Class LDAPIdentityStore
- java.lang.Object
-
- org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore
-
- All Implemented Interfaces:
IdentityStore
public class LDAPIdentityStore extends Object implements IdentityStore
An IdentityStore implementation backed by an LDAP directory- Author:
- Shane Bryzak, Anil Saldhana, Pedro Silva
-
-
Constructor Summary
Constructors Constructor Description LDAPIdentityStore(KeycloakSession session, LDAPConfig config)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
add(LDAPObject ldapObject)
Persists the specified IdentityTypevoid
addMemberToGroup(String groupDn, String memberAttrName, String value)
Adds a member to a group.protected void
checkRename(LDAPObject ldapObject)
int
countQueryResults(LDAPQuery identityQuery)
protected StringBuilder
createIdentityTypeSearchFilter(LDAPQuery identityQuery)
protected BasicAttributes
extractAttributesForSaving(LDAPObject ldapObject, boolean isCreate)
List<LDAPObject>
fetchQueryResults(LDAPQuery identityQuery)
LDAPConfig
getConfig()
Returns the configuration for this IdentityStore instanceprotected String
getEntryIdentifier(LDAPObject ldapObject)
Set<LDAPCapabilityRepresentation>
queryServerCapabilities()
Query the LDAP server RootDSE and extract theLDAPCapabilityRepresentation
of all supported extensions, controls and features the server announces.void
remove(LDAPObject ldapObject)
Removes the specified IdentityTypevoid
removeMemberFromGroup(String groupDn, String memberAttrName, String value)
Removes a member from a group.void
update(LDAPObject ldapObject)
Updates the specified IdentityTypevoid
updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator)
Updates the specified credential value.void
validatePassword(LDAPObject user, String password)
Validates the specified credentials.
-
-
-
Constructor Detail
-
LDAPIdentityStore
public LDAPIdentityStore(KeycloakSession session, LDAPConfig config)
-
-
Method Detail
-
getConfig
public LDAPConfig getConfig()
Description copied from interface:IdentityStore
Returns the configuration for this IdentityStore instance- Specified by:
getConfig
in interfaceIdentityStore
- Returns:
-
add
public void add(LDAPObject ldapObject)
Description copied from interface:IdentityStore
Persists the specified IdentityType- Specified by:
add
in interfaceIdentityStore
-
addMemberToGroup
public void addMemberToGroup(String groupDn, String memberAttrName, String value)
Description copied from interface:IdentityStore
Adds a member to a group.- Specified by:
addMemberToGroup
in interfaceIdentityStore
- Parameters:
groupDn
- The DN of the group objectmemberAttrName
- The member attribute namevalue
- The value (it can be uid or dn depending the group type)
-
removeMemberFromGroup
public void removeMemberFromGroup(String groupDn, String memberAttrName, String value)
Description copied from interface:IdentityStore
Removes a member from a group.- Specified by:
removeMemberFromGroup
in interfaceIdentityStore
- Parameters:
groupDn
- The DN of the group objectmemberAttrName
- The member attribute namevalue
- The value (it can be uid or dn depending the group type)
-
update
public void update(LDAPObject ldapObject)
Description copied from interface:IdentityStore
Updates the specified IdentityType- Specified by:
update
in interfaceIdentityStore
-
checkRename
protected void checkRename(LDAPObject ldapObject)
-
remove
public void remove(LDAPObject ldapObject)
Description copied from interface:IdentityStore
Removes the specified IdentityType- Specified by:
remove
in interfaceIdentityStore
-
fetchQueryResults
public List<LDAPObject> fetchQueryResults(LDAPQuery identityQuery)
- Specified by:
fetchQueryResults
in interfaceIdentityStore
-
countQueryResults
public int countQueryResults(LDAPQuery identityQuery)
- Specified by:
countQueryResults
in interfaceIdentityStore
-
queryServerCapabilities
public Set<LDAPCapabilityRepresentation> queryServerCapabilities()
Description copied from interface:IdentityStore
Query the LDAP server RootDSE and extract theLDAPCapabilityRepresentation
of all supported extensions, controls and features the server announces. The LDAP Wiki provides a list of known capabilities. Will throw aModelException
on any LDAP error, or when the searchResult is empty.- Specified by:
queryServerCapabilities
in interfaceIdentityStore
- Returns:
- a set of LDAPOid, each representing a server capability (control, extension or feature).
-
validatePassword
public void validatePassword(LDAPObject user, String password) throws AuthenticationException
Description copied from interface:IdentityStore
Validates the specified credentials.- Specified by:
validatePassword
in interfaceIdentityStore
- Parameters:
user
- Keycloak userpassword
- Ldap password- Throws:
AuthenticationException
- if authentication is not successful
-
updatePassword
public void updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator)
Description copied from interface:IdentityStore
Updates the specified credential value.- Specified by:
updatePassword
in interfaceIdentityStore
- Parameters:
user
- Keycloak userpassword
- Ldap passwordpasswordUpdateDecorator
- Callback to be executed before/after password update. Can be null
-
createIdentityTypeSearchFilter
protected StringBuilder createIdentityTypeSearchFilter(LDAPQuery identityQuery)
-
extractAttributesForSaving
protected BasicAttributes extractAttributesForSaving(LDAPObject ldapObject, boolean isCreate)
-
getEntryIdentifier
protected String getEntryIdentifier(LDAPObject ldapObject)
-
-