Class GroupLDAPStorageMapper
java.lang.Object
org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper
- All Implemented Interfaces:
Provider,LDAPStorageMapper,CommonLDAPGroupMapper
public class GroupLDAPStorageMapper
extends AbstractLDAPStorageMapper
implements CommonLDAPGroupMapper
- Author:
- Marek Posolda
-
Nested Class Summary
Nested Classes -
Field Summary
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel -
Constructor Summary
ConstructorsConstructorDescriptionGroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory) -
Method Summary
Modifier and TypeMethodDescriptionvoidaddGroupMappingInLDAP(RealmModel realm, GroupModel kcGroup, LDAPObject ldapUser) voidbeforeLDAPQuery(LDAPQuery query) Called before LDAP Identity query for retrieve LDAP users was executed.createGroupQuery(boolean includeMemberAttribute) protected GroupModelcreateKcGroup(RealmModel realm, String ldapGroupName, GroupModel parentGroup) Creates a new KC group from given LDAP group name in given KC parent group or the groups path.voiddeleteGroupMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapGroup) protected GroupModelfindKcGroupByLDAPGroup(RealmModel realm, GroupModel parent, LDAPObject ldapGroup) protected GroupModelfindKcGroupOrSyncFromLDAP(RealmModel realm, GroupModel parent, LDAPObject ldapGroup, UserModel user) protected Stream<GroupModel>getAllKcGroups(RealmModel realm, GroupModel topParentGroup) Provides a stream of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.protected List<LDAPObject>getAllLDAPGroups(boolean includeMemberAttribute) getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) Return empty list if doesn't support storing of groupsprotected StringgetKcGroupPathFromLDAPGroupName(String ldapGroupName) Translates given LDAP group name into a KC group within the groups path.protected GroupModelgetKcGroupsPathGroup(RealmModel realm) Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.protected Stream<GroupModel>getKcSubGroups(RealmModel realm, GroupModel parentGroup) Provides a list of all KC sub groups from given parent group or from groups path.protected List<LDAPObject>getLDAPGroupMappings(LDAPObject ldapUser) getLDAPSubgroups(LDAPObject ldapGroup) protected Stringprotected booleanisGroupInGroupPath(RealmModel realm, GroupModel group) loadLDAPGroupByName(String groupName) voidonImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Called when importing user from LDAP to local keycloak DB.voidonRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) Called when register new user to LDAP - just after user was created in Keycloak DBproxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) Called when invoke proxy on LDAP federation providerSync data from federated storage to Keycloak.Sync data from Keycloak back to federated storageupdateLDAPGroup(LDAPObject ldapObject) Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getLdapProvider, getRoleMembers, getSession, getUserAttributes, mandatoryAttributeNames, onAuthenticationFailure, parseBooleanParameterMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper
getLdapProvider, getRoleMembers, getUserAttributes, mandatoryAttributeNames, onAuthenticationFailure
-
Constructor Details
-
GroupLDAPStorageMapper
public GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory)
-
-
Method Details
-
createLDAPGroupQuery
- Specified by:
createLDAPGroupQueryin interfaceCommonLDAPGroupMapper
-
getConfig
- Specified by:
getConfigin interfaceCommonLDAPGroupMapper
-
createGroupQuery
-
createLDAPGroup
-
loadLDAPGroupByName
-
updateLDAPGroup
-
getLDAPSubgroups
-
syncDataFromFederationProviderToKeycloak
Description copied from interface:LDAPStorageMapperSync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported- Specified by:
syncDataFromFederationProviderToKeycloakin interfaceLDAPStorageMapper- Overrides:
syncDataFromFederationProviderToKeycloakin classAbstractLDAPStorageMapper
-
findKcGroupByLDAPGroup
protected GroupModel findKcGroupByLDAPGroup(RealmModel realm, GroupModel parent, LDAPObject ldapGroup) -
findKcGroupOrSyncFromLDAP
protected GroupModel findKcGroupOrSyncFromLDAP(RealmModel realm, GroupModel parent, LDAPObject ldapGroup, UserModel user) -
getAllLDAPGroups
-
syncDataFromKeycloakToFederationProvider
Description copied from interface:LDAPStorageMapperSync data from Keycloak back to federated storage- Specified by:
syncDataFromKeycloakToFederationProviderin interfaceLDAPStorageMapper- Overrides:
syncDataFromKeycloakToFederationProviderin classAbstractLDAPStorageMapper
-
getGroupMembers
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) Description copied from interface:LDAPStorageMapperReturn empty list if doesn't support storing of groups- Specified by:
getGroupMembersin interfaceLDAPStorageMapper- Overrides:
getGroupMembersin classAbstractLDAPStorageMapper
-
addGroupMappingInLDAP
-
deleteGroupMappingInLDAP
-
getLDAPGroupMappings
-
beforeLDAPQuery
Description copied from interface:LDAPStorageMapperCalled before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQueryin interfaceLDAPStorageMapper
-
proxy
Description copied from interface:LDAPStorageMapperCalled when invoke proxy on LDAP federation provider- Specified by:
proxyin interfaceLDAPStorageMapper- Returns:
-
onRegisterUserToLDAP
Description copied from interface:LDAPStorageMapperCalled when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAPin interfaceLDAPStorageMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Description copied from interface:LDAPStorageMapperCalled when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAPin interfaceLDAPStorageMapperisCreate- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
getMembershipUserLdapAttribute
-
getKcGroupPathFromLDAPGroupName
Translates given LDAP group name into a KC group within the groups path. -
getKcGroupsPathGroup
Provides KC group defined as groups path or null (top-level group) if corresponding group is not available. -
isGroupInGroupPath
-
createKcGroup
Creates a new KC group from given LDAP group name in given KC parent group or the groups path. -
getKcSubGroups
Provides a list of all KC sub groups from given parent group or from groups path. -
getAllKcGroups
Provides a stream of all KC groups (with their sub groups) from groups path configured by the "Groups Path" configuration property.
-