diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js index a18765fd35..270b65f049 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js @@ -905,15 +905,28 @@ module.controller('RealmLdapSettingsCtrl', function($scope, $location, Notificat { "id": "other", "name": "Other" } ]; + $scope.usernameLDAPAttributes = [ + "uid", "cn", "sAMAccountName" + ]; + $scope.realm = realm; var oldCopy = angular.copy($scope.realm); $scope.changed = false; + $scope.lastVendor = realm.ldapServer.vendor; + $scope.$watch('realm', function() { if (!angular.equals($scope.realm, oldCopy)) { $scope.changed = true; } + + if (!angular.equals($scope.realm.ldapServer.vendor, $scope.lastVendor)) { + console.log("LDAP vendor changed"); + $scope.lastVendor = $scope.realm.ldapServer.vendor; + + $scope.realm.ldapServer.usernameLDAPAttribute = ($scope.lastVendor === "ad") ? "cn" : "uid"; + } }, true); $scope.save = function() { @@ -928,6 +941,7 @@ module.controller('RealmLdapSettingsCtrl', function($scope, $location, Notificat $scope.reset = function() { $scope.realm = angular.copy(oldCopy); $scope.changed = false; + $scope.lastVendor = $scope.realm.ldapServer.vendor; }; }); diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html index 6eb9fdb4c8..1a657fe253 100644 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html @@ -24,6 +24,17 @@ +
+ +
+
+ +
+
+
diff --git a/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/idm/LdapConstants.java b/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/idm/LdapConstants.java index 4eb3454900..1e67c47a5b 100644 --- a/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/idm/LdapConstants.java +++ b/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/idm/LdapConstants.java @@ -10,6 +10,8 @@ public class LdapConstants { public static final String VENDOR_ACTIVE_DIRECTORY = "ad"; public static final String VENDOR_OTHER = "other"; + public static final String USERNAME_LDAP_ATTRIBUTE = "usernameLDAPAttribute"; + public static final String CONNECTION_URL = "connectionUrl"; public static final String BASE_DN = "baseDn"; public static final String USER_DN_SUFFIX = "userDnSuffix"; diff --git a/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/realm/PartitionManagerRegistry.java b/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/realm/PartitionManagerRegistry.java index 985c22a33c..fb40f84cb7 100644 --- a/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/realm/PartitionManagerRegistry.java +++ b/picketlink/keycloak-picketlink-realm/src/main/java/org/keycloak/picketlink/realm/PartitionManagerRegistry.java @@ -80,13 +80,18 @@ public class PartitionManagerRegistry { boolean activeDirectory = vendor != null && vendor.equals(LdapConstants.VENDOR_ACTIVE_DIRECTORY); - // Try to compute properties based on LDAP server type, but still allow to override them through System properties TODO: Should allow better way than overriding from System properties. Perhaps init from XML? - String ldapLoginName = getNameOfLDAPAttribute("keycloak.ldap.idm.loginName", UID, CN, activeDirectory); - String ldapFirstName = getNameOfLDAPAttribute("keycloak.ldap.idm.firstName", CN, "givenName", activeDirectory); - String ldapLastName = getNameOfLDAPAttribute("keycloak.ldap.idm.lastName", SN, SN, activeDirectory); - String ldapEmail = getNameOfLDAPAttribute("keycloak.ldap.idm.email", EMAIL, EMAIL, activeDirectory); + String ldapLoginNameMapping = ldapConfig.get(LdapConstants.USERNAME_LDAP_ATTRIBUTE); + if (ldapLoginNameMapping == null) { + ldapLoginNameMapping = activeDirectory ? CN : UID; + } - logger.infof("LDAP Attributes mapping: loginName: %s, firstName: %s, lastName: %s, email: %s", ldapLoginName, ldapFirstName, ldapLastName, ldapEmail); + // Try to compute properties based on LDAP server type, but still allow to override them through System properties TODO: Should allow better way than overriding from System properties. Perhaps init from XML? + ldapLoginNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.loginName", ldapLoginNameMapping, ldapLoginNameMapping, activeDirectory); + String ldapFirstNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.firstName", CN, "givenName", activeDirectory); + String ldapLastNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.lastName", SN, SN, activeDirectory); + String ldapEmailMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.email", EMAIL, EMAIL, activeDirectory); + + logger.infof("LDAP Attributes mapping: loginName: %s, firstName: %s, lastName: %s, email: %s", ldapLoginNameMapping, ldapFirstNameMapping, ldapLastNameMapping, ldapEmailMapping); // Use same mapping for User and Agent for now builder @@ -104,10 +109,10 @@ public class PartitionManagerRegistry { .mapping(User.class) .baseDN(ldapConfig.get(LdapConstants.USER_DN_SUFFIX)) .objectClasses("inetOrgPerson", "organizationalPerson") - .attribute("loginName", ldapLoginName, true) - .attribute("firstName", ldapFirstName) - .attribute("lastName", ldapLastName) - .attribute("email", ldapEmail); + .attribute("loginName", ldapLoginNameMapping, true) + .attribute("firstName", ldapFirstNameMapping) + .attribute("lastName", ldapLastNameMapping) + .attribute("email", ldapEmailMapping); // Workaround to override the LDAPIdentityStore with our own :/ List identityConfigs = builder.buildAll();