org.keycloak.storage.ldap.idm.store

Interface IdentityStore

All Known Implementing Classes:

LDAPIdentityStore

public interface IdentityStore

IdentityStore representation providing minimal SPI TODO: Rather remove this abstraction

Author:

Boleslaw Dawidowicz, Shane Bryzak

Method Summary

Modifier and Type	Method and Description
void	add(LDAPObject ldapObject) Persists the specified IdentityType
void	addMemberToGroup(String groupDn, String memberAttrName, String value) Adds a member to a group.
int	countQueryResults(LDAPQuery LDAPQuery)
List<LDAPObject>	fetchQueryResults(LDAPQuery LDAPQuery)
LDAPConfig	getConfig() Returns the configuration for this IdentityStore instance
Set<LDAPCapabilityRepresentation>	queryServerCapabilities() Query the LDAP server RootDSE and extract the LDAPCapabilityRepresentation of all supported extensions, controls and features the server announces.
void	remove(LDAPObject ldapObject) Removes the specified IdentityType
void	removeMemberFromGroup(String groupDn, String memberAttrName, String value) Removes a member from a group.
void	update(LDAPObject ldapObject) Updates the specified IdentityType
void	updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator) Updates the specified credential value.
void	validatePassword(LDAPObject user, String password) Validates the specified credentials.

Method Detail

getConfig

LDAPConfig getConfig()

Returns the configuration for this IdentityStore instance

Returns:

add

void add(LDAPObject ldapObject)

Persists the specified IdentityType

Parameters:

ldapObject -

update

void update(LDAPObject ldapObject)

Updates the specified IdentityType

Parameters:

ldapObject -

remove

void remove(LDAPObject ldapObject)

Removes the specified IdentityType

Parameters:

ldapObject -

addMemberToGroup

void addMemberToGroup(String groupDn,
                      String memberAttrName,
                      String value)

Adds a member to a group.

Parameters:

groupDn - The DN of the group object

memberAttrName - The member attribute name

value - The value (it can be uid or dn depending the group type)

removeMemberFromGroup

void removeMemberFromGroup(String groupDn,
                           String memberAttrName,
                           String value)

Removes a member from a group.

Parameters:

groupDn - The DN of the group object

memberAttrName - The member attribute name

value - The value (it can be uid or dn depending the group type)

fetchQueryResults

List<LDAPObject> fetchQueryResults(LDAPQuery LDAPQuery)

countQueryResults

int countQueryResults(LDAPQuery LDAPQuery)

queryServerCapabilities

Set<LDAPCapabilityRepresentation> queryServerCapabilities()

Query the LDAP server RootDSE and extract the LDAPCapabilityRepresentation of all supported extensions, controls and features the server announces. The LDAP Wiki provides a list of known capabilities. Will throw a ModelException on any LDAP error, or when the searchResult is empty.

Returns:

a set of LDAPOid, each representing a server capability (control, extension or feature).

validatePassword

void validatePassword(LDAPObject user,
                      String password)
               throws AuthenticationException

Validates the specified credentials.

Parameters:

user - Keycloak user

password - Ldap password

Throws:

AuthenticationException - if authentication is not successful

updatePassword

void updatePassword(LDAPObject user,
                    String password,
                    LDAPOperationDecorator passwordUpdateDecorator)

Updates the specified credential value.

Parameters:

user - Keycloak user

password - Ldap password

passwordUpdateDecorator - Callback to be executed before/after password update. Can be null