libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-2640 LDAP group sync does not sync more than 1000 groups

Browse source
This commit is contained in:
mposolda 2016-03-11 12:27:37 +01:00
parent 4f0d827aca
commit c6a7d0b772
3 changed files with 40 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
View file

@ -131,7 +131,12 @@ public class LDAPConfig {
public boolean isPagination() { public boolean isPagination() {
String pagination = config.get(LDAPConstants.PAGINATION); String pagination = config.get(LDAPConstants.PAGINATION);
return pagination==null ? false : Boolean.parseBoolean(pagination); return Boolean.parseBoolean(pagination);
}
public int getBatchSizeForSync() {
String pageSizeConfig = config.get(LDAPConstants.BATCH_SIZE_FOR_SYNC);
return pageSizeConfig!=null ? Integer.parseInt(pageSizeConfig) : LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC;
} }
public String getUsernameLdapAttribute() { public String getUsernameLdapAttribute() {

7
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
View file

@ -274,11 +274,10 @@ public class LDAPFederationProviderFactory extends UserFederationEventAwareProvi
final UserFederationSyncResult syncResult = new UserFederationSyncResult(); final UserFederationSyncResult syncResult = new UserFederationSyncResult();
boolean pagination = Boolean.parseBoolean(fedModel.getConfig().get(LDAPConstants.PAGINATION)); LDAPConfig ldapConfig = new LDAPConfig(fedModel.getConfig());
boolean pagination = ldapConfig.isPagination();
if (pagination) { if (pagination) {
int pageSize = ldapConfig.getBatchSizeForSync();
String pageSizeConfig = fedModel.getConfig().get(LDAPConstants.BATCH_SIZE_FOR_SYNC);
int pageSize = pageSizeConfig!=null ? Integer.parseInt(pageSizeConfig) : LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC;
boolean nextPage = true; boolean nextPage = true;
while (nextPage) { while (nextPage) {

33
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/membership/group/GroupLDAPFederationMapper.java
View file

@ -27,6 +27,7 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.federation.ldap.LDAPConfig;
import org.keycloak.federation.ldap.LDAPFederationProvider; import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils; import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPDn; import org.keycloak.federation.ldap.idm.model.LDAPDn;
@ -41,9 +42,11 @@ import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.federation.ldap.mappers.membership.MembershipType; import org.keycloak.federation.ldap.mappers.membership.MembershipType;
import org.keycloak.federation.ldap.mappers.membership.UserRolesRetrieveStrategy; import org.keycloak.federation.ldap.mappers.membership.UserRolesRetrieveStrategy;
import org.keycloak.models.GroupModel; import org.keycloak.models.GroupModel;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException; import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel; import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserFederationSyncResult; import org.keycloak.models.UserFederationSyncResult;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
@ -149,8 +152,7 @@ public class GroupLDAPFederationMapper extends AbstractLDAPFederationMapper impl
logger.debugf("Syncing groups from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName()); logger.debugf("Syncing groups from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
// Get all LDAP groups // Get all LDAP groups
LDAPQuery ldapQuery = createGroupQuery(); List<LDAPObject> ldapGroups = getAllLDAPGroups();
List<LDAPObject> ldapGroups = ldapQuery.getResultList();
// Convert to internal format // Convert to internal format
Map<String, LDAPObject> ldapGroupsMap = new HashMap<>(); Map<String, LDAPObject> ldapGroupsMap = new HashMap<>();
@ -321,6 +323,33 @@ public class GroupLDAPFederationMapper extends AbstractLDAPFederationMapper impl
return kcGroup; return kcGroup;
} }
// Send LDAP query to retrieve all groups
protected List<LDAPObject> getAllLDAPGroups() {
LDAPQuery ldapGroupQuery = createGroupQuery();
LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
boolean pagination = ldapConfig.isPagination();
if (pagination) {
// For now reuse globally configured batch size in LDAP provider page
int pageSize = ldapConfig.getBatchSizeForSync();
List<LDAPObject> result = new LinkedList<>();
boolean nextPage = true;
while (nextPage) {
ldapGroupQuery.setLimit(pageSize);
final List<LDAPObject> currentPageGroups = ldapGroupQuery.getResultList();
result.addAll(currentPageGroups);
nextPage = ldapGroupQuery.getPaginationContext() != null;
}
return result;
} else {
// LDAP pagination not available. Do everything in single transaction
return ldapGroupQuery.getResultList();
}
}
// Sync from Keycloak to LDAP // Sync from Keycloak to LDAP