Merge pull request #1677 from mkdgit/Customized_LDAP_filter_1_6

KEYCLOAK-1906 : Customized LDAP filter
This commit is contained in:
Marek Posolda 2015-10-07 22:05:30 +02:00
commit 1796a45a68
4 changed files with 23 additions and 1 deletions

View file

@ -47,6 +47,8 @@ public class LDAPQuery {
private final List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>(); private final List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>();
private int searchScope = SearchControls.SUBTREE_SCOPE; private int searchScope = SearchControls.SUBTREE_SCOPE;
private String ldapFilter = null;
public LDAPQuery(LDAPFederationProvider ldapProvider) { public LDAPQuery(LDAPFederationProvider ldapProvider) {
this.ldapFedProvider = ldapProvider; this.ldapFedProvider = ldapProvider;
@ -189,4 +191,12 @@ public class LDAPQuery {
return this.conditions; return this.conditions;
} }
public String getLdapFilter() {
return ldapFilter;
}
public void setLdapFilter(String ldapFilter) {
this.ldapFilter = ldapFilter;
}
} }

View file

@ -255,7 +255,9 @@ public class LDAPIdentityStore implements IdentityStore {
for (Condition condition : identityQuery.getConditions()) { for (Condition condition : identityQuery.getConditions()) {
applyCondition(filter, condition); applyCondition(filter, condition);
} }
if (!(identityQuery.getLdapFilter() == null || identityQuery.getLdapFilter().isEmpty())) {
filter.append(identityQuery.getLdapFilter());
}
filter.insert(0, "(&"); filter.insert(0, "(&");
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses())); filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));

View file

@ -54,6 +54,9 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
// See docs for Mode enum // See docs for Mode enum
public static final String MODE = "mode"; public static final String MODE = "mode";
// Customized LDAP filter which is added to the whole LDAP query
public static final String ROLES_LDAP_FILTER = "roles.ldap.filter";
// List of IDs of UserFederationMapperModels where syncRolesFromLDAP was already called in this KeycloakSession. This is to improve performance // List of IDs of UserFederationMapperModels where syncRolesFromLDAP was already called in this KeycloakSession. This is to improve performance
@ -128,6 +131,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
ldapQuery.addObjectClasses(roleObjectClasses); ldapQuery.addObjectClasses(roleObjectClasses);
String rolesRdnAttr = getRoleNameLdapAttribute(mapperModel); String rolesRdnAttr = getRoleNameLdapAttribute(mapperModel);
ldapQuery.setLdapFilter(mapperModel.getConfig().get(RoleLDAPFederationMapper.ROLES_LDAP_FILTER));
String membershipAttr = getMembershipLdapAttribute(mapperModel); String membershipAttr = getMembershipLdapAttribute(mapperModel);
ldapQuery.addReturningLdapAttribute(rolesRdnAttr); ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
ldapQuery.addReturningLdapAttribute(membershipAttr); ldapQuery.addReturningLdapAttribute(membershipAttr);

View file

@ -51,6 +51,12 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
"Object class (or classes) of the role object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ", "Object class (or classes) of the role object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ",
ProviderConfigProperty.STRING_TYPE, null); ProviderConfigProperty.STRING_TYPE, null);
configProperties.add(roleObjectClasses); configProperties.add(roleObjectClasses);
ProviderConfigProperty ldapFilter = createConfigProperty(RoleLDAPFederationMapper.ROLES_LDAP_FILTER,
"LDAP Filter",
"LDAP Filter adds additional custom filter to the whole query.",
ProviderConfigProperty.STRING_TYPE, null);
configProperties.add(ldapFilter);
List<String> modes = new LinkedList<String>(); List<String> modes = new LinkedList<String>();
for (RoleLDAPFederationMapper.Mode mode : RoleLDAPFederationMapper.Mode.values()) { for (RoleLDAPFederationMapper.Mode mode : RoleLDAPFederationMapper.Mode.values()) {