org.keycloak.storage.ldap.mappers.membership.group

Class GroupLDAPStorageMapper

java.lang.Object

org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper

All Implemented Interfaces:

Provider, LDAPStorageMapper, CommonLDAPGroupMapper

public class GroupLDAPStorageMapper
extends AbstractLDAPStorageMapper
implements CommonLDAPGroupMapper

Author:

Marek Posolda

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate

Field Summary

Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

ldapProvider, mapperModel, session

Constructor Summary

Constructors

Constructor and Description
GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory)

Method Summary

Modifier and Type	Method and Description
void	addGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser)
void	beforeLDAPQuery(LDAPQuery query) Called before LDAP Identity query for retrieve LDAP users was executed.
LDAPQuery	createGroupQuery(boolean includeMemberAttribute)
protected GroupModel	createKcGroup(RealmModel realm, String ldapGroupName, GroupModel parentGroup) Creates a new KC group from given LDAP group name in given KC parent group or the groups path.
LDAPObject	createLDAPGroup(String groupName, Map<String,Set<String>> additionalAttributes)
LDAPQuery	createLDAPGroupQuery()
void	deleteGroupMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapGroup)
protected GroupModel	findKcGroupByLDAPGroup(RealmModel realm, LDAPObject ldapGroup)
protected GroupModel	findKcGroupOrSyncFromLDAP(RealmModel realm, LDAPObject ldapGroup, UserModel user)
protected List<GroupModel>	getAllKcGroups(RealmModel realm) Provides a list of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.
protected List<LDAPObject>	getAllLDAPGroups(boolean includeMemberAttribute)
CommonLDAPGroupMapperConfig	getConfig()
List<UserModel>	getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) Return empty list if doesn't support storing of groups
protected String	getKcGroupPathFromLDAPGroupName(String ldapGroupName) Translates given LDAP group name into a KC group within the groups path.
protected GroupModel	getKcGroupsPathGroup(RealmModel realm) Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.
protected Collection<GroupModel>	getKcSubGroups(RealmModel realm, GroupModel parentGroup) Provides a list of all KC sub groups from given parent group or from groups path.
protected List<LDAPObject>	getLDAPGroupMappings(LDAPObject ldapUser)
protected Set<LDAPDn>	getLDAPSubgroups(LDAPObject ldapGroup)
protected String	getMembershipUserLdapAttribute()
LDAPObject	loadLDAPGroupByName(String groupName)
void	onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Called when importing user from LDAP to local keycloak DB.
void	onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) Called when register new user to LDAP - just after user was created in Keycloak DB
UserModel	proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) Called when invoke proxy on LDAP federation provider
SynchronizationResult	syncDataFromFederationProviderToKeycloak(RealmModel realm) Sync data from federated storage to Keycloak.
SynchronizationResult	syncDataFromKeycloakToFederationProvider(RealmModel realm) Sync data from Keycloak back to federated storage
LDAPObject	updateLDAPGroup(LDAPObject ldapObject)

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

close, getLdapProvider, onAuthenticationFailure, parseBooleanParameter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GroupLDAPStorageMapper

public GroupLDAPStorageMapper(ComponentModel mapperModel,
                              LDAPStorageProvider ldapProvider,
                              GroupLDAPStorageMapperFactory factory)

Method Detail

createLDAPGroupQuery

public LDAPQuery createLDAPGroupQuery()

Specified by:

createLDAPGroupQuery in interface CommonLDAPGroupMapper

getConfig

public CommonLDAPGroupMapperConfig getConfig()

