KEYCLOAK-2640 LDAP group sync does not sync more than 1000 groups

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java

@@ -131,7 +131,12 @@ public class LDAPConfig {
 
     public boolean isPagination() {
         String pagination = config.get(LDAPConstants.PAGINATION);
-        return pagination==null ? false : Boolean.parseBoolean(pagination);
+        return Boolean.parseBoolean(pagination);
+    }
+
+    public int getBatchSizeForSync() {
+        String pageSizeConfig = config.get(LDAPConstants.BATCH_SIZE_FOR_SYNC);
+        return pageSizeConfig!=null ? Integer.parseInt(pageSizeConfig) : LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC;
     }
 
     public String getUsernameLdapAttribute() {

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java

@@ -274,11 +274,10 @@ public class LDAPFederationProviderFactory extends UserFederationEventAwareProvi
 
         final UserFederationSyncResult syncResult = new UserFederationSyncResult();
 
-        boolean pagination = Boolean.parseBoolean(fedModel.getConfig().get(LDAPConstants.PAGINATION));
+        LDAPConfig ldapConfig = new LDAPConfig(fedModel.getConfig());
+        boolean pagination = ldapConfig.isPagination();
         if (pagination) {
-
-            String pageSizeConfig = fedModel.getConfig().get(LDAPConstants.BATCH_SIZE_FOR_SYNC);
-            int pageSize = pageSizeConfig!=null ? Integer.parseInt(pageSizeConfig) : LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC;
+            int pageSize = ldapConfig.getBatchSizeForSync();
 
             boolean nextPage = true;
             while (nextPage) {

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/membership/group/GroupLDAPFederationMapper.java

@@ -27,6 +27,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.jboss.logging.Logger;
+import org.keycloak.federation.ldap.LDAPConfig;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPDn;
@@ -41,9 +42,11 @@ import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
 import org.keycloak.federation.ldap.mappers.membership.MembershipType;
 import org.keycloak.federation.ldap.mappers.membership.UserRolesRetrieveStrategy;
 import org.keycloak.models.GroupModel;
+import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.ModelException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationMapperModel;
+import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserFederationSyncResult;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
@@ -149,8 +152,7 @@ public class GroupLDAPFederationMapper extends AbstractLDAPFederationMapper impl
         logger.debugf("Syncing groups from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
 
         // Get all LDAP groups
-        LDAPQuery ldapQuery = createGroupQuery();
-        List<LDAPObject> ldapGroups = ldapQuery.getResultList();
+        List<LDAPObject> ldapGroups = getAllLDAPGroups();
 
         // Convert to internal format
         Map<String, LDAPObject> ldapGroupsMap = new HashMap<>();
@@ -321,6 +323,33 @@ public class GroupLDAPFederationMapper extends AbstractLDAPFederationMapper impl
         return kcGroup;
     }
 
+    // Send LDAP query to retrieve all groups
+    protected List<LDAPObject> getAllLDAPGroups() {
+        LDAPQuery ldapGroupQuery = createGroupQuery();
+
+        LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
+        boolean pagination = ldapConfig.isPagination();
+        if (pagination) {
+            // For now reuse globally configured batch size in LDAP provider page
+            int pageSize = ldapConfig.getBatchSizeForSync();
+
+            List<LDAPObject> result = new LinkedList<>();
+            boolean nextPage = true;
+
+            while (nextPage) {
+                ldapGroupQuery.setLimit(pageSize);
+                final List<LDAPObject> currentPageGroups = ldapGroupQuery.getResultList();
+                result.addAll(currentPageGroups);
+                nextPage = ldapGroupQuery.getPaginationContext() != null;
+            }
+
+            return result;
+        } else {
+            // LDAP pagination not available. Do everything in single transaction
+            return ldapGroupQuery.getResultList();
+        }
+    }
+
 
     // Sync from Keycloak to LDAP