KEYCLOAK-1359 LDAP tests update
This commit is contained in:
mposolda
parent
b27f18c380
commit
496062ef0c
7 changed files with 8 additions and 13 deletions
|
|
@ -1,8 +1,6 @@
|
||||||
package org.keycloak.federation.ldap;
|
package org.keycloak.federation.ldap;
|
||||||
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
|
||||||
|
|
@ -108,7 +108,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
||||||
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
|
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
|
||||||
|
|
||||||
if (roleContainer.getRole(roleName) == null) {
|
if (roleContainer.getRole(roleName) == null) {
|
||||||
// TODO: rather change to debug
|
|
||||||
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
|
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
|
||||||
roleContainer.addRole(roleName);
|
roleContainer.addRole(roleName);
|
||||||
}
|
}
|
||||||
|
|
@ -210,7 +209,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
||||||
roleDn.addFirst(roleNameAttribute, roleName);
|
roleDn.addFirst(roleNameAttribute, roleName);
|
||||||
ldapObject.setDn(roleDn);
|
ldapObject.setDn(roleDn);
|
||||||
|
|
||||||
// TODO: debug
|
|
||||||
logger.infof("Creating role to [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
|
logger.infof("Creating role to [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
|
||||||
ldapProvider.getLdapIdentityStore().add(ldapObject);
|
ldapProvider.getLdapIdentityStore().add(ldapObject);
|
||||||
return ldapObject;
|
return ldapObject;
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ public class LDAPConstants {
|
||||||
|
|
||||||
public static final String CONNECTION_URL = "connectionUrl";
|
public static final String CONNECTION_URL = "connectionUrl";
|
||||||
public static final String SECURITY_PROTOCOL = "securityProtocol";
|
public static final String SECURITY_PROTOCOL = "securityProtocol";
|
||||||
|
public static final String BASE_DN = "baseDn"; // used for tests only
|
||||||
public static final String USERS_DN = "usersDn";
|
public static final String USERS_DN = "usersDn";
|
||||||
public static final String BIND_DN = "bindDn";
|
public static final String BIND_DN = "bindDn";
|
||||||
public static final String BIND_CREDENTIAL = "bindCredential";
|
public static final String BIND_CREDENTIAL = "bindCredential";
|
||||||
|
|
|
||||||
|
|
@ -110,7 +110,7 @@ public class UserFederationManager implements UserProvider {
|
||||||
if (realmModel == null) return;
|
if (realmModel == null) return;
|
||||||
UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
|
UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
|
||||||
tx.userStorage().removeUser(realmModel, deletedUser);
|
tx.userStorage().removeUser(realmModel, deletedUser);
|
||||||
logger.debugf("Removed invalid user '%s'", user.getUsername());
|
logger.infof("Removed invalid user '%s'", user.getUsername());
|
||||||
tx.getTransaction().commit();
|
tx.getTransaction().commit();
|
||||||
} finally {
|
} finally {
|
||||||
tx.close();
|
tx.close();
|
||||||
|
|
|
||||||
|
|
@ -108,8 +108,9 @@ class FederationTestUtils {
|
||||||
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
|
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
|
||||||
realm.updateUserFederationMapper(mapperModel);
|
realm.updateUserFederationMapper(mapperModel);
|
||||||
} else {
|
} else {
|
||||||
|
String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
|
||||||
mapperModel = KeycloakModelUtils.createUserFederationMapperModel("realmRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
|
mapperModel = KeycloakModelUtils.createUserFederationMapperModel("realmRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
|
||||||
RoleLDAPFederationMapper.ROLES_DN, "ou=RealmRoles,dc=keycloak,dc=org",
|
RoleLDAPFederationMapper.ROLES_DN, "ou=RealmRoles," + baseDn,
|
||||||
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "true",
|
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "true",
|
||||||
RoleLDAPFederationMapper.MODE, mode.toString());
|
RoleLDAPFederationMapper.MODE, mode.toString());
|
||||||
realm.addUserFederationMapper(mapperModel);
|
realm.addUserFederationMapper(mapperModel);
