Example 6 with SynchronizationResult
use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.
the class RoleLDAPStorageMapper method syncDataFromFederationProviderToKeycloak.
// Sync roles from LDAP to Keycloak DB
@Override
public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) {
SynchronizationResult syncResult = new SynchronizationResult() {
@Override
public String getStatus() {
return String.format("%d imported roles, %d roles already exists in Keycloak", getAdded(), getUpdated());
}
};
logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
// Send LDAP query to load all roles
try (LDAPQuery ldapRoleQuery = createRoleQuery(false)) {
List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapRoleQuery, ldapProvider);
RoleContainerModel roleContainer = getTargetRoleContainer(realm);
String rolesRdnAttr = config.getRoleNameLdapAttribute();
for (LDAPObject ldapRole : ldapRoles) {
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
if (roleContainer.getRole(roleName) == null) {
logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
roleContainer.addRole(roleName);
syncResult.increaseAdded();
} else {
syncResult.increaseUpdated();
}
}
return syncResult;
}
}
Also used :
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
Example 7 with SynchronizationResult
use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.
the class LDAPStorageProviderFactory method syncImpl.
protected SynchronizationResult syncImpl(KeycloakSessionFactory sessionFactory, LDAPQuery userQuery, final String realmId, final ComponentModel fedModel) {
final SynchronizationResult syncResult = new SynchronizationResult();
LDAPConfig ldapConfig = new LDAPConfig(fedModel.getConfig());
boolean pagination = ldapConfig.isPagination();
if (pagination) {
int pageSize = ldapConfig.getBatchSizeForSync();
boolean nextPage = true;
while (nextPage) {
userQuery.setLimit(pageSize);
final List<LDAPObject> users = userQuery.getResultList();
nextPage = userQuery.getPaginationContext().hasNextPage();
SynchronizationResult currentPageSync = importLdapUsers(sessionFactory, realmId, fedModel, users);
syncResult.add(currentPageSync);
}
} else {
// LDAP pagination not available. Do everything in single transaction
final List<LDAPObject> users = userQuery.getResultList();
SynchronizationResult currentSync = importLdapUsers(sessionFactory, realmId, fedModel, users);
syncResult.add(currentSync);
}
return syncResult;
}
Also used :
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Example 8 with SynchronizationResult
use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.
the class LDAPStorageProviderFactory method sync.
@Override
public SynchronizationResult sync(KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
syncMappers(sessionFactory, realmId, model);
logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s", realmId, model.getName());
try (LDAPQuery userQuery = createQuery(sessionFactory, realmId, model)) {
SynchronizationResult syncResult = syncImpl(sessionFactory, userQuery, realmId, model);
// TODO: Remove all existing keycloak users, which have federation links, but are not in LDAP. Perhaps don't check users, which were just added or updated during this sync?
logger.infof("Sync all users finished: %s", syncResult.getStatus());
return syncResult;
}
}
Also used :
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Example 9 with SynchronizationResult
use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.
the class GroupLDAPStorageMapper method addGroupMappingInLDAP.
