Class GroupLDAPStorageMapper
- java.lang.Object
-
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
-
- org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper
-
- All Implemented Interfaces:
Provider,LDAPStorageMapper,CommonLDAPGroupMapper
public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements CommonLDAPGroupMapper
- Author:
- Marek Posolda
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classGroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate
-
Field Summary
-
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session
-
-
Constructor Summary
Constructors Constructor Description GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser)voidbeforeLDAPQuery(LDAPQuery query)Called before LDAP Identity query for retrieve LDAP users was executed.LDAPQuerycreateGroupQuery(boolean includeMemberAttribute)protected GroupModelcreateKcGroup(RealmModel realm, String ldapGroupName, GroupModel parentGroup)Creates a new KC group from given LDAP group name in given KC parent group or the groups path.LDAPObjectcreateLDAPGroup(String groupName, Map<String,Set<String>> additionalAttributes)LDAPQuerycreateLDAPGroupQuery()voiddeleteGroupMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapGroup)protected GroupModelfindKcGroupByLDAPGroup(RealmModel realm, LDAPObject ldapGroup)protected GroupModelfindKcGroupOrSyncFromLDAP(RealmModel realm, LDAPObject ldapGroup, UserModel user)protected Stream<GroupModel>getAllKcGroups(RealmModel realm)Provides a stream of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.protected List<LDAPObject>getAllLDAPGroups(boolean includeMemberAttribute)CommonLDAPGroupMapperConfiggetConfig()List<UserModel>getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults)Return empty list if doesn't support storing of groupsprotected StringgetKcGroupPathFromLDAPGroupName(String ldapGroupName)Translates given LDAP group name into a KC group within the groups path.protected GroupModelgetKcGroupsPathGroup(RealmModel realm)Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.protected Stream<GroupModel>getKcSubGroups(RealmModel realm, GroupModel parentGroup)Provides a list of all KC sub groups from given parent group or from groups path.protected List<LDAPObject>getLDAPGroupMappings(LDAPObject ldapUser)protected Set<LDAPDn>getLDAPSubgroups(LDAPObject ldapGroup)protected StringgetMembershipUserLdapAttribute()LDAPObjectloadLDAPGroupByName(String groupName)voidonImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)Called when importing user from LDAP to local keycloak DB.voidonRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)Called when register new user to LDAP - just after user was created in Keycloak DBUserModelproxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)Called when invoke proxy on LDAP federation providerSynchronizationResultsyncDataFromFederationProviderToKeycloak(RealmModel realm)Sync data from federated storage to Keycloak.SynchronizationResultsyncDataFromKeycloakToFederationProvider(RealmModel realm)Sync data from Keycloak back to federated storageLDAPObjectupdateLDAPGroup(LDAPObject ldapObject)-
Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getLdapProvider, getRoleMembers, mandatoryAttributeNames, onAuthenticationFailure, parseBooleanParameter
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper
getLdapProvider, getRoleMembers, mandatoryAttributeNames, onAuthenticationFailure
-
-
-
-
Constructor Detail
-
GroupLDAPStorageMapper
public GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory)
-
-
Method Detail
-
createLDAPGroupQuery
public LDAPQuery createLDAPGroupQuery()
- Specified by:
createLDAPGroupQueryin interfaceCommonLDAPGroupMapper
-
getConfig
public CommonLDAPGroupMapperConfig getConfig()
- Specified by:
getConfigin interfaceCommonLDAPGroupMapper
-
createGroupQuery
public LDAPQuery createGroupQuery(boolean includeMemberAttribute)
-
createLDAPGroup
public LDAPObject createLDAPGroup(String groupName, Map<String,Set<String>> additionalAttributes)
-
loadLDAPGroupByName
public LDAPObject loadLDAPGroupByName(String groupName)
-
updateLDAPGroup
public LDAPObject updateLDAPGroup(LDAPObject ldapObject)
-
getLDAPSubgroups
protected Set<LDAPDn> getLDAPSubgroups(LDAPObject ldapGroup)
-
syncDataFromFederationProviderToKeycloak
public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)
Description copied from interface:LDAPStorageMapperSync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported- Specified by:
syncDataFromFederationProviderToKeycloakin interfaceLDAPStorageMapper- Overrides:
syncDataFromFederationProviderToKeycloakin classAbstractLDAPStorageMapper
-
findKcGroupByLDAPGroup
protected GroupModel findKcGroupByLDAPGroup(RealmModel realm, LDAPObject ldapGroup)
-
findKcGroupOrSyncFromLDAP
protected GroupModel findKcGroupOrSyncFromLDAP(RealmModel realm, LDAPObject ldapGroup, UserModel user)
-
getAllLDAPGroups
protected List<LDAPObject> getAllLDAPGroups(boolean includeMemberAttribute)
-
syncDataFromKeycloakToFederationProvider
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)
Description copied from interface:LDAPStorageMapperSync data from Keycloak back to federated storage- Specified by:
syncDataFromKeycloakToFederationProviderin interfaceLDAPStorageMapper- Overrides:
syncDataFromKeycloakToFederationProviderin classAbstractLDAPStorageMapper
-
getGroupMembers
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults)
Description copied from interface:LDAPStorageMapperReturn empty list if doesn't support storing of groups- Specified by:
getGroupMembersin interfaceLDAPStorageMapper- Overrides:
getGroupMembersin classAbstractLDAPStorageMapper
-
addGroupMappingInLDAP
public void addGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser)
-
deleteGroupMappingInLDAP
public void deleteGroupMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapGroup)
-
getLDAPGroupMappings
protected List<LDAPObject> getLDAPGroupMappings(LDAPObject ldapUser)
-
beforeLDAPQuery
public void beforeLDAPQuery(LDAPQuery query)
Description copied from interface:LDAPStorageMapperCalled before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQueryin interfaceLDAPStorageMapper
-
proxy
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Description copied from interface:LDAPStorageMapperCalled when invoke proxy on LDAP federation provider- Specified by:
proxyin interfaceLDAPStorageMapper- Returns:
-
onRegisterUserToLDAP
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Description copied from interface:LDAPStorageMapperCalled when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAPin interfaceLDAPStorageMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Description copied from interface:LDAPStorageMapperCalled when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAPin interfaceLDAPStorageMapperisCreate- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
getMembershipUserLdapAttribute
protected String getMembershipUserLdapAttribute()
-
getKcGroupPathFromLDAPGroupName
protected String getKcGroupPathFromLDAPGroupName(String ldapGroupName)
Translates given LDAP group name into a KC group within the groups path.
-
getKcGroupsPathGroup
protected GroupModel getKcGroupsPathGroup(RealmModel realm)
Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.
-
createKcGroup
protected GroupModel createKcGroup(RealmModel realm, String ldapGroupName, GroupModel parentGroup)
Creates a new KC group from given LDAP group name in given KC parent group or the groups path.
-
getKcSubGroups
protected Stream<GroupModel> getKcSubGroups(RealmModel realm, GroupModel parentGroup)
Provides a list of all KC sub groups from given parent group or from groups path.
-
getAllKcGroups
protected Stream<GroupModel> getAllKcGroups(RealmModel realm)
Provides a stream of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.
-
-