コード例 #1
0
  protected UserModel importUserFromLDAP(
      KeycloakSession session, RealmModel realm, LDAPObject ldapUser) {
    String ldapUsername = LDAPUtils.getUsername(ldapUser, ldapIdentityStore.getConfig());
    LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());

    UserModel imported = session.userStorage().addUser(realm, ldapUsername);
    imported.setEnabled(true);

    Set<UserFederationMapperModel> federationMappers =
        realm.getUserFederationMappersByFederationProvider(getModel().getId());
    for (UserFederationMapperModel mapperModel : federationMappers) {
      if (logger.isTraceEnabled()) {
        logger.tracef("Using mapper %s during import user from LDAP", mapperModel);
      }
      LDAPFederationMapper ldapMapper = getMapper(mapperModel);
      ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, imported, realm, true);
    }

    String userDN = ldapUser.getDn().toString();
    imported.setFederationLink(model.getId());
    imported.setSingleAttribute(LDAPConstants.LDAP_ID, ldapUser.getUuid());
    imported.setSingleAttribute(LDAPConstants.LDAP_ENTRY_DN, userDN);

    logger.debugf(
        "Imported new user from LDAP to Keycloak DB. Username: [%s], Email: [%s], LDAP_ID: [%s], LDAP Entry DN: [%s]",
        imported.getUsername(), imported.getEmail(), ldapUser.getUuid(), userDN);
    return proxy(realm, imported, ldapUser);
  }
コード例 #2
0
  @Override
  public UserModel register(RealmModel realm, UserModel user) {
    if (editMode == EditMode.READ_ONLY || editMode == EditMode.UNSYNCED)
      throw new IllegalStateException("Registration is not supported by this ldap server");
    if (!synchronizeRegistrations())
      throw new IllegalStateException("Registration is not supported by this ldap server");

    LDAPObject ldapUser = LDAPUtils.addUserToLDAP(this, realm, user);
    LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());
    user.setSingleAttribute(LDAPConstants.LDAP_ID, ldapUser.getUuid());
    user.setSingleAttribute(LDAPConstants.LDAP_ENTRY_DN, ldapUser.getDn().toString());

    return proxy(realm, user, ldapUser);
  }
コード例 #3
0
  /**
   * @param local
   * @return ldapUser corresponding to local user or null if user is no longer in LDAP
   */
  protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local) {
    LDAPObject ldapUser = loadLDAPUserByUsername(realm, local.getUsername());
    if (ldapUser == null) {
      return null;
    }
    LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());

    if (ldapUser.getUuid().equals(local.getFirstAttribute(LDAPConstants.LDAP_ID))) {
      return ldapUser;
    } else {
      logger.warnf(
          "LDAP User invalid. ID doesn't match. ID from LDAP [%s], LDAP ID from local DB: [%s]",
          ldapUser.getUuid(), local.getFirstAttribute(LDAPConstants.LDAP_ID));
      return null;
    }
  }
コード例 #4
0
  public static void updateLDAPPassword(
      LDAPFederationProvider ldapProvider, LDAPObject ldapUser, String password) {
    ldapProvider.getLdapIdentityStore().updatePassword(ldapUser, password);

    // Enable MSAD user through userAccountControls
    if (ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
      ldapUser.setSingleAttribute(LDAPConstants.USER_ACCOUNT_CONTROL, "512");
      ldapProvider.getLdapIdentityStore().update(ldapUser);
    }
  }