diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
index 580a556da6..e192cf833d 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
@@ -12,7 +12,6 @@ import javax.naming.directory.SearchControls;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.UserFederationProvider;
-import org.keycloak.models.UserFederationProviderModel;
/**
* @author Marek Posolda
@@ -37,8 +36,12 @@ public class LDAPConfig {
}
public String getAuthType() {
- // hardcoded for now
- return "simple";
+ String value = config.get(LDAPConstants.AUTH_TYPE);
+ if (value == null) {
+ return LDAPConstants.AUTH_TYPE_SIMPLE;
+ } else {
+ return value;
+ }
}
public String getSecurityProtocol() {
@@ -70,7 +73,7 @@ public class LDAPConfig {
String[] objectClasses = objClassesStr.split(",");
// Trim them
- Set userObjClasses = new HashSet();
+ Set userObjClasses = new HashSet<>();
for (int i=0 ; i federationMappers = realm.getUserFederationMappers();
+ Set federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId());
for (UserFederationMapperModel mapperModel : federationMappers) {
LDAPFederationMapper ldapMapper = getMapper(mapperModel);
proxied = ldapMapper.proxy(mapperModel, this, ldapObject, proxied, realm);
@@ -263,7 +263,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
UserModel imported = session.userStorage().addUser(realm, ldapUsername);
imported.setEnabled(true);
- Set federationMappers = realm.getUserFederationMappers();
+ Set federationMappers = realm.getUserFederationMappersByFederationProvider(getModel().getId());
for (UserFederationMapperModel mapperModel : federationMappers) {
LDAPFederationMapper ldapMapper = getMapper(mapperModel);
ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, imported, realm, true);
@@ -399,7 +399,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
if ((fedModel.getId().equals(currentUser.getFederationLink())) && (ldapUser.getUuid().equals(currentUser.getAttribute(LDAPConstants.LDAP_ID)))) {
// Update keycloak user
- Set federationMappers = realm.getUserFederationMappers();
+ Set federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId());
for (UserFederationMapperModel mapperModel : federationMappers) {
LDAPFederationMapper ldapMapper = getMapper(mapperModel);
ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, currentUser, realm, false);
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
index 37e110ceab..d267bb196e 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
@@ -62,7 +62,7 @@ public class LDAPUtils {
ldapQuery.addSearchDns(config.getUserDns());
ldapQuery.addObjectClasses(config.getUserObjectClasses());
- Set mapperModels = realm.getUserFederationMappers();
+ Set mapperModels = realm.getUserFederationMappersByFederationProvider(ldapProvider.getModel().getId());
ldapQuery.addMappers(mapperModels);
return ldapQuery;
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
index 552d298e20..be37f746e2 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
@@ -108,7 +108,7 @@ public class LDAPIdentityStore implements IdentityStore {
@Override
public List fetchQueryResults(LDAPIdentityQuery identityQuery) {
- List results = new ArrayList();
+ List results = new ArrayList<>();
try {
if (identityQuery.getSorting() != null && !identityQuery.getSorting().isEmpty()) {
@@ -153,7 +153,7 @@ public class LDAPIdentityStore implements IdentityStore {
}
}
} catch (Exception e) {
- throw new ModelException("Querying of identity type failed " + identityQuery, e);
+ throw new ModelException("Querying of LDAP failed " + identityQuery, e);
}
return results;
@@ -382,7 +382,7 @@ public class LDAPIdentityStore implements IdentityStore {
NamingEnumeration ldapAttributes = attributes.getAll();
// Exact name of attributes might be different
- List uppercasedReadOnlyAttrNames = new ArrayList();
+ List uppercasedReadOnlyAttrNames = new ArrayList<>();
for (String readonlyAttr : readOnlyAttrNames) {
uppercasedReadOnlyAttrNames.add(readonlyAttr.toUpperCase());
}
@@ -402,11 +402,11 @@ public class LDAPIdentityStore implements IdentityStore {
Object uuidValue = ldapAttribute.get();
ldapObject.setUuid(this.operationManager.decodeEntryUUID(uuidValue));
} else {
- Set attrValues = new TreeSet();
+ Set attrValues = new TreeSet<>();
NamingEnumeration enumm = ldapAttribute.getAll();
while (enumm.hasMoreElements()) {
- String objectClass = enumm.next().toString();
- attrValues.add(objectClass);
+ String attrVal = enumm.next().toString();
+ attrValues.add(attrVal);
}
if (ldapAttributeName.toLowerCase().equals(LDAPConstants.OBJECT_CLASS)) {
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
index 0a9f4dcf09..c097e4e1a8 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -451,8 +451,9 @@ public class LDAPOperationManager {
private Map createConnectionProperties() {
HashMap env = new HashMap();
+ String authType = this.config.getAuthType();
env.put(Context.INITIAL_CONTEXT_FACTORY, this.config.getFactoryName());
- env.put(Context.SECURITY_AUTHENTICATION, this.config.getAuthType());
+ env.put(Context.SECURITY_AUTHENTICATION, authType);
String protocol = this.config.getSecurityProtocol();
@@ -468,7 +469,7 @@ public class LDAPOperationManager {
bindCredential = this.config.getBindCredential().toCharArray();
}
- if (bindDN != null) {
+ if (!LDAPConstants.AUTH_TYPE_NONE.equals(authType)) {
env.put(Context.SECURITY_PRINCIPAL, bindDN);
env.put(Context.SECURITY_CREDENTIALS, bindCredential);
}
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
index cee2689a77..0be51220cf 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
@@ -541,6 +541,7 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
instance.config.debug = false;
instance.config.useKerberosForPasswordAuthentication = false;
+ instance.config.authType = 'simple';
instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE;
instance.config.searchScope = "1";
@@ -556,12 +557,16 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
instance.config.debug = (instance.config.debug === 'true' || instance.config.debug === true);
instance.config.useKerberosForPasswordAuthentication = (instance.config.useKerberosForPasswordAuthentication === 'true' || instance.config.useKerberosForPasswordAuthentication === true);
+ if (!instance.config.authType) {
+ instance.config.authType = 'simple';
+ }
if (!instance.config.batchSizeForSync) {
instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE;
}
if (!instance.config.searchScope) {
- instance.config.searchScope = "1";
+ instance.config.searchScope = '1';
}
+
$scope.fullSyncEnabled = (instance.fullSyncPeriod && instance.fullSyncPeriod > 0);
$scope.changedSyncEnabled = (instance.changedSyncPeriod && instance.changedSyncPeriod > 0);
}
@@ -581,6 +586,11 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
{ "id": "other", "name": "Other" }
];
+ $scope.authTypes = [
+ { "id": "none", "name": "none" },
+ { "id": "simple", "name": "simple" }
+ ];
+
$scope.searchScopes = [
{ "id": "1", "name": "One Level" },
{ "id": "2", "name": "Subtree" }
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
index 2b86f0941b..95d0ae9f8e 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
@@ -119,16 +119,29 @@
+
+
+
+
+
+
+ LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
+
+
-
+
DN of LDAP admin, which will be used by Keycloak to access LDAP server
-
+
-
+
Password of LDAP admin
diff --git a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
index 8e5d567e45..84fe6af6d5 100644
--- a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
+++ b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
@@ -23,6 +23,10 @@ public class LDAPConstants {
public static final String BIND_DN = "bindDn";
public static final String BIND_CREDENTIAL = "bindCredential";
+ public static final String AUTH_TYPE = "authType";
+ public static final String AUTH_TYPE_NONE = "none";
+ public static final String AUTH_TYPE_SIