Package org.keycloak.storage.ldap.idm.store

Interface IdentityStore

All Known Implementing Classes:
LDAPIdentityStore
public interface IdentityStore
IdentityStore representation providing minimal SPI TODO: Rather remove this abstraction
Author:
Boleslaw Dawidowicz, Shane Bryzak

  • Method Details

    • getConfig

      LDAPConfig getConfig()
      Returns the configuration for this IdentityStore instance
      Returns:

    • add

      void add(LDAPObject ldapObject)
      Persists the specified IdentityType
      Parameters:
      ldapObject -

    • update

      void update(LDAPObject ldapObject)
      Updates the specified IdentityType
      Parameters:
      ldapObject -

    • remove

      void remove(LDAPObject ldapObject)
      Removes the specified IdentityType
      Parameters:
      ldapObject -

    • addMemberToGroup

      void addMemberToGroup(LdapName groupDn, String memberAttrName, String value)
      Adds a member to a group.
      Parameters:
      groupDn - The DN of the group object
      memberAttrName - The member attribute name
      value - The value (it can be uid or dn depending the group type)

    • removeMemberFromGroup

      void removeMemberFromGroup(LdapName groupDn, String memberAttrName, String value)
      Removes a member from a group.
      Parameters:
      groupDn - The DN of the group object
      memberAttrName - The member attribute name
      value - The value (it can be uid or dn depending the group type)

    • fetchQueryResults

      List<LDAPObject> fetchQueryResults(LDAPQuery LDAPQuery)

    • countQueryResults

      int countQueryResults(LDAPQuery LDAPQuery)

    • queryServerCapabilities

      Set<LDAPCapabilityRepresentation> queryServerCapabilities()
      Query the LDAP server RootDSE and extract the LDAPCapabilityRepresentation of all supported extensions, controls and features the server announces. The LDAP Wiki provides a list of known capabilities. Will throw a ModelException on any LDAP error, or when the searchResult is empty.
      Returns:
      a set of LDAPOid, each representing a server capability (control, extension or feature).

    • validatePassword

      void validatePassword(LDAPObject user, String password) throws AuthenticationException
      Validates the specified credentials.
      Parameters:
      user - Keycloak user
      password - Ldap password
      Throws:
      AuthenticationException - if authentication is not successful

    • updatePassword

      void updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator)
      Updates the specified credential value.
      Parameters:
      user - Keycloak user
      password - Ldap password
      passwordUpdateDecorator - Callback to be executed before/after password update. Can be null