diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java index e6f52d3b79..0d96858943 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java @@ -621,18 +621,19 @@ public class LDAPStorageProvider implements UserStorageProvider, * @return ldapUser corresponding to local user or null if user is no longer in LDAP */ protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local) { - LDAPObject existing = userManager.getManagedLDAPUser(local.getId()); + // getFirstAttribute triggers validation and another call to this method, so we run it before checking the cache + String uuidLdapAttribute = local.getFirstAttribute(LDAPConstants.LDAP_ID); + + LDAPObject existing = userManager.getManagedLDAPObject(local.getId()); if (existing != null) { return existing; } - String uuidLdapAttribute = local.getFirstAttribute(LDAPConstants.LDAP_ID); - LDAPObject ldapUser = loadLDAPUserByUuid(realm, uuidLdapAttribute); - if(ldapUser == null){ return null; } + userManager.setManagedLDAPObject(local.getId(), ldapUser); LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig()); if (ldapUser.getUuid().equals(local.getFirstAttribute(LDAPConstants.LDAP_ID))) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageUserManager.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageUserManager.java index 5155c12606..798f188266 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageUserManager.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageUserManager.java @@ -31,6 +31,7 @@ import org.keycloak.storage.ldap.mappers.LDAPTransaction; */ public class LDAPStorageUserManager { + private final Map managedLDAPObjects = new HashMap<>(); private final Map managedUsers = new HashMap<>(); private final LDAPStorageProvider provider; @@ -43,9 +44,16 @@ public class LDAPStorageUserManager { return entry==null ? null : entry.getManagedProxiedUser(); } - public LDAPObject getManagedLDAPUser(String userId) { - ManagedUserEntry entry = managedUsers.get(userId); - return entry==null ? null : entry.getLdapUser(); + public LDAPObject getManagedLDAPObject(String userId) { + return managedLDAPObjects.get(userId); + } + + public void setManagedLDAPObject(String userId, LDAPObject ldapObject) { + LDAPObject object = managedLDAPObjects.get(userId); + if (object != null) { + throw new IllegalStateException("Don't expect to have ldap object for user " + userId); + } + managedLDAPObjects.put(userId, ldapObject); } public LDAPTransaction getTransaction(String userId) { @@ -66,7 +74,7 @@ public class LDAPStorageUserManager { } LDAPTransaction ldapTransaction = new LDAPTransaction(provider, ldapObject); - ManagedUserEntry newEntry = new ManagedUserEntry(proxiedUser, ldapObject, ldapTransaction); + ManagedUserEntry newEntry = new ManagedUserEntry(proxiedUser, ldapTransaction); managedUsers.put(userId, newEntry); } @@ -79,12 +87,10 @@ public class LDAPStorageUserManager { private static class ManagedUserEntry { private final UserModel managedProxiedUser; - private final LDAPObject ldapUser; private final LDAPTransaction ldapTransaction; - public ManagedUserEntry(UserModel managedProxiedUser, LDAPObject ldapUser, LDAPTransaction ldapTransaction) { + public ManagedUserEntry(UserModel managedProxiedUser, LDAPTransaction ldapTransaction) { this.managedProxiedUser = managedProxiedUser; - this.ldapUser = ldapUser; this.ldapTransaction = ldapTransaction; } @@ -92,10 +98,6 @@ public class LDAPStorageUserManager { return managedProxiedUser; } - public LDAPObject getLdapUser() { - return ldapUser; - } - public LDAPTransaction getLdapTransaction() { return ldapTransaction; }