libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-19391: Fix ldap query search adding custom serach filter

Browse source
This commit is contained in:
Marcelo Sales 2021-11-25 10:30:42 +01:00 committed by Marek Posolda
parent cdd5c47ed7
commit e69c3dcb1f
1 changed files with 18 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
View file

@ -370,26 +370,36 @@ public class LDAPOperationManager {
} }
public String getFilterById(String id) { public String getFilterById(String id) {
String filter = null; StringBuilder filter = new StringBuilder();
filter.insert(0, "(&");
if (this.config.isObjectGUID()) { if (this.config.isObjectGUID()) {
byte[] objectGUID = LDAPUtil.encodeObjectGUID(id); byte[] objectGUID = LDAPUtil.encodeObjectGUID(id);
filter.append("(objectClass=*)(").append(
filter = "(&(objectClass=*)(" + getUuidAttributeName() + LDAPConstants.EQUAL + LDAPUtil.convertObjectGUIDToByteString(objectGUID) + "))"; getUuidAttributeName()).append(LDAPConstants.EQUAL)
.append(LDAPUtil.convertObjectGUIDToByteString(
objectGUID)).append(")");
} else if (this.config.isEdirectoryGUID()) { } else if (this.config.isEdirectoryGUID()) {
filter = "(&(objectClass=*)(" + getUuidAttributeName().toUpperCase() + LDAPConstants.EQUAL + LDAPUtil.convertGUIDToEdirectoryHexString(id) + "))"; filter.append("(objectClass=*)(").append(getUuidAttributeName().toUpperCase())
.append(LDAPConstants.EQUAL
).append(LDAPUtil.convertGUIDToEdirectoryHexString(id)).append(")");
} else {
filter.append("(objectClass=*)(").append(getUuidAttributeName()).append(LDAPConstants.EQUAL)
.append(id).append(")");
} }
if (filter == null) { if (config.getCustomUserSearchFilter() != null) {
filter = "(&(objectClass=*)(" + getUuidAttributeName() + LDAPConstants.EQUAL + id + "))"; filter.append(config.getCustomUserSearchFilter());
} }
if (logger.isTraceEnabled()) { if (logger.isTraceEnabled()) {
logger.tracef("Using filter for lookup user by LDAP ID: %s", filter); logger.tracef("Using filter for lookup user by LDAP ID: %s", filter.toString());
} }
return filter; filter.append(")");
return filter.toString();
} }
public SearchResult lookupById(final String baseDN, final String id, final Collection<String> returningAttributes) { public SearchResult lookupById(final String baseDN, final String id, final Collection<String> returningAttributes) {