Possibility to configure ldap attribute, which is mapped to username, through admin console
This commit is contained in:
mposolda
parent
aea4fd8e30
commit
159a5e20bf
4 changed files with 42 additions and 10 deletions
|
|
@ -905,15 +905,28 @@ module.controller('RealmLdapSettingsCtrl', function($scope, $location, Notificat
|
||||||
{ "id": "other", "name": "Other" }
|
{ "id": "other", "name": "Other" }
|
||||||
];
|
];
|
||||||
|
|
||||||
|
$scope.usernameLDAPAttributes = [
|
||||||
|
"uid", "cn", "sAMAccountName"
|
||||||
|
];
|
||||||
|
|
||||||
$scope.realm = realm;
|
$scope.realm = realm;
|
||||||
|
|
||||||
var oldCopy = angular.copy($scope.realm);
|
var oldCopy = angular.copy($scope.realm);
|
||||||
$scope.changed = false;
|
$scope.changed = false;
|
||||||
|
|
||||||
|
$scope.lastVendor = realm.ldapServer.vendor;
|
||||||
|
|
||||||
$scope.$watch('realm', function() {
|
$scope.$watch('realm', function() {
|
||||||
if (!angular.equals($scope.realm, oldCopy)) {
|
if (!angular.equals($scope.realm, oldCopy)) {
|
||||||
$scope.changed = true;
|
$scope.changed = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!angular.equals($scope.realm.ldapServer.vendor, $scope.lastVendor)) {
|
||||||
|
console.log("LDAP vendor changed");
|
||||||
|
$scope.lastVendor = $scope.realm.ldapServer.vendor;
|
||||||
|
|
||||||
|
$scope.realm.ldapServer.usernameLDAPAttribute = ($scope.lastVendor === "ad") ? "cn" : "uid";
|
||||||
|
}
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
$scope.save = function() {
|
$scope.save = function() {
|
||||||
|
|
@ -928,6 +941,7 @@ module.controller('RealmLdapSettingsCtrl', function($scope, $location, Notificat
|
||||||
$scope.reset = function() {
|
$scope.reset = function() {
|
||||||
$scope.realm = angular.copy(oldCopy);
|
$scope.realm = angular.copy(oldCopy);
|
||||||
$scope.changed = false;
|
$scope.changed = false;
|
||||||
|
$scope.lastVendor = $scope.realm.ldapServer.vendor;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,17 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group clearfix">
|
||||||
|
<label class="col-sm-2 control-label" for="usernameLDAPAttribute">Username LDAP attribute <span class="required">*</span></label>
|
||||||
|
<div class="col-sm-4">
|
||||||
|
<div class="select-kc">
|
||||||
|
<select id="usernameLDAPAttribute"
|
||||||
|
ng-model="realm.ldapServer.usernameLDAPAttribute"
|
||||||
|
ng-options="usernameLDAPAttribute for usernameLDAPAttribute in usernameLDAPAttributes">
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div class="form-group clearfix">
|
<div class="form-group clearfix">
|
||||||
<label class="col-sm-2 control-label" for="ldapConnectionUrl">Connection URL <span class="required">*</span></label>
|
<label class="col-sm-2 control-label" for="ldapConnectionUrl">Connection URL <span class="required">*</span></label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,8 @@ public class LdapConstants {
|
||||||
public static final String VENDOR_ACTIVE_DIRECTORY = "ad";
|
public static final String VENDOR_ACTIVE_DIRECTORY = "ad";
|
||||||
public static final String VENDOR_OTHER = "other";
|
public static final String VENDOR_OTHER = "other";
|
||||||
|
|
||||||
|
public static final String USERNAME_LDAP_ATTRIBUTE = "usernameLDAPAttribute";
|
||||||
|
|
||||||
public static final String CONNECTION_URL = "connectionUrl";
|
public static final String CONNECTION_URL = "connectionUrl";
|
||||||
public static final String BASE_DN = "baseDn";
|
public static final String BASE_DN = "baseDn";
|
||||||
public static final String USER_DN_SUFFIX = "userDnSuffix";
|
public static final String USER_DN_SUFFIX = "userDnSuffix";
|
||||||
|
|
|
||||||
|
|
@ -80,13 +80,18 @@ public class PartitionManagerRegistry {
|
||||||
|
|
||||||
boolean activeDirectory = vendor != null && vendor.equals(LdapConstants.VENDOR_ACTIVE_DIRECTORY);
|
boolean activeDirectory = vendor != null && vendor.equals(LdapConstants.VENDOR_ACTIVE_DIRECTORY);
|
||||||
|
|
||||||
// Try to compute properties based on LDAP server type, but still allow to override them through System properties TODO: Should allow better way than overriding from System properties. Perhaps init from XML?
