MSADLDSUserAccountControlStorageMapper (Keycloak Docs Distribution 14.0.0 API)

java.lang.Object
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
- - org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper

All Implemented Interfaces:

Provider, LDAPStorageMapper, PasswordUpdateCallback
```
public class MSADLDSUserAccountControlStorageMapper
extends AbstractLDAPStorageMapper
implements PasswordUpdateCallback
```
Mapper specific to MSAD LDS. It's able to read the msDS-UserAccountDisabled, msDS-UserPasswordExpired and pwdLastSet attributes and set actions in Keycloak based on that. It's also able to handle exception code from LDAP user authentication (See http://www-01.ibm.com/support/docview.wss?uid=swg21290631 )

Author:

Marek Posolda, Slawomir Dabek

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

class MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate

Nested Classes
Modifier and Type	Class and Description
`class`	`MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate`

Field Summary
- Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
  ldapProvider, mapperModel, session

Constructor Summary

Constructors
Constructor and Description

MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)

Constructors
Constructor and Description
`MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`beforeLDAPQuery(LDAPQuery query)` Called before LDAP Identity query for retrieve LDAP users was executed.
`LDAPOperationDecorator`	`beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)`
`boolean`	`onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)` Called when LDAP authentication of specified user fails.
`void`	`onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)` Called when importing user from LDAP to local keycloak DB.
`void`	`onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)` Called when register new user to LDAP - just after user was created in Keycloak DB
`void`	`passwordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)`
`void`	`passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)`
`protected boolean`	`processAuthErrorCode(String errorCode, UserModel user)`
`protected ModelException`	`processFailedPasswordUpdateException(ModelException e)`
`UserModel`	`proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)` Called when invoke proxy on LDAP federation provider

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, getRoleMembers, parseBooleanParameter, syncDataFromFederationProviderToKeycloak, syncDataFromKeycloakToFederationProvider

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MSADLDSUserAccountControlStorageMapper

public MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel,
                                              LDAPStorageProvider ldapProvider)

Method Detail

beforeLDAPQuery
```
public void beforeLDAPQuery(LDAPQuery query)
```
Description copied from interface: LDAPStorageMapper

Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)

Specified by:

beforeLDAPQuery in interface LDAPStorageMapper

beforePasswordUpdate

public LDAPOperationDecorator beforePasswordUpdate(UserModel user,
                                                   LDAPObject ldapUser,
                                                   UserCredentialModel password)

Specified by:: beforePasswordUpdate in interface PasswordUpdateCallback

passwordUpdated

public void passwordUpdated(UserModel user,
                            LDAPObject ldapUser,
                            UserCredentialModel password)

Specified by:: passwordUpdated in interface PasswordUpdateCallback

passwordUpdateFailed

public void passwordUpdateFailed(UserModel user,
                                 LDAPObject ldapUser,
                                 UserCredentialModel password,
                                 ModelException exception)

Specified by:: passwordUpdateFailed in interface PasswordUpdateCallback

proxy

public UserModel proxy(LDAPObject ldapUser,
                       UserModel delegate,
                       RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when invoke proxy on LDAP federation provider

Specified by:: proxy in interface LDAPStorageMapper
Returns:

onRegisterUserToLDAP

public void onRegisterUserToLDAP(LDAPObject ldapUser,
                                 UserModel localUser,
                                 RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when register new user to LDAP - just after user was created in Keycloak DB

Specified by:: onRegisterUserToLDAP in interface LDAPStorageMapper

onImportUserFromLDAP
```
public void onImportUserFromLDAP(LDAPObject ldapUser,
                                 UserModel user,
                                 RealmModel realm,
                                 boolean isCreate)
```
Description copied from interface: LDAPStorageMapper

Called when importing user from LDAP to local keycloak DB.

Specified by:

onImportUserFromLDAP in interface LDAPStorageMapper

isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

onAuthenticationFailure
```
public boolean onAuthenticationFailure(LDAPObject ldapUser,
                                       UserModel user,
                                       AuthenticationException ldapException,
                                       RealmModel realm)
```
Description copied from interface: LDAPStorageMapper

Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!

Specified by:

onAuthenticationFailure in interface LDAPStorageMapper

Overrides:

onAuthenticationFailure in class AbstractLDAPStorageMapper

Returns:

true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!

processAuthErrorCode

protected boolean processAuthErrorCode(String errorCode,
                                       UserModel user)

processFailedPasswordUpdateException

protected ModelException processFailedPasswordUpdateException(ModelException e)

Class MSADLDSUserAccountControlStorageMapper

Nested Class Summary

Field Summary

Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

Methods inherited from class java.lang.Object