Class LDAPIdentityStore
java.lang.Object
org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore
- All Implemented Interfaces:
IdentityStore
An IdentityStore implementation backed by an LDAP directory
- Author:
- Shane Bryzak, Anil Saldhana, Pedro Silva
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
add
(LDAPObject ldapObject) Persists the specified IdentityTypevoid
addMemberToGroup
(LdapName groupDn, String memberAttrName, String value) Adds a member to a group.protected void
checkRename
(LDAPObject ldapObject) int
countQueryResults
(LDAPQuery identityQuery) protected Condition
createIdentityTypeSearchFilter
(LDAPQuery identityQuery) protected BasicAttributes
extractAttributesForSaving
(LDAPObject ldapObject, boolean isCreate) fetchQueryResults
(LDAPQuery identityQuery) Returns the configuration for this IdentityStore instanceprotected String
getEntryIdentifier
(LDAPObject ldapObject) Query the LDAP server RootDSE and extract theLDAPCapabilityRepresentation
of all supported extensions, controls and features the server announces.void
remove
(LDAPObject ldapObject) Removes the specified IdentityTypevoid
removeMemberFromGroup
(LdapName groupDn, String memberAttrName, String value) Removes a member from a group.void
update
(LDAPObject ldapObject) Updates the specified IdentityTypevoid
updatePassword
(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator) Updates the specified credential value.void
validatePassword
(LDAPObject user, String password) Validates the specified credentials.
-
Constructor Details
-
LDAPIdentityStore
-
-
Method Details
-
getConfig
Description copied from interface:IdentityStore
Returns the configuration for this IdentityStore instance- Specified by:
getConfig
in interfaceIdentityStore
- Returns:
-
add
Description copied from interface:IdentityStore
Persists the specified IdentityType- Specified by:
add
in interfaceIdentityStore
-
addMemberToGroup
Description copied from interface:IdentityStore
Adds a member to a group.- Specified by:
addMemberToGroup
in interfaceIdentityStore
- Parameters:
groupDn
- The DN of the group objectmemberAttrName
- The member attribute namevalue
- The value (it can be uid or dn depending the group type)
-
removeMemberFromGroup
Description copied from interface:IdentityStore
Removes a member from a group.- Specified by:
removeMemberFromGroup
in interfaceIdentityStore
- Parameters:
groupDn
- The DN of the group objectmemberAttrName
- The member attribute namevalue
- The value (it can be uid or dn depending the group type)
-
update
Description copied from interface:IdentityStore
Updates the specified IdentityType- Specified by:
update
in interfaceIdentityStore
-
checkRename
-
remove
Description copied from interface:IdentityStore
Removes the specified IdentityType- Specified by:
remove
in interfaceIdentityStore
-
fetchQueryResults
- Specified by:
fetchQueryResults
in interfaceIdentityStore
-
countQueryResults
- Specified by:
countQueryResults
in interfaceIdentityStore
-
queryServerCapabilities
Description copied from interface:IdentityStore
Query the LDAP server RootDSE and extract theLDAPCapabilityRepresentation
of all supported extensions, controls and features the server announces. The LDAP Wiki provides a list of known capabilities. Will throw aModelException
on any LDAP error, or when the searchResult is empty.- Specified by:
queryServerCapabilities
in interfaceIdentityStore
- Returns:
- a set of LDAPOid, each representing a server capability (control, extension or feature).
-
validatePassword
Description copied from interface:IdentityStore
Validates the specified credentials.- Specified by:
validatePassword
in interfaceIdentityStore
- Parameters:
user
- Keycloak userpassword
- Ldap password- Throws:
AuthenticationException
- if authentication is not successful
-
updatePassword
public void updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator) Description copied from interface:IdentityStore
Updates the specified credential value.- Specified by:
updatePassword
in interfaceIdentityStore
- Parameters:
user
- Keycloak userpassword
- Ldap passwordpasswordUpdateDecorator
- Callback to be executed before/after password update. Can be null
-
createIdentityTypeSearchFilter
-
extractAttributesForSaving
-
getEntryIdentifier
-