Package org.keycloak.storage.ldap

Class LDAPUtils

  • public class LDAPUtils
extends Object
    Allow to directly call some operations against LDAPIdentityStore.
    Author:
    Marek Posolda

    • Constructor Detail

      • LDAPUtils

        public LDAPUtils()

    • Method Detail

      • addUserToLDAP

        public static LDAPObject addUserToLDAP​(LDAPStorageProvider ldapProvider,
                                       RealmModel realm,
                                       UserModel user)
        Parameters:
        ldapProvider -
        realm -
        user -
        Returns:
        newly created LDAPObject with all the attributes, uuid and DN properly set

      • addMember

        public static void addMember​(LDAPStorageProvider ldapProvider,
                             MembershipType membershipType,
                             String memberAttrName,
                             String memberChildAttrName,
                             LDAPObject ldapParent,
                             LDAPObject ldapChild)
        Add ldapChild as member of ldapParent and save ldapParent to LDAP.
        Parameters:
        ldapProvider -
        membershipType - how is 'member' attribute saved (full DN or just uid)
        memberAttrName - usually 'member'
        memberChildAttrName - used just if membershipType is UID. Usually 'uid'
        ldapParent - role or group
        ldapChild - usually user (or child group or child role)

      • deleteMember

        public static void deleteMember​(LDAPStorageProvider ldapProvider,
                                MembershipType membershipType,
                                String memberAttrName,
                                String memberChildAttrName,
                                LDAPObject ldapParent,
                                LDAPObject ldapChild)
        Remove ldapChild as member of ldapParent and save ldapParent to LDAP.
        Parameters:
        ldapProvider -
        membershipType - how is 'member' attribute saved (full DN or just uid)
        memberAttrName - usually 'member'
        memberChildAttrName - used just if membershipType is UID. Usually 'uid'
        ldapParent - role or group
        ldapChild - usually user (or child group or child role)

      • getExistingMemberships

        public static Set<String> getExistingMemberships​(LDAPStorageProvider ldapProvider,
                                                 String memberAttrName,
                                                 LDAPObject ldapRole)
        Return all existing memberships (values of attribute 'member' ) from the given ldapRole or ldapGroup
        Parameters:
        ldapProvider - The ldap provider
        memberAttrName - usually 'member'
        ldapRole -
        Returns:

      • getMemberValueOfChildObject

        public static String getMemberValueOfChildObject​(LDAPObject ldapUser,
                                                 MembershipType membershipType,
                                                 String memberChildAttrName)
        Get value to be used as attribute 'member' or 'memberUid' in some parent ldapObject

      • loadAllLDAPObjects

        public static List<LDAPObject> loadAllLDAPObjects​(LDAPQuery ldapQuery,
                                                  LDAPStorageProvider ldapProvider)
        Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000 maximum loaded objects in single query in MSAD
        Parameters:
        ldapQuery - LDAP query to be used. The caller should close it after calling this method
        ldapProvider -
        Returns:

      • fillRangedAttribute

        public static void fillRangedAttribute​(LDAPStorageProvider ldapProvider,
                                       LDAPObject ldapObject,
                                       String name)
        Performs iterative searches over an LDAPObject to return an attribute that is ranged.
        Parameters:
        ldapProvider - The provider to use
        ldapObject - The current object with the ranged attribute not complete
        name - The attribute name

      • getUserModelProperties

        public static Map<String,​Property<Object>> getUserModelProperties()
        Return a map of the user model properties from the getter methods Map key are the attributes names in lower case