Package org.keycloak.storage.ldap
Class LDAPUtils
- java.lang.Object
-
- org.keycloak.storage.ldap.LDAPUtils
-
public class LDAPUtils extends Object
Allow to directly call some operations against LDAPIdentityStore.- Author:
- Marek Posolda
-
-
Constructor Summary
Constructors Constructor Description LDAPUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidaddMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)Add ldapChild as member of ldapParent and save ldapParent to LDAP.static LDAPObjectaddUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user)Method to crate a user in the LDAP.static LDAPObjectaddUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user, Consumer<LDAPObject> consumerOnCreated)Method that creates a user in the LDAP when all the attributes marked as mandatory by the mappers are set.static voidcheckUuid(LDAPObject ldapUser, LDAPConfig config)static voidcomputeAndSetDn(LDAPConfig config, LDAPObject ldapUser)static LDAPObjectcreateLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String,Set<String>> additionalAttributes, String membershipLdapAttribute)static LDAPQuerycreateQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm)static voiddeleteMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)Remove ldapChild as member of ldapParent and save ldapParent to LDAP.static voidfillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name)Performs iterative searches over an LDAPObject to return an attribute that is ranged.static Set<String>getExistingMemberships(LDAPStorageProvider ldapProvider, String memberAttrName, LDAPObject ldapRole)Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroupstatic StringgetMemberValueOfChildObject(LDAPObject ldapUser, MembershipType membershipType, String memberChildAttrName)Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObjectstatic Map<String,Property<Object>>getUserModelProperties()Return a map of the user model properties from the getter methods Map key are the attributes names in lower casestatic StringgetUsername(LDAPObject ldapUser, LDAPConfig config)static List<LDAPObject>loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider)Load all LDAP objects corresponding to given query.static LDAPObjectupdateLDAPGroup(LDAPStorageProvider ldapProvider, LDAPObject ldapObject)static voidvalidateCustomLdapFilter(String customFilter)Validate configured customFilter matches the requested format
-
-
-
Method Detail
-
addUserToLDAP
public static LDAPObject addUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user)
Method to crate a user in the LDAP. The user will be created when all mandatory attributes specified by the mappers are set. The method onRegisterUserToLDAP is first called in each mapper to set any default or initial value.- Parameters:
ldapProvider- The ldap providerrealm- The realm of the useruser- The user model- Returns:
- The LDAPObject created or to be created when mandatory attributes are filled
-
addUserToLDAP
public static LDAPObject addUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user, Consumer<LDAPObject> consumerOnCreated)
Method that creates a user in the LDAP when all the attributes marked as mandatory by the mappers are set. The method onRegisterUserToLDAP is first called in each mapper to set any default or initial value. When the user is finally created the passed consumerOnCreated parameter is executed (can be null).- Parameters:
ldapProvider- The ldap providerrealm- The realm of the useruser- The user modelconsumerOnCreated- The consumer to execute when the user is created- Returns:
- The LDAPObject created or to be created when mandatory attributes are filled
-
createQueryForUserSearch
public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm)
-
computeAndSetDn
public static void computeAndSetDn(LDAPConfig config, LDAPObject ldapUser)
-
getUsername
public static String getUsername(LDAPObject ldapUser, LDAPConfig config)
-
checkUuid
public static void checkUuid(LDAPObject ldapUser, LDAPConfig config)
-
createLDAPGroup
public static LDAPObject createLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String,Set<String>> additionalAttributes, String membershipLdapAttribute)
-
updateLDAPGroup
public static LDAPObject updateLDAPGroup(LDAPStorageProvider ldapProvider, LDAPObject ldapObject)
-
addMember
public static void addMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)
Add ldapChild as member of ldapParent and save ldapParent to LDAP.- Parameters:
ldapProvider-membershipType- how is 'member' attribute saved (full DN or just uid)memberAttrName- usually 'member'memberChildAttrName- used just if membershipType is UID. Usually 'uid'ldapParent- role or groupldapChild- usually user (or child group or child role)
-
deleteMember
public static void deleteMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)
Remove ldapChild as member of ldapParent and save ldapParent to LDAP.- Parameters:
ldapProvider-membershipType- how is 'member' attribute saved (full DN or just uid)memberAttrName- usually 'member'memberChildAttrName- used just if membershipType is UID. Usually 'uid'ldapParent- role or groupldapChild- usually user (or child group or child role)
-
getExistingMemberships
public static Set<String> getExistingMemberships(LDAPStorageProvider ldapProvider, String memberAttrName, LDAPObject ldapRole)
Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroup- Parameters:
ldapProvider- The ldap providermemberAttrName- usually 'member'ldapRole-- Returns:
-
getMemberValueOfChildObject
public static String getMemberValueOfChildObject(LDAPObject ldapUser, MembershipType membershipType, String memberChildAttrName)
Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObject
-
loadAllLDAPObjects
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider)
Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000 maximum loaded objects in single query in MSAD- Parameters:
ldapQuery- LDAP query to be used. The caller should close it after calling this methodldapProvider-- Returns:
-
validateCustomLdapFilter
public static void validateCustomLdapFilter(String customFilter) throws ComponentValidationException
Validate configured customFilter matches the requested format- Parameters:
customFilter-- Throws:
ComponentValidationException
-
fillRangedAttribute
public static void fillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name)
Performs iterative searches over an LDAPObject to return an attribute that is ranged.- Parameters:
ldapProvider- The provider to useldapObject- The current object with the ranged attribute not completename- The attribute name
-
-