Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
368ea64b51
4 changed files with 23 additions and 1 deletions
|
@ -47,6 +47,8 @@ public class LDAPQuery {
|
||||||
private final List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>();
|
private final List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>();
|
||||||
|
|
||||||
private int searchScope = SearchControls.SUBTREE_SCOPE;
|
private int searchScope = SearchControls.SUBTREE_SCOPE;
|
||||||
|
|
||||||
|
private String ldapFilter = null;
|
||||||
|
|
||||||
public LDAPQuery(LDAPFederationProvider ldapProvider) {
|
public LDAPQuery(LDAPFederationProvider ldapProvider) {
|
||||||
this.ldapFedProvider = ldapProvider;
|
this.ldapFedProvider = ldapProvider;
|
||||||
|
@ -189,4 +191,12 @@ public class LDAPQuery {
|
||||||
return this.conditions;
|
return this.conditions;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getLdapFilter() {
|
||||||
|
return ldapFilter;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setLdapFilter(String ldapFilter) {
|
||||||
|
this.ldapFilter = ldapFilter;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -255,7 +255,9 @@ public class LDAPIdentityStore implements IdentityStore {
|
||||||
for (Condition condition : identityQuery.getConditions()) {
|
for (Condition condition : identityQuery.getConditions()) {
|
||||||
applyCondition(filter, condition);
|
applyCondition(filter, condition);
|
||||||
}
|
}
|
||||||
|
if (!(identityQuery.getLdapFilter() == null || identityQuery.getLdapFilter().isEmpty())) {
|
||||||
|
filter.append(identityQuery.getLdapFilter());
|
||||||
|
}
|
||||||
|
|
||||||
filter.insert(0, "(&");
|
filter.insert(0, "(&");
|
||||||
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
|
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
|
||||||
|
|
|
@ -54,6 +54,9 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
||||||
|
|
||||||
// See docs for Mode enum
|
// See docs for Mode enum
|
||||||
public static final String MODE = "mode";
|
public static final String MODE = "mode";
|
||||||
|
|
||||||
|
// Customized LDAP filter which is added to the whole LDAP query
|
||||||
|
public static final String ROLES_LDAP_FILTER = "roles.ldap.filter";
|
||||||
|
|
||||||
|
|
||||||
// List of IDs of UserFederationMapperModels where syncRolesFromLDAP was already called in this KeycloakSession. This is to improve performance
|
// List of IDs of UserFederationMapperModels where syncRolesFromLDAP was already called in this KeycloakSession. This is to improve performance
|
||||||
|
@ -128,6 +131,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
||||||
ldapQuery.addObjectClasses(roleObjectClasses);
|
ldapQuery.addObjectClasses(roleObjectClasses);
|
||||||
|
|
||||||
String rolesRdnAttr = getRoleNameLdapAttribute(mapperModel);
|
String rolesRdnAttr = getRoleNameLdapAttribute(mapperModel);
|
||||||
|
ldapQuery.setLdapFilter(mapperModel.getConfig().get(RoleLDAPFederationMapper.ROLES_LDAP_FILTER));
|
||||||
String membershipAttr = getMembershipLdapAttribute(mapperModel);
|
String membershipAttr = getMembershipLdapAttribute(mapperModel);
|
||||||
ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
|
ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
|
||||||
ldapQuery.addReturningLdapAttribute(membershipAttr);
|
ldapQuery.addReturningLdapAttribute(membershipAttr);
|
||||||
|
|
|
@ -51,6 +51,12 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
|
||||||
"Object class (or classes) of the role object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ",
|
"Object class (or classes) of the role object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ",
|
||||||
ProviderConfigProperty.STRING_TYPE, null);
|
ProviderConfigProperty.STRING_TYPE, null);
|
||||||
configProperties.add(roleObjectClasses);
|
configProperties.add(roleObjectClasses);
|
||||||
|
|
||||||
|
ProviderConfigProperty ldapFilter = createConfigProperty(RoleLDAPFederationMapper.ROLES_LDAP_FILTER,
|
||||||
|
"LDAP Filter",
|
||||||
|
"LDAP Filter adds additional custom filter to the whole query.",
|
||||||
|
ProviderConfigProperty.STRING_TYPE, null);
|
||||||
|
configProperties.add(ldapFilter);
|
||||||
|
|
||||||
List<String> modes = new LinkedList<String>();
|
List<String> modes = new LinkedList<String>();
|
||||||
for (RoleLDAPFederationMapper.Mode mode : RoleLDAPFederationMapper.Mode.values()) {
|
for (RoleLDAPFederationMapper.Mode mode : RoleLDAPFederationMapper.Mode.values()) {
|
||||||
|
|
Loading…
Reference in a new issue