Implement pagination for getLDAPRoleMappings (#34043)
* Implement pagination for getLDAPRoleMappings On Active Directory, allow to retrieve more groups than the MaxPageSize (default to 1000). Without this patch, we need to increase the MaxPageSize which does not really scale. Implemented only for the LoadRolesByMember startegy. Closes #34042 Signed-off-by: Alexi Vandevoorde <alexi@vandevoor.de>
This commit is contained in:
parent
4690e00d91
commit
0d07342649
2 changed files with 15 additions and 1 deletions
|
@ -42,6 +42,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.reflection.Property;
|
import org.keycloak.models.utils.reflection.Property;
|
||||||
import org.keycloak.models.utils.reflection.PropertyCriteria;
|
import org.keycloak.models.utils.reflection.PropertyCriteria;
|
||||||
import org.keycloak.models.utils.reflection.PropertyQueries;
|
import org.keycloak.models.utils.reflection.PropertyQueries;
|
||||||
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPDn;
|
import org.keycloak.storage.ldap.idm.model.LDAPDn;
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.storage.ldap.idm.query.Condition;
|
import org.keycloak.storage.ldap.idm.query.Condition;
|
||||||
|
@ -288,6 +289,18 @@ public class LDAPUtils {
|
||||||
*/
|
*/
|
||||||
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider) {
|
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPStorageProvider ldapProvider) {
|
||||||
LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
|
LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
|
||||||
|
return loadAllLDAPObjects(ldapQuery, ldapConfig);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Load all LDAP objects corresponding to given query. We will load them paginated, so we allow to bypass the limitation of 1000
|
||||||
|
* maximum loaded objects in single query in MSAD
|
||||||
|
*
|
||||||
|
* @param ldapQuery LDAP query to be used. The caller should close it after calling this method
|
||||||
|
* @param ldapConfig
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery ldapQuery, LDAPConfig ldapConfig) {
|
||||||
boolean pagination = ldapConfig.isPagination();
|
boolean pagination = ldapConfig.isPagination();
|
||||||
if (pagination) {
|
if (pagination) {
|
||||||
// For now reuse globally configured batch size in LDAP provider page
|
// For now reuse globally configured batch size in LDAP provider page
|
||||||
|
|
|
@ -62,7 +62,8 @@ public interface UserRolesRetrieveStrategy {
|
||||||
|
|
||||||
Condition membershipCondition = getMembershipCondition(membershipAttr, userMembership);
|
Condition membershipCondition = getMembershipCondition(membershipAttr, userMembership);
|
||||||
ldapQuery.addWhereCondition(membershipCondition);
|
ldapQuery.addWhereCondition(membershipCondition);
|
||||||
return ldapQuery.getResultList();
|
|
||||||
|
return LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapConfig);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue