libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Add configuration option for LDAP referral (#24852)

Browse source 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
This commit is contained in:
Tero Saarni 2023-11-28 15:06:34 +02:00 committed by GitHub
parent 1b9abf104a
commit ab3758842c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 48 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPConfig.java
View file

@ -255,6 +255,10 @@ public class LDAPConfig {
} }
} }
public String getReferral() {
return config.getFirst(LDAPConstants.REFERRAL);
}
public void addBinaryAttribute(String attrName) { public void addBinaryAttribute(String attrName) {
binaryAttributeNames.add(attrName); binaryAttributeNames.add(attrName);
} }

3
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
View file

@ -203,6 +203,9 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
.type(ProviderConfigProperty.BOOLEAN_TYPE) .type(ProviderConfigProperty.BOOLEAN_TYPE)
.defaultValue("true") .defaultValue("true")
.add() .add()
.property().name(LDAPConstants.REFERRAL)
.type(ProviderConfigProperty.STRING_TYPE)
.add()
.property().name(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION) .property().name(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION)
.type(ProviderConfigProperty.BOOLEAN_TYPE) .type(ProviderConfigProperty.BOOLEAN_TYPE)
.defaultValue("false") .defaultValue("false")

5
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPContextManager.java
View file

@ -235,6 +235,11 @@ public final class LDAPContextManager implements AutoCloseable {
env.put("java.naming.ldap.attributes.binary", binaryAttrs); env.put("java.naming.ldap.attributes.binary", binaryAttrs);
} }
String referral = ldapConfig.getReferral();
if (referral != null) {
env.put(Context.REFERRAL, referral);
}
return new Hashtable<>(env); return new Hashtable<>(env);
} }

2
js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
View file

@ -2918,3 +2918,5 @@ invalidEmailMessage='{{0}}': Invalid email address.
missingLastNameMessage='{{0}}': Please specify last name. missingLastNameMessage='{{0}}': Please specify last name.
missingEmailMessage='{{0}}': Please specify email. missingEmailMessage='{{0}}': Please specify email.
missingPasswordMessage='{{0}}': Please specify password. missingPasswordMessage='{{0}}': Please specify password.
referral=Referral
referralHelp=Specifies if LDAP referrals should be followed or ignored. Please note that enabling referrals can slow down authentication as it allows the LDAP server to decide which other LDAP servers to use. This could potentially include untrusted servers.

32
js/apps/admin-ui/src/user-federation/ldap/LdapSettingsSearching.tsx
View file

@ -30,6 +30,7 @@ export const LdapSettingsSearching = ({
const [isSearchScopeDropdownOpen, setIsSearchScopeDropdownOpen] = const [isSearchScopeDropdownOpen, setIsSearchScopeDropdownOpen] =
useState(false); useState(false);
const [isEditModeDropdownOpen, setIsEditModeDropdownOpen] = useState(false); const [isEditModeDropdownOpen, setIsEditModeDropdownOpen] = useState(false);
const [isReferralDropdownOpen, setIsReferralDropdownOpen] = useState(false);
return ( return (
<> <>
@ -403,6 +404,37 @@ export const LdapSettingsSearching = ({
)} )}
></Controller> ></Controller>
</FormGroup> </FormGroup>
<FormGroup
label={t("referral")}
labelIcon={
<HelpItem helpText={t("referralHelp")} fieldLabelId="referral" />
}
fieldId="kc-referral"
>
<Controller
name="config.referral.0"
defaultValue=""
control={form.control}
render={({ field }) => (
<Select
toggleId="kc-referral"
onToggle={() =>
setIsReferralDropdownOpen(!isReferralDropdownOpen)
}
isOpen={isReferralDropdownOpen}
onSelect={(_, value) => {
field.onChange(value as string);
setIsReferralDropdownOpen(false);
}}
selections={field.value}
variant={SelectVariant.single}
>
<SelectOption value="ignore" isPlaceholder />
<SelectOption value="follow" />
</Select>
)}
></Controller>
</FormGroup>
</FormAccess> </FormAccess>
</> </>
); );

2
server-spi-private/src/main/java/org/keycloak/models/LDAPConstants.java
View file

@ -145,6 +145,8 @@ public class LDAPConstants {
public static final String LDAP_MATCHING_RULE_IN_CHAIN = ":1.2.840.113556.1.4.1941:"; public static final String LDAP_MATCHING_RULE_IN_CHAIN = ":1.2.840.113556.1.4.1941:";
public static final String REFERRAL = "referral";
public static String getUuidAttributeName(String vendor) { public static String getUuidAttributeName(String vendor) {
if (vendor != null) { if (vendor != null) {
switch (vendor) { switch (vendor) {