|
String ldapLoginNameMapping = ldapConfig.get(LdapConstants.USERNAME_LDAP_ATTRIBUTE);
|
||||||
String ldapLoginName = getNameOfLDAPAttribute("keycloak.ldap.idm.loginName", UID, CN, activeDirectory);
|
if (ldapLoginNameMapping == null) {
|
||||||
String ldapFirstName = getNameOfLDAPAttribute("keycloak.ldap.idm.firstName", CN, "givenName", activeDirectory);
|
ldapLoginNameMapping = activeDirectory ? CN : UID;
|
||||||
String ldapLastName = getNameOfLDAPAttribute("keycloak.ldap.idm.lastName", SN, SN, activeDirectory);
|
}
|
||||||
String ldapEmail = getNameOfLDAPAttribute("keycloak.ldap.idm.email", EMAIL, EMAIL, activeDirectory);
|
|
||||||
|
|
||||||
logger.infof("LDAP Attributes mapping: loginName: %s, firstName: %s, lastName: %s, email: %s", ldapLoginName, ldapFirstName, ldapLastName, ldapEmail);
|
// Try to compute properties based on LDAP server type, but still allow to override them through System properties TODO: Should allow better way than overriding from System properties. Perhaps init from XML?
|
||||||
|
ldapLoginNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.loginName", ldapLoginNameMapping, ldapLoginNameMapping, activeDirectory);
|
||||||
|
String ldapFirstNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.firstName", CN, "givenName", activeDirectory);
|
||||||
|
String ldapLastNameMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.lastName", SN, SN, activeDirectory);
|
||||||
|
String ldapEmailMapping = getNameOfLDAPAttribute("keycloak.ldap.idm.email", EMAIL, EMAIL, activeDirectory);
|
||||||
|
|
||||||
|
logger.infof("LDAP Attributes mapping: loginName: %s, firstName: %s, lastName: %s, email: %s", ldapLoginNameMapping, ldapFirstNameMapping, ldapLastNameMapping, ldapEmailMapping);
|
||||||
|
|
||||||
// Use same mapping for User and Agent for now
|
// Use same mapping for User and Agent for now
|
||||||
builder
|
builder
|
||||||
|
|
@ -104,10 +109,10 @@ public class PartitionManagerRegistry {
|
||||||
.mapping(User.class)
|
.mapping(User.class)
|
||||||
.baseDN(ldapConfig.get(LdapConstants.USER_DN_SUFFIX))
|
.baseDN(ldapConfig.get(LdapConstants.USER_DN_SUFFIX))
|
||||||
.objectClasses("inetOrgPerson", "organizationalPerson")
|
.objectClasses("inetOrgPerson", "organizationalPerson")
|
||||||
.attribute("loginName", ldapLoginName, true)
|
.attribute("loginName", ldapLoginNameMapping, true)
|
||||||
.attribute("firstName", ldapFirstName)
|
.attribute("firstName", ldapFirstNameMapping)
|
||||||
.attribute("lastName", ldapLastName)
|
.attribute("lastName", ldapLastNameMapping)
|
||||||
.attribute("email", ldapEmail);
|
.attribute("email", ldapEmailMapping);
|
||||||
|
|
||||||
// Workaround to override the LDAPIdentityStore with our own :/
|
// Workaround to override the LDAPIdentityStore with our own :/
|
||||||
List<IdentityConfiguration> identityConfigs = builder.buildAll();
|
List<IdentityConfiguration> identityConfigs = builder.buildAll();
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue