libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-1357 LDAP migration

Browse source
This commit is contained in:
mposolda 2015-06-08 12:28:59 +02:00
parent 75e1f50faf
commit 0af68d28f1
10 changed files with 101 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
View file

@ -48,7 +48,14 @@ public class LDAPConfig {
}
public String getUsersDn() {
return config.get(LDAPConstants.USERS_DN);
String usersDn = config.get(LDAPConstants.USERS_DN);
if (usersDn == null) {
// Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
usersDn = config.get("userDnSuffix");
}
return usersDn;
}
public Collection<String> getUserObjectClasses() {
@ -101,31 +108,13 @@ public class LDAPConfig {
if (uuidAttrName == null) {
// Differences of unique attribute among various vendors
String vendor = getVendor();
if (vendor != null) {
switch (vendor) {
case LDAPConstants.VENDOR_RHDS:
uuidAttrName = "nsuniqueid";
break;
case LDAPConstants.VENDOR_TIVOLI:
uuidAttrName = "uniqueidentifier";
break;
case LDAPConstants.VENDOR_NOVELL_EDIRECTORY:
uuidAttrName = "guid";
break;
case LDAPConstants.VENDOR_ACTIVE_DIRECTORY:
uuidAttrName = LDAPConstants.OBJECT_GUID;
}
}
if (uuidAttrName == null) {
uuidAttrName = LDAPConstants.ENTRY_UUID;
}
uuidAttrName = LDAPConstants.getUuidAttributeName(vendor);
}
return uuidAttrName;
}
// TODO: Remove and use mapper instead
// TODO: Remove and use mapper instead?
public boolean isUserAccountControlsAfterPasswordUpdate() {
String userAccountCtrls = config.get(LDAPConstants.USER_ACCOUNT_CONTROLS_AFTER_PASSWORD_UPDATE);
return userAccountCtrls==null ? false : Boolean.parseBoolean(userAccountCtrls);
@ -148,6 +137,12 @@ public class LDAPConfig {
String rdn = config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE);
if (rdn == null) {
rdn = getUsernameLdapAttribute();
if (rdn.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
// Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
rdn = LDAPConstants.CN;
}
}
return rdn;
}

4
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
View file

@ -41,7 +41,7 @@ import java.util.Set;
*/
public class LDAPFederationProviderFactory extends UserFederationEventAwareProviderFactory {
private static final Logger logger = Logger.getLogger(LDAPFederationProviderFactory.class);
public static final String PROVIDER_NAME = "ldap";
public static final String PROVIDER_NAME = LDAPConstants.LDAP_PROVIDER;
private LDAPIdentityStoreRegistry ldapStoreRegistry;
@ -79,7 +79,7 @@ public class LDAPFederationProviderFactory extends UserFederationEventAwareProvi
// Best effort to create appropriate mappers according to our LDAP config
@Override
protected void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
public void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
LDAPConfig ldapConfig = new LDAPConfig(newProviderModel.getConfig());
boolean activeDirectory = ldapConfig.isActiveDirectory();

17
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
View file

@ -55,23 +55,6 @@ public class LDAPIdentityStoreRegistry {
checkSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain");
checkSystemProperty("com.sun.jndi.ldap.connect.pool.debug", "off");
/*String ldapLoginNameMapping = ldapConfig.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
if (ldapLoginNameMapping == null) {
ldapLoginNameMapping = activeDirectory ? LDAPConstants.CN : LDAPConstants.UID;
}
String ldapFirstNameMapping = activeDirectory ? "givenName" : LDAPConstants.CN;
String createTimestampMapping = activeDirectory ? "whenCreated" : LDAPConstants.CREATE_TIMESTAMP;
String modifyTimestampMapping = activeDirectory ? "whenChanged" : LDAPConstants.MODIFY_TIMESTAMP;
String[] userObjectClasses = getUserObjectClasses(ldapConfig); */
/* if (activeDirectory && ldapLoginNameMapping.equals("sAMAccountName")) {
ldapUserMappingConfig.setBindingDnPropertyName("fullName");
ldapUserMappingConfig.addAttributeMapping("fullName", LDAPConstants.CN);
logger.infof("Using 'cn' attribute for DN of user and 'sAMAccountName' for username");
} */
return new LDAPIdentityStore(cfg);
}

2
model/api/src/main/java/org/keycloak/migration/MigrationModel.java
View file

@ -11,7 +11,7 @@ public interface MigrationModel {
/**
* Must have the form of major.minor.micro as the version is parsed and numbers are compared
*/
public static final String LATEST_VERSION = "1.2.0.CR1";
public static final String LATEST_VERSION = "1.3.0.Beta1";
String getStoredVersion();
void setStoredVersion(String version);

6
model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
View file

@ -17,11 +17,13 @@ public class MigrationModelManager {
String storedVersion = model.getStoredVersion();
if (MigrationModel.LATEST_VERSION.equals(storedVersion)) return;
ModelVersion stored = null;
if (storedVersion != null) new ModelVersion(storedVersion);
if (storedVersion != null) {
stored = new ModelVersion(storedVersion);
}
if (stored == null || stored.lessThan(MigrationTo1_2_0_CR1.VERSION)) {
if (stored != null) {
logger.debug("Migrating older model to 1.2.0.RC1 updates");
logger.debug("Migrating older model to 1.2.0.CR1 updates");
}
new MigrationTo1_2_0_CR1().migrate(session);
}

