Package org.keycloak.storage.ldap

Class LDAPUtils

java.lang.Object
org.keycloak.storage.ldap.LDAPUtils
public class LDAPUtils extends Object
Allow to directly call some operations against LDAPIdentityStore.
Author:
Marek Posolda

  • Constructor Details

    • LDAPUtils

      public LDAPUtils()

  • Method Details

    • addUserToLDAP

      public static LDAPObject addUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user)
      Method to create a user in the LDAP. The user will be created when all mandatory attributes specified by the mappers are set. The method onRegisterUserToLDAP is first called in each mapper to set any default or initial value.
      Parameters:
      ldapProvider - The ldap provider
      realm - The realm of the user
      user - The user model
      Returns:
      The LDAPObject created or to be created when mandatory attributes are filled

    • addUserToLDAP

      public static LDAPObject addUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user, Consumer<LDAPObject> consumerOnCreated)
      Method that creates a user in the LDAP when all the attributes marked as mandatory by the mappers are set. The method onRegisterUserToLDAP is first called in each mapper to set any default or initial value. When the user is finally created the passed consumerOnCreated parameter is executed (can be null).
      Parameters:
      ldapProvider - The ldap provider
      realm - The realm of the user
      user - The user model
      consumerOnCreated - The consumer to execute when the user is created
      Returns:
      The LDAPObject created or to be created when mandatory attributes are filled

    • createQueryForUserSearch

      public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm)

    • computeAndSetDn

      public static void computeAndSetDn(LDAPConfig config, LDAPObject ldapUser)

    • getUsername

      public static String getUsername(LDAPObject ldapUser, LDAPConfig config)

    • checkUuid

      public static void checkUuid(LDAPObject ldapUser, LDAPConfig config)

    • createLDAPGroup

      public static LDAPObject createLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String,Set<String>> additionalAttributes, String membershipLdapAttribute)

    • updateLDAPGroup

      public static LDAPObject updateLDAPGroup(LDAPStorageProvider ldapProvider, LDAPObject ldapObject)

    • addMember

      public static void addMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)
      Add ldapChild as member of ldapParent and save ldapParent to LDAP.
      Parameters:
      ldapProvider -
      membershipType - how is 'member' attribute saved (full DN or just uid)
      memberAttrName - usually 'member'
      memberChildAttrName - used just if membershipType is UID. Usually 'uid'
      ldapParent - role or group
      ldapChild - usually user (or child group or child role)

    • deleteMember

      public static void deleteMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild)
      Remove ldapChild as member of ldapParent and save ldapParent to LDAP.
      Parameters:
      ldapProvider -
      membershipType - how is 'member' attribute saved (full DN or just uid)
      memberAttrName - usually 'member'
      memberChildAttrName - used just if membershipType is UID. Usually 'uid'
      ldapParent - role or group
      ldapChild - usually user (or child group or child role)

    • getExistingMemberships

      public static Set<String> getExistingMemberships(LDAPStorageProvider ldapProvider, String memberAttrName, LDAPObject ldapRole)
      Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroup
      Parameters:
      ldapProvider - The ldap provider
      memberAttrName - usually 'member'
      ldapRole -
      Returns:

    • getMemberValueOfChildObject

      public static String getMemberValueOfChildObject(LDAPObject ldapUser, MembershipType membershipType, String memberChildAttrName)
      Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObject

    • loadAllLDAPObjects

      public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider)
      Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000 maximum loaded objects in single query in MSAD
      Parameters:
      ldapQuery - LDAP query to be used. The caller should close it after calling this method
      ldapProvider -
      Returns:

    • loadAllLDAPObjects

      public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPConfig ldapConfig)
      Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000 maximum loaded objects in single query in MSAD
      Parameters:
      ldapQuery - LDAP query to be used. The caller should close it after calling this method
      ldapConfig -
      Returns:

    • validateCustomLdapFilter

      public static void validateCustomLdapFilter(String customFilter) throws ComponentValidationException
      Validate configured customFilter matches the requested format
      Parameters:
      customFilter -
      Throws:
      ComponentValidationException

    • fillRangedAttribute

      public static void fillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name)
      Performs iterative searches over an LDAPObject to return an attribute that is ranged.
      Parameters:
      ldapProvider - The provider to use
      ldapObject - The current object with the ranged attribute not complete
      name - The attribute name

    • getUserModelProperties

      public static Map<String,Property<Object>> getUserModelProperties()
      Return a map of the user model properties from the getter methods Map key are the attributes names in lower case

    • getDefaultKerberosUserPrincipalAttribute

      public static String getDefaultKerberosUserPrincipalAttribute(String vendor)