org.keycloak.storage.ldap

Class LDAPUtils

java.lang.Object

org.keycloak.storage.ldap.LDAPUtils

public class LDAPUtils
extends Object

Allow to directly call some operations against LDAPIdentityStore.

Author:

Marek Posolda

Constructor Summary

Constructors

Constructor and Description
LDAPUtils()

Method Summary

Modifier and Type	Method and Description
static void	addMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild) Add ldapChild as member of ldapParent and save ldapParent to LDAP.
static LDAPObject	addUserToLDAP(LDAPStorageProvider ldapProvider, RealmModel realm, UserModel user)
static void	checkUuid(LDAPObject ldapUser, LDAPConfig config)
static void	computeAndSetDn(LDAPConfig config, LDAPObject ldapUser)
static LDAPObject	createLDAPGroup(LDAPStorageProvider ldapProvider, String groupName, String groupNameAttribute, Collection<String> objectClasses, String parentDn, Map<String,Set<String>> additionalAttributes, String membershipLdapAttribute)
static LDAPQuery	createQueryForUserSearch(LDAPStorageProvider ldapProvider, RealmModel realm)
static void	deleteMember(LDAPStorageProvider ldapProvider, MembershipType membershipType, String memberAttrName, String memberChildAttrName, LDAPObject ldapParent, LDAPObject ldapChild) Remove ldapChild as member of ldapParent and save ldapParent to LDAP.
static void	fillRangedAttribute(LDAPStorageProvider ldapProvider, LDAPObject ldapObject, String name) Performs iterative searches over an LDAPObject to return an attribute that is ranged.
static Set<String>	getExistingMemberships(LDAPStorageProvider ldapProvider, String memberAttrName, LDAPObject ldapRole) Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroup
static String	getMemberValueOfChildObject(LDAPObject ldapUser, MembershipType membershipType, String memberChildAttrName) Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObject
static Map<String,Property<Object>>	getUserModelProperties() Return a map of the user model properties from the getter methods Map key are the attributes names in lower case
static String	getUsername(LDAPObject ldapUser, LDAPConfig config)
static List<LDAPObject>	loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider) Load all LDAP objects corresponding to given query.
static LDAPObject	updateLDAPGroup(LDAPStorageProvider ldapProvider, LDAPObject ldapObject)
static void	validateCustomLdapFilter(String customFilter) Validate configured customFilter matches the requested format

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LDAPUtils

public LDAPUtils()

Method Detail

addUserToLDAP

public static LDAPObject addUserToLDAP(LDAPStorageProvider ldapProvider,
                                       RealmModel realm,
                                       UserModel user)

Parameters:

ldapProvider -

realm -

user -

Returns:

newly created LDAPObject with all the attributes, uuid and DN properly set

createQueryForUserSearch

public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider ldapProvider,
                                                 RealmModel realm)

computeAndSetDn

public static void computeAndSetDn(LDAPConfig config,
                                   LDAPObject ldapUser)

getUsername

public static String getUsername(LDAPObject ldapUser,
                                 LDAPConfig config)

checkUuid

public static void checkUuid(LDAPObject ldapUser,
                             LDAPConfig config)

createLDAPGroup

public static LDAPObject createLDAPGroup(LDAPStorageProvider ldapProvider,
                                         String groupName,
                                         String groupNameAttribute,
                                         Collection<String> objectClasses,
                                         String parentDn,
                                         Map<String,Set<String>> additionalAttributes,
                                         String membershipLdapAttribute)

updateLDAPGroup

public static LDAPObject updateLDAPGroup(LDAPStorageProvider ldapProvider,
                                         LDAPObject ldapObject)

addMember

public static void addMember(LDAPStorageProvider ldapProvider,
                             MembershipType membershipType,
                             String memberAttrName,
                             String memberChildAttrName,
                             LDAPObject ldapParent,
                             LDAPObject ldapChild)

Add ldapChild as member of ldapParent and save ldapParent to LDAP.

Parameters:

ldapProvider -

membershipType - how is 'member' attribute saved (full DN or just uid)

memberAttrName - usually 'member'

memberChildAttrName - used just if membershipType is UID. Usually 'uid'

ldapParent - role or group

ldapChild - usually user (or child group or child role)

deleteMember

public static void deleteMember(LDAPStorageProvider ldapProvider,
                                MembershipType membershipType,
                                String memberAttrName,
                                String memberChildAttrName,
                                LDAPObject ldapParent,
                                LDAPObject ldapChild)

Remove ldapChild as member of ldapParent and save ldapParent to LDAP.

Parameters:

ldapProvider -

membershipType - how is 'member' attribute saved (full DN or just uid)

memberAttrName - usually 'member'

memberChildAttrName - used just if membershipType is UID. Usually 'uid'

ldapParent - role or group

ldapChild - usually user (or child group or child role)

getExistingMemberships

public static Set<String> getExistingMemberships(LDAPStorageProvider ldapProvider,
                                                 String memberAttrName,
                                                 LDAPObject ldapRole)

Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroup

Parameters:

ldapProvider - The ldap provider

memberAttrName - usually 'member'

ldapRole -

Returns:

getMemberValueOfChildObject

public static String getMemberValueOfChildObject(LDAPObject ldapUser,
                                                 MembershipType membershipType,
                                                 String memberChildAttrName)

Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObject

loadAllLDAPObjects

public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery,
                                                  LDAPStorageProvider ldapProvider)

Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000 maximum loaded objects in single query in MSAD

Parameters:

ldapQuery - LDAP query to be used. The caller should close it after calling this method

ldapProvider -

Returns:

validateCustomLdapFilter

public static void validateCustomLdapFilter(String customFilter)
                                     throws ComponentValidationException

Validate configured customFilter matches the requested format

Parameters:

customFilter -

Throws:

ComponentValidationException

fillRangedAttribute

public static void fillRangedAttribute(LDAPStorageProvider ldapProvider,
                                       LDAPObject ldapObject,
                                       String name)

Performs iterative searches over an LDAPObject to return an attribute that is ranged.

Parameters:

ldapProvider - The provider to use

ldapObject - The current object with the ranged attribute not complete

name - The attribute name

getUserModelProperties

public static Map<String,Property<Object>> getUserModelProperties()

Return a map of the user model properties from the getter methods Map key are the attributes names in lower case