2
model/api/src/main/java/org/keycloak/migration/ModelVersion.java
View file

@ -59,7 +59,7 @@ public class ModelVersion {
if (major < version.major) return true;
if (minor < version.minor) return true;
if (micro < version.micro) return true;
if (qualifier == version.qualifier) return false;
if (qualifier != null && qualifier.equals(version.qualifier)) return false;
if (qualifier == null) return false;
if (version.qualifier == null) return true;
int comp = qualifier.compareTo(version.qualifier);

46
model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
View file

@ -2,10 +2,18 @@ package org.keycloak.migration.migrators;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationEventAwareProviderFactory;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import java.util.List;
import java.util.Map;
import javax.naming.directory.SearchControls;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -21,7 +29,45 @@ public class MigrateTo1_3_0_Beta1 {
if (realm.getAuthenticationFlows().size() == 0) {
DefaultAuthenticationFlows.addFlows(realm);
}
migrateLDAPProviders(session, realm);
}
}
private void migrateLDAPProviders(KeycloakSession session, RealmModel realm) {
List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
for (UserFederationProviderModel fedProvider : federationProviders) {
if (fedProvider.getProviderName().equals(LDAPConstants.LDAP_PROVIDER)) {
Map<String, String> config = fedProvider.getConfig();
// Update config properties for LDAP federation provider
config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
String usersDn = config.remove("userDnSuffix");
config.put(LDAPConstants.USERS_DN, usersDn);
String rdnLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
if (rdnLdapAttribute != null) {
if (rdnLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
} else {
config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, rdnLdapAttribute);
}
}
String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
realm.updateUserFederationProvider(fedProvider);
// Create default mappers for LDAP
UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
if (ldapFactory != null) {
((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
}
}
}
}
}

19
model/api/src/main/java/org/keycloak/models/LDAPConstants.java
View file

@ -5,6 +5,8 @@ package org.keycloak.models;
*/
public class LDAPConstants {
public static final String LDAP_PROVIDER = "ldap";
public static final String VENDOR = "vendor";
public static final String VENDOR_RHDS = "rhds";
public static final String VENDOR_ACTIVE_DIRECTORY = "ad";
@ -80,4 +82,21 @@ public class LDAPConstants {
public static final String OBJECT_GUID = "objectGUID";
public static final String CREATE_TIMESTAMP = "createTimestamp";
public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
public static String getUuidAttributeName(String vendor) {
if (vendor != null) {
switch (vendor) {
case VENDOR_RHDS:
return "nsuniqueid";
case VENDOR_TIVOLI:
return "uniqueidentifier";
case VENDOR_NOVELL_EDIRECTORY:
return "guid";
case VENDOR_ACTIVE_DIRECTORY:
return OBJECT_GUID;
}
}
return ENTRY_UUID;
}
}

2
model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java
View file

@ -29,5 +29,5 @@ public abstract class UserFederationEventAwareProviderFactory implements UserFed
});
}
protected abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
public abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
}

22
model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java
View file

@ -16,30 +16,30 @@ public class MigrationVersionTest {
Assert.assertEquals(version_100Beta1.getMajor(), 1);
Assert.assertEquals(version_100Beta1.getMinor(), 0);
Assert.assertEquals(version_100Beta1.getMicro(), 0);
ModelVersion version_100RC1 = new ModelVersion("1.0.0.RC1");
ModelVersion version_100CR1 = new ModelVersion("1.0.0.CR1");
ModelVersion version_100 = new ModelVersion("1.0.0");
ModelVersion version_110Beta1 = new ModelVersion("1.1.0.Beta1");
ModelVersion version_110RC1 = new ModelVersion("1.1.0.RC1");
ModelVersion version_110CR1 = new ModelVersion("1.1.0.CR1");
ModelVersion version_110 = new ModelVersion("1.1.0");
ModelVersion version_111Beta1 = new ModelVersion("1.1.1.Beta1");
ModelVersion version_111RC1 = new ModelVersion("1.1.1.RC1");
ModelVersion version_111CR1 = new ModelVersion("1.1.1.CR1");
ModelVersion version_111 = new ModelVersion("1.1.1");
ModelVersion version_211Beta1 = new ModelVersion("2.1.1.Beta1");
ModelVersion version_211RC1 = new ModelVersion("2.1.1.RC1");
Assert.assertEquals(version_211RC1.getMajor(), 2);
Assert.assertEquals(version_211RC1.getMinor(), 1);
Assert.assertEquals(version_211RC1.getMicro(), 1);
Assert.assertEquals(version_211RC1.getQualifier(), "RC1");
ModelVersion version_211CR1 = new ModelVersion("2.1.1.CR1");
Assert.assertEquals(version_211CR1.getMajor(), 2);
Assert.assertEquals(version_211CR1.getMinor(), 1);
Assert.assertEquals(version_211CR1.getMicro(), 1);
Assert.assertEquals(version_211CR1.getQualifier(), "CR1");
ModelVersion version_211 = new ModelVersion("2.1.1");
Assert.assertFalse(version_100Beta1.lessThan(version_100Beta1));
Assert.assertTrue(version_100Beta1.lessThan(version_100RC1));
Assert.assertTrue(version_100Beta1.lessThan(version_100CR1));
Assert.assertTrue(version_100Beta1.lessThan(version_100));
Assert.assertTrue(version_100Beta1.lessThan(version_110Beta1));
Assert.assertTrue(version_100Beta1.lessThan(version_110RC1));
Assert.assertTrue(version_100Beta1.lessThan(version_110CR1));
Assert.assertTrue(version_100Beta1.lessThan(version_110));
Assert.assertFalse(version_211.lessThan(version_110RC1));
Assert.assertFalse(version_211.lessThan(version_110CR1));
}
}