From ab3758842c8cb9634c91d925d226b082c1a92303 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Tue, 28 Nov 2023 15:06:34 +0200 Subject: [PATCH] Add configuration option for LDAP referral (#24852) Signed-off-by: Tero Saarni --- .../org/keycloak/storage/ldap/LDAPConfig.java | 4 +++ .../ldap/LDAPStorageProviderFactory.java | 3 ++ .../idm/store/ldap/LDAPContextManager.java | 5 +++ .../admin/messages/messages_en.properties | 2 ++ .../ldap/LdapSettingsSearching.tsx | 32 +++++++++++++++++++ .../org/keycloak/models/LDAPConstants.java | 2 ++ 6 files changed, 48 insertions(+) diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPConfig.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPConfig.java index acbb4213c4..b2704ba360 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPConfig.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPConfig.java @@ -255,6 +255,10 @@ public class LDAPConfig { } } + public String getReferral() { + return config.getFirst(LDAPConstants.REFERRAL); + } + public void addBinaryAttribute(String attrName) { binaryAttributeNames.add(attrName); } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java index ea727305b3..6bb287d454 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java @@ -203,6 +203,9 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory(env); } diff --git a/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties b/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties index b0e8534191..ecd9085424 100644 --- a/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties +++ b/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties @@ -2918,3 +2918,5 @@ invalidEmailMessage='{{0}}': Invalid email address. missingLastNameMessage='{{0}}': Please specify last name. missingEmailMessage='{{0}}': Please specify email. missingPasswordMessage='{{0}}': Please specify password. +referral=Referral +referralHelp=Specifies if LDAP referrals should be followed or ignored. Please note that enabling referrals can slow down authentication as it allows the LDAP server to decide which other LDAP servers to use. This could potentially include untrusted servers. diff --git a/js/apps/admin-ui/src/user-federation/ldap/LdapSettingsSearching.tsx b/js/apps/admin-ui/src/user-federation/ldap/LdapSettingsSearching.tsx index f463459bd3..ec81e940a0 100644 --- a/js/apps/admin-ui/src/user-federation/ldap/LdapSettingsSearching.tsx +++ b/js/apps/admin-ui/src/user-federation/ldap/LdapSettingsSearching.tsx @@ -30,6 +30,7 @@ export const LdapSettingsSearching = ({ const [isSearchScopeDropdownOpen, setIsSearchScopeDropdownOpen] = useState(false); const [isEditModeDropdownOpen, setIsEditModeDropdownOpen] = useState(false); + const [isReferralDropdownOpen, setIsReferralDropdownOpen] = useState(false); return ( <> @@ -403,6 +404,37 @@ export const LdapSettingsSearching = ({ )} > + + } + fieldId="kc-referral" + > + ( + + )} + > + ); diff --git a/server-spi-private/src/main/java/org/keycloak/models/LDAPConstants.java b/server-spi-private/src/main/java/org/keycloak/models/LDAPConstants.java index 228e84687c..11528a1ff8 100644 --- a/server-spi-private/src/main/java/org/keycloak/models/LDAPConstants.java +++ b/server-spi-private/src/main/java/org/keycloak/models/LDAPConstants.java @@ -145,6 +145,8 @@ public class LDAPConstants { public static final String LDAP_MATCHING_RULE_IN_CHAIN = ":1.2.840.113556.1.4.1941:"; + public static final String REFERRAL = "referral"; + public static String getUuidAttributeName(String vendor) { if (vendor != null) { switch (vendor) {