libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #2466 from mposolda/master

Browse source 
Fix LDAPGroupMapperTest with MSAD and Mongo
This commit is contained in:
Marek Posolda 2016-04-01 11:22:56 +02:00
commit 46f6b97c26
3 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
View file

@ -232,7 +232,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
if (kcUser == null) { if (kcUser == null) {
logger.warnf("User '%s' referenced by membership wasn't found in LDAP", username); logger.warnf("User '%s' referenced by membership wasn't found in LDAP", username);
} else if (!model.getId().equals(kcUser.getFederationLink())) { } else if (!model.getId().equals(kcUser.getFederationLink())) {
logger.warnf("Incorrect federation provider of user %s" + kcUser.getUsername()); logger.warnf("Incorrect federation provider of user '%s'", kcUser.getUsername());
} else { } else {
result.add(kcUser); result.add(kcUser);
} }

3
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapper2WaySyncTest.java
View file

@ -21,8 +21,10 @@ import java.util.Map;
import org.junit.Assert; import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPFederationProvider; import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPFederationProviderFactory; import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
@ -45,6 +47,7 @@ import org.keycloak.testsuite.rule.LDAPRule;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/ */
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class LDAPGroupMapper2WaySyncTest { public class LDAPGroupMapper2WaySyncTest {
@ClassRule @ClassRule

18
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapperTest.java
View file

@ -28,6 +28,7 @@ import org.junit.Test;
import org.junit.rules.RuleChain; import org.junit.rules.RuleChain;
import org.junit.rules.TestRule; import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters; import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPConfig;
import org.keycloak.federation.ldap.LDAPFederationProvider; import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPFederationProviderFactory; import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
import org.keycloak.federation.ldap.LDAPUtils; import org.keycloak.federation.ldap.LDAPUtils;
@ -110,6 +111,9 @@ public class LDAPGroupMapperTest {
LDAPObject rob = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"); LDAPObject rob = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
FederationTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1"); FederationTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
LDAPObject james = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910");
FederationTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1");
} }
}); });
@ -309,6 +313,12 @@ public class LDAPGroupMapperTest {
public void test04_groupReferencingNonExistentMember() { public void test04_groupReferencingNonExistentMember() {
KeycloakSession session = keycloakRule.startSession(); KeycloakSession session = keycloakRule.startSession();
try { try {
// Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
LDAPConfig config = FederationTestUtils.getLdapProvider(session, ldapModel).getLdapIdentityStore().getConfig();
if (config.isActiveDirectory()) {
return;
}
RealmModel appRealm = session.realms().getRealmByName("test"); RealmModel appRealm = session.realms().getRealmByName("test");
UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper"); UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
@ -321,12 +331,12 @@ public class LDAPGroupMapperTest {
LDAPObject group2 = FederationTestUtils.createLDAPGroup(session, appRealm, ldapModel, "group2", descriptionAttrName, "group2 - description"); LDAPObject group2 = FederationTestUtils.createLDAPGroup(session, appRealm, ldapModel, "group2", descriptionAttrName, "group2 - description");
// 2 - Add one existing user rob to LDAP group // 2 - Add one existing user rob to LDAP group
LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak"); LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group2, robLdap, false); LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group2, jamesLdap, false);
// 3 - Add non-existing user to LDAP group // 3 - Add non-existing user to LDAP group
LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn()); LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
nonExistentDn.addFirst(robLdap.getRdnAttributeName(), "nonexistent"); nonExistentDn.addFirst(jamesLdap.getRdnAttributeName(), "nonexistent");
LDAPObject nonExistentLdapUser = new LDAPObject(); LDAPObject nonExistentLdapUser = new LDAPObject();
nonExistentLdapUser.setDn(nonExistentDn); nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group2, nonExistentLdapUser, true); LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group2, nonExistentLdapUser, true);
@ -337,7 +347,7 @@ public class LDAPGroupMapperTest {
List<UserModel> groupUsers = session.users().getGroupMembers(appRealm, kcGroup2, 0, 5); List<UserModel> groupUsers = session.users().getGroupMembers(appRealm, kcGroup2, 0, 5);
Assert.assertEquals(1, groupUsers.size()); Assert.assertEquals(1, groupUsers.size());
UserModel rob = groupUsers.get(0); UserModel rob = groupUsers.get(0);
Assert.assertEquals("robkeycloak", rob.getUsername()); Assert.assertEquals("jameskeycloak", rob.getUsername());
} finally { } finally {
keycloakRule.stopSession(session, false); keycloakRule.stopSession(session, false);