public void addGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser) {
String groupName = kcGroup.getName();
LDAPObject ldapGroup = loadLDAPGroupByName(groupName);
if (ldapGroup == null) {
// Needs to partially sync Keycloak groups to LDAP
if (config.isPreserveGroupsInheritance()) {
GroupModel groupsPathGroup = getKcGroupsPathGroup(realm);
GroupModel highestGroupToSync = getHighestPredecessorNotExistentInLdap(groupsPathGroup, kcGroup);
logger.debugf("Will sync group '%s' and it's subgroups from DB to LDAP", highestGroupToSync.getName());
Map<String, LDAPObject> syncedLDAPGroups = new HashMap<>();
processKeycloakGroupSyncToLDAP(highestGroupToSync, syncedLDAPGroups, new HashSet<>(), new SynchronizationResult());
processKeycloakGroupMembershipsSyncToLDAP(highestGroupToSync, syncedLDAPGroups);
ldapGroup = loadLDAPGroupByName(groupName);
// Finally update LDAP membership in the parent group
if (highestGroupToSync.getParent() != groupsPathGroup) {
LDAPObject ldapParentGroup = loadLDAPGroupByName(highestGroupToSync.getParent().getName());
LDAPUtils.addMember(ldapProvider, MembershipType.DN, config.getMembershipLdapAttribute(), getMembershipUserLdapAttribute(), ldapParentGroup, ldapGroup);
}
} else {
// No care about group inheritance. Let's just sync current group
logger.debugf("Will sync group '%s' from DB to LDAP", groupName);
processKeycloakGroupSyncToLDAP(kcGroup, new HashMap<>(), new HashSet<>(), new SynchronizationResult());
ldapGroup = loadLDAPGroupByName(groupName);
}
}
String membershipUserLdapAttrName = getMembershipUserLdapAttribute();
LDAPUtils.addMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserLdapAttrName, ldapGroup, ldapUser);
}
Also used :
HashMap(java.util.HashMap)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Example 10 with SynchronizationResult
use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.
the class GroupLDAPStorageMapper method syncDataFromFederationProviderToKeycloak.
// Sync from Ldap to KC
@Override
public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) {
SynchronizationResult syncResult = new SynchronizationResult() {
@Override
public String getStatus() {
return String.format("%d imported groups, %d updated groups, %d removed groups", getAdded(), getUpdated(), getRemoved());
}
};
logger.debugf("Syncing groups from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
// Get all LDAP groups
List<LDAPObject> ldapGroups = getAllLDAPGroups(config.isPreserveGroupsInheritance());
// Convert to internal format
Map<String, LDAPObject> ldapGroupsMap = new HashMap<>();
List<GroupTreeResolver.Group> ldapGroupsRep = new LinkedList<>();
convertGroupsToInternalRep(ldapGroups, ldapGroupsMap, ldapGroupsRep);
// Now we have list of LDAP groups. Let's form the tree (if needed)
if (config.isPreserveGroupsInheritance()) {
try {
List<GroupTreeResolver.GroupTreeEntry> groupTrees = new GroupTreeResolver().resolveGroupTree(ldapGroupsRep, config.isIgnoreMissingGroups());
updateKeycloakGroupTree(realm, groupTrees, ldapGroupsMap, syncResult);
} catch (GroupTreeResolver.GroupTreeResolveException gre) {
throw new ModelException("Couldn't resolve groups from LDAP. Fix LDAP or skip preserve inheritance. Details: " + gre.getMessage(), gre);
}
} else {
syncFlatGroupStructure(realm, syncResult, ldapGroupsMap);
}
syncFromLDAPPerformedInThisTransaction = true;
return syncResult;
}
Also used :
ModelException(org.keycloak.models.ModelException)
HashMap(java.util.HashMap)
LinkedList(java.util.LinkedList)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Aggregations
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)33
RealmModel (org.keycloak.models.RealmModel)20
Test (org.junit.Test)18
ComponentModel (org.keycloak.component.ComponentModel)18
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)16
UserStorageSyncManager (org.keycloak.services.managers.UserStorageSyncManager)12
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)11
GroupModel (org.keycloak.models.GroupModel)9
KeycloakSessionFactory (org.keycloak.models.KeycloakSessionFactory)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
UserModel (org.keycloak.models.UserModel)7
UserStorageProvider (org.keycloak.storage.UserStorageProvider)7
UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)7
KeycloakSession (org.keycloak.models.KeycloakSession)5
LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)5
KeycloakSessionTask (org.keycloak.models.KeycloakSessionTask)4
UserStorageProviderFactory (org.keycloak.storage.UserStorageProviderFactory)4
ImportSynchronization (org.keycloak.storage.user.ImportSynchronization)4
List (java.util.List)3