Specified by:

getConfig in interface CommonLDAPGroupMapper

createGroupQuery

public LDAPQuery createGroupQuery(boolean includeMemberAttribute)

createLDAPGroup

public LDAPObject createLDAPGroup(String groupName,
                                  Map<String,Set<String>> additionalAttributes)

loadLDAPGroupByName

public LDAPObject loadLDAPGroupByName(String groupName)

updateLDAPGroup

public LDAPObject updateLDAPGroup(LDAPObject ldapObject)

getLDAPSubgroups

protected Set<LDAPDn> getLDAPSubgroups(LDAPObject ldapGroup)

syncDataFromFederationProviderToKeycloak

public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported

Specified by:

syncDataFromFederationProviderToKeycloak in interface LDAPStorageMapper

Overrides:

syncDataFromFederationProviderToKeycloak in class AbstractLDAPStorageMapper

findKcGroupByLDAPGroup

protected GroupModel findKcGroupByLDAPGroup(RealmModel realm,
                                            LDAPObject ldapGroup)

findKcGroupOrSyncFromLDAP

protected GroupModel findKcGroupOrSyncFromLDAP(RealmModel realm,
                                               LDAPObject ldapGroup,
                                               UserModel user)

getAllLDAPGroups

protected List<LDAPObject> getAllLDAPGroups(boolean includeMemberAttribute)

syncDataFromKeycloakToFederationProvider

public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from Keycloak back to federated storage

Specified by:

syncDataFromKeycloakToFederationProvider in interface LDAPStorageMapper

Overrides:

syncDataFromKeycloakToFederationProvider in class AbstractLDAPStorageMapper

getGroupMembers

public List<UserModel> getGroupMembers(RealmModel realm,
                                       GroupModel kcGroup,
                                       int firstResult,
                                       int maxResults)

Description copied from interface: LDAPStorageMapper

Return empty list if doesn't support storing of groups

Specified by:

getGroupMembers in interface LDAPStorageMapper

Overrides:

getGroupMembers in class AbstractLDAPStorageMapper

addGroupMappingInLDAP

public void addGroupMappingInLDAP(RealmModel realm,
                                  GroupModel kcGroup,
                                  LDAPObject ldapUser)

deleteGroupMappingInLDAP

public void deleteGroupMappingInLDAP(LDAPObject ldapUser,
                                     LDAPObject ldapGroup)

getLDAPGroupMappings

protected List<LDAPObject> getLDAPGroupMappings(LDAPObject ldapUser)

beforeLDAPQuery

public void beforeLDAPQuery(LDAPQuery query)

Description copied from interface: LDAPStorageMapper

Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)

Specified by:

beforeLDAPQuery in interface LDAPStorageMapper

proxy

public UserModel proxy(LDAPObject ldapUser,
                       UserModel delegate,
                       RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when invoke proxy on LDAP federation provider

Specified by:

proxy in interface LDAPStorageMapper

Returns:

onRegisterUserToLDAP

public void onRegisterUserToLDAP(LDAPObject ldapUser,
                                 UserModel localUser,
                                 RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when register new user to LDAP - just after user was created in Keycloak DB

Specified by:

onRegisterUserToLDAP in interface LDAPStorageMapper

onImportUserFromLDAP

public void onImportUserFromLDAP(LDAPObject ldapUser,
                                 UserModel user,
                                 RealmModel realm,
                                 boolean isCreate)

Description copied from interface: LDAPStorageMapper

Called when importing user from LDAP to local keycloak DB.

Specified by:

onImportUserFromLDAP in interface LDAPStorageMapper

isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

getMembershipUserLdapAttribute

protected String getMembershipUserLdapAttribute()

getKcGroupPathFromLDAPGroupName

protected String getKcGroupPathFromLDAPGroupName(String ldapGroupName)

Translates given LDAP group name into a KC group within the groups path.

getKcGroupsPathGroup

protected GroupModel getKcGroupsPathGroup(RealmModel realm)

Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.

createKcGroup

protected GroupModel createKcGroup(RealmModel realm,
                                   String ldapGroupName,
                                   GroupModel parentGroup)

Creates a new KC group from given LDAP group name in given KC parent group or the groups path.

getKcSubGroups

protected Collection<GroupModel> getKcSubGroups(RealmModel realm,
                                                GroupModel parentGroup)

Provides a list of all KC sub groups from given parent group or from groups path.

getAllKcGroups

protected List<GroupModel> getAllKcGroups(RealmModel realm)

Provides a list of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.