|
||||||
|
|
@ -120,8 +121,9 @@ class FederationTestUtils {
|
||||||
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
|
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
|
||||||
realm.updateUserFederationMapper(mapperModel);
|
realm.updateUserFederationMapper(mapperModel);
|
||||||
} else {
|
} else {
|
||||||
|
String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
|
||||||
mapperModel = KeycloakModelUtils.createUserFederationMapperModel("financeRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
|
mapperModel = KeycloakModelUtils.createUserFederationMapperModel("financeRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
|
||||||
RoleLDAPFederationMapper.ROLES_DN, "ou=FinanceRoles,dc=keycloak,dc=org",
|
RoleLDAPFederationMapper.ROLES_DN, "ou=FinanceRoles," + baseDn,
|
||||||
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "false",
|
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "false",
|
||||||
RoleLDAPFederationMapper.CLIENT_ID, "finance",
|
RoleLDAPFederationMapper.CLIENT_ID, "finance",
|
||||||
RoleLDAPFederationMapper.MODE, mode.toString());
|
RoleLDAPFederationMapper.MODE, mode.toString());
|
||||||
|
|
|
||||||
|
|
@ -28,8 +28,7 @@ public class LDAPTestConfiguration {
|
||||||
|
|
||||||
static {
|
static {
|
||||||
PROP_MAPPINGS.put(LDAPConstants.CONNECTION_URL, "idm.test.ldap.connection.url");
|
PROP_MAPPINGS.put(LDAPConstants.CONNECTION_URL, "idm.test.ldap.connection.url");
|
||||||
PROP_MAPPINGS.put("rolesDnSuffix", "idm.test.ldap.roles.dn.suffix");
|
PROP_MAPPINGS.put(LDAPConstants.BASE_DN, "idm.test.ldap.base.dn");
|
||||||
PROP_MAPPINGS.put("groupDnSuffix", "idm.test.ldap.group.dn.suffix");
|
|
||||||
PROP_MAPPINGS.put(LDAPConstants.USERS_DN, "idm.test.ldap.user.dn.suffix");
|
PROP_MAPPINGS.put(LDAPConstants.USERS_DN, "idm.test.ldap.user.dn.suffix");
|
||||||
PROP_MAPPINGS.put(LDAPConstants.BIND_DN, "idm.test.ldap.bind.dn");
|
PROP_MAPPINGS.put(LDAPConstants.BIND_DN, "idm.test.ldap.bind.dn");
|
||||||
PROP_MAPPINGS.put(LDAPConstants.BIND_CREDENTIAL, "idm.test.ldap.bind.credential");
|
PROP_MAPPINGS.put(LDAPConstants.BIND_CREDENTIAL, "idm.test.ldap.bind.credential");
|
||||||
|
|
@ -52,8 +51,7 @@ public class LDAPTestConfiguration {
|
||||||
PROP_MAPPINGS.put(KerberosConstants.USE_KERBEROS_FOR_PASSWORD_AUTHENTICATION, "idm.test.kerberos.use.kerberos.for.password.authentication");
|
PROP_MAPPINGS.put(KerberosConstants.USE_KERBEROS_FOR_PASSWORD_AUTHENTICATION, "idm.test.kerberos.use.kerberos.for.password.authentication");
|
||||||
|
|
||||||
DEFAULT_VALUES.put(LDAPConstants.CONNECTION_URL, "ldap://localhost:10389");
|
DEFAULT_VALUES.put(LDAPConstants.CONNECTION_URL, "ldap://localhost:10389");
|
||||||
DEFAULT_VALUES.put("rolesDnSuffix", "ou=Roles,dc=keycloak,dc=org");
|
DEFAULT_VALUES.put(LDAPConstants.BASE_DN, "dc=keycloak,dc=org");
|
||||||
DEFAULT_VALUES.put("groupDnSuffix", "ou=Groups,dc=keycloak,dc=org");
|
|
||||||
DEFAULT_VALUES.put(LDAPConstants.USERS_DN, "ou=People,dc=keycloak,dc=org");
|
DEFAULT_VALUES.put(LDAPConstants.USERS_DN, "ou=People,dc=keycloak,dc=org");
|
||||||
DEFAULT_VALUES.put(LDAPConstants.BIND_DN, "uid=admin,ou=system");
|
DEFAULT_VALUES.put(LDAPConstants.BIND_DN, "uid=admin,ou=system");
|
||||||
DEFAULT_VALUES.put(LDAPConstants.BIND_CREDENTIAL, "secret");
|
DEFAULT_VALUES.put(LDAPConstants.BIND_CREDENTIAL, "secret");
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,5 @@
|
||||||
idm.test.ldap.connection.url=ldap\://localhost\:10389
|
idm.test.ldap.connection.url=ldap\://localhost\:10389
|
||||||
idm.test.ldap.base.dn=dc\=keycloak,dc\=org
|
idm.test.ldap.base.dn=dc\=keycloak,dc\=org
|
||||||
idm.test.ldap.roles.dn.suffix=ou\=Roles,dc\=keycloak,dc\=org
|
|
||||||
idm.test.ldap.group.dn.suffix=ou\=Groups,dc\=keycloak,dc\=org
|
|
||||||
idm.test.ldap.user.dn.suffix=ou\=People,dc\=keycloak,dc\=org
|
idm.test.ldap.user.dn.suffix=ou\=People,dc\=keycloak,dc\=org
|
||||||
idm.test.ldap.start.embedded.ldap.server=true
|
idm.test.ldap.start.embedded.ldap.server=true
|
||||||
idm.test.ldap.bind.dn=uid\=admin,ou\=system
|
idm.test.ldap.bind.dn=uid\=admin,ou\=system
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue