Implement pagination for getLDAPRoleMappings (#34043)

* Implement pagination for getLDAPRoleMappings

On Active Directory, allow to retrieve more groups than the MaxPageSize
(default to 1000). Without this patch, we need to increase the
MaxPageSize which does not really scale. Implemented only for the
LoadRolesByMember startegy.

Closes #34042

Signed-off-by: Alexi Vandevoorde <alexi@vandevoor.de>
This commit is contained in:
Alexi Vandevoorde 2024-10-28 20:40:20 +01:00 committed by GitHub
parent 4690e00d91
commit 0d07342649
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 1 deletions

View file

@ -42,6 +42,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.utils.reflection.Property;
import org.keycloak.models.utils.reflection.PropertyCriteria;
import org.keycloak.models.utils.reflection.PropertyQueries;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.idm.model.LDAPDn;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.Condition;
@ -288,6 +289,18 @@ public class LDAPUtils {
*/
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider) {
LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
return loadAllLDAPObjects(ldapQuery, ldapConfig);
}
/**
* Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000
* maximum loaded objects in single query in MSAD
*
* @param ldapQuery LDAP query to be used. The caller should close it after calling this method
* @param ldapConfig
* @return
*/
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPConfig ldapConfig) {
boolean pagination = ldapConfig.isPagination();
if (pagination) {
// For now reuse globally configured batch size in LDAP provider page

View file

@ -62,7 +62,8 @@ public interface UserRolesRetrieveStrategy {
Condition membershipCondition = getMembershipCondition(membershipAttr, userMembership);
ldapQuery.addWhereCondition(membershipCondition);
return ldapQuery.getResultList();
return LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapConfig);
}
}