libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-2644 Delete user with a READ_ONLY LDAP federation provider just from Keycloak DB

Browse source
This commit is contained in:
mposolda 2016-03-14 09:01:57 +01:00
parent 214cd2ac22
commit 2d188068c4
3 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
View file

@ -179,8 +179,8 @@ public class LDAPFederationProvider implements UserFederationProvider {
@Override @Override
public boolean removeUser(RealmModel realm, UserModel user) { public boolean removeUser(RealmModel realm, UserModel user) {
if (editMode == EditMode.READ_ONLY || editMode == EditMode.UNSYNCED) { if (editMode == EditMode.READ_ONLY || editMode == EditMode.UNSYNCED) {
logger.warnf("User '%s' can't be deleted in LDAP as editMode is '%s'", user.getUsername(), editMode.toString()); logger.warnf("User '%s' can't be deleted in LDAP as editMode is '%s'. Deleting user just from Keycloak DB, but he will be re-imported from LDAP again once searched in Keycloak", user.getUsername(), editMode.toString());
return false; return true;
} }
LDAPObject ldapObject = loadAndValidateUser(realm, user); LDAPObject ldapObject = loadAndValidateUser(realm, user);

2
server-spi/src/main/java/org/keycloak/models/UserFederationManager.java
View file

@ -96,7 +96,7 @@ public class UserFederationManager implements UserProvider {
boolean localRemoved = session.userStorage().removeUser(realm, user); boolean localRemoved = session.userStorage().removeUser(realm, user);
managedUsers.remove(user.getId()); managedUsers.remove(user.getId());
if (!localRemoved) { if (!localRemoved) {
logger.warn("User removed from federation provider, but failed to remove him from keycloak model"); logger.warn("User possibly removed from federation provider, but failed to remove him from keycloak model");
} }
return localRemoved; return localRemoved;
} else { } else {

12
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java
View file

@ -500,6 +500,8 @@ public class FederationProvidersIntegrationTest {
} }
} }
// TODO: Rather separate test for fullNameMapper to better test all the possibilities
@Test @Test
public void testFullNameMapper() { public void testFullNameMapper() {
KeycloakSession session = keycloakRule.startSession(); KeycloakSession session = keycloakRule.startSession();
@ -691,7 +693,7 @@ public class FederationProvidersIntegrationTest {
} }
Assert.assertFalse(session.users().removeUser(appRealm, user)); Assert.assertTrue(session.users().removeUser(appRealm, user));
} finally { } finally {
keycloakRule.stopSession(session, false); keycloakRule.stopSession(session, false);
} }
@ -826,8 +828,12 @@ public class FederationProvidersIntegrationTest {
LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(appRealm, "johnkeycloak"); LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(appRealm, "johnkeycloak");
ldapProvider.getLdapIdentityStore().validatePassword(ldapUser, "Password1"); ldapProvider.getLdapIdentityStore().validatePassword(ldapUser, "Password1");
// ATM it's not permitted to delete user in unsynced mode. Should be user deleted just locally instead? // User is deleted just locally
Assert.assertFalse(session.users().removeUser(appRealm, user)); Assert.assertTrue(session.users().removeUser(appRealm, user));
// Assert user not available locally, but will be reimported from LDAP once searched
Assert.assertNull(session.userStorage().getUserByUsername("johnkeycloak", appRealm));
Assert.assertNotNull(session.users().getUserByUsername("johnkeycloak", appRealm));
} finally { } finally {
keycloakRule.stopSession(session, false); keycloakRule.stopSession(session, false);
} }