Package org.keycloak.storage.ldap.idm.store.ldap

Class LDAPOperationManager

java.lang.Object

org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager

public class LDAPOperationManager
extends Object

This class provides a set of operations to manage LDAP trees.

Author:

Anil Saldhana, Pedro Silva

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	LDAPOperationManager.LdapOperation<R>

Constructor Summary

Constructors

Constructor	Description
LDAPOperationManager(KeycloakSession session, LDAPConfig config)

Method Summary

Modifier and Type	Method	Description
void	addAttribute(LdapName dn, Attribute attribute)	Adds the given Attribute instance using the given DN.
void	authenticate(LdapName dn, String password)	Performs a simple authentication using the given DN and password to bind to the authentication context.
String	createSubContext(LdapName name, Attributes attributes)
String	decodeEntryUUID(Object entryUUID)
Attributes	getAttributes(String entryUUID, LdapName baseDN, Set<String> returningAttributes)
Condition	getFilterById(String id)
SearchResult	lookupById(LdapName baseDN, String id, Collection<String> returningAttributes)
void	modifyAttribute(LdapName dn, Attribute attribute)	Modifies the given Attribute instance using the given DN.
void	modifyAttributes(LdapName dn, ModificationItem[] mods, LDAPOperationDecorator decorator)
void	modifyAttributes(LdapName dn, NamingEnumeration<Attribute> attributes)	Modifies the given Attribute instances using the given DN.
void	modifyAttributesNaming(LdapName dn, ModificationItem[] mods, LDAPOperationDecorator decorator)
void	passwordModifyExtended(LdapName dn, String password, LDAPOperationDecorator decorator)	Execute the LDAP Password Modify Extended Operation to update the password for the given DN.
void	removeAttribute(LdapName dn, Attribute attribute)	Removes the given Attribute instance using the given DN.
void	removeEntry(LdapName entryDn)	Removes the object from the LDAP tree
LdapName	renameEntry(LdapName oldDn, LdapName newDn, boolean fallback)	Rename LDAPObject name (DN)
List<SearchResult>	search(LdapName baseDN, Condition condition, Collection<String> returningAttributes, int searchScope)
List<SearchResult>	searchPaginated(LdapName baseDN, Condition condition, LDAPQuery identityQuery)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LDAPOperationManager

public LDAPOperationManager(KeycloakSession session,
 LDAPConfig config)

Method Details

modifyAttribute

public void modifyAttribute(LdapName dn,
 Attribute attribute)

Modifies the given Attribute instance using the given DN. This method performs a REPLACE_ATTRIBUTE operation.

Parameters:

dn -

attribute -

modifyAttributes

public void modifyAttributes(LdapName dn,
 NamingEnumeration<Attribute> attributes)

Modifies the given Attribute instances using the given DN. This method performs a REPLACE_ATTRIBUTE operation.

Parameters:

dn -

attributes -

removeAttribute

public void removeAttribute(LdapName dn,
 Attribute attribute)

Removes the given Attribute instance using the given DN. This method performs a REMOVE_ATTRIBUTE operation.

Parameters:

dn -

attribute -

addAttribute

public void addAttribute(LdapName dn,
 Attribute attribute)

Adds the given Attribute instance using the given DN. This method performs a ADD_ATTRIBUTE operation.

Parameters:

dn -

attribute -

removeEntry

public void removeEntry(LdapName entryDn)

Removes the object from the LDAP tree

renameEntry

public LdapName renameEntry(LdapName oldDn,
 LdapName newDn,
 boolean fallback)

Rename LDAPObject name (DN)

Parameters:

oldDn -

newDn -

fallback - With fallback=true, we will try to find the another DN in case of conflict. For example if there is an attempt to rename to "CN=John Doe", but there is already existing "CN=John Doe", we will try "CN=John Doe0"

Returns:

the non-conflicting DN, which was used in the end

search

public List<SearchResult> search(LdapName baseDN,
 Condition condition,
 Collection<String> returningAttributes,
 int searchScope)
                          throws NamingException

Throws:

NamingException

searchPaginated

public List<SearchResult> searchPaginated(LdapName baseDN,
 Condition condition,
 LDAPQuery identityQuery)
                                   throws NamingException

Throws:

NamingException

getFilterById

public Condition getFilterById(String id)

lookupById

public SearchResult lookupById(LdapName baseDN,
 String id,
 Collection<String> returningAttributes)

authenticate

public void authenticate(LdapName dn,
 String password)
                  throws AuthenticationException

Performs a simple authentication using the given DN and password to bind to the authentication context.

Parameters:

dn -

password -

Throws:

AuthenticationException - if authentication is not successful

modifyAttributesNaming

public void modifyAttributesNaming(LdapName dn,
 ModificationItem[] mods,
 LDAPOperationDecorator decorator)
                            throws NamingException

Throws:

NamingException

modifyAttributes

public void modifyAttributes(LdapName dn,
 ModificationItem[] mods,
 LDAPOperationDecorator decorator)

createSubContext

public String createSubContext(LdapName name,
 Attributes attributes)

getAttributes

public Attributes getAttributes(String entryUUID,
 LdapName baseDN,
 Set<String> returningAttributes)

decodeEntryUUID

public String decodeEntryUUID(Object entryUUID)

passwordModifyExtended

public void passwordModifyExtended(LdapName dn,
 String password,
 LDAPOperationDecorator decorator)

Execute the LDAP Password Modify Extended Operation to update the password for the given DN.

Parameters:

dn - distinguished name of the entry.

password - the new password.

decorator - A decorator to apply to the ldap operation.