4 - Check group members. Just existing user rob should be present
        groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
        List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5).collect(Collectors.toList());
        Assert.assertEquals(1, groupUsers.size());
        UserModel rob = groupUsers.get(0);
        Assert.assertEquals("jameskeycloak", rob.getUsername());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Aggregations

ComponentModel (org.keycloak.component.ComponentModel)14 RealmModel (org.keycloak.models.RealmModel)14 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)13 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)12 Test (org.junit.Test)11 GroupModel (org.keycloak.models.GroupModel)11 UserModel (org.keycloak.models.UserModel)7 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)4 ModelException (org.keycloak.models.ModelException)3 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)3 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)3 Set (java.util.Set)2 KeycloakSession (org.keycloak.models.KeycloakSession)2 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)2 UserStorageProvider (org.keycloak.storage.UserStorageProvider)2 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)2 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)2 GroupMapperConfig (org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig)2 Date (java.util.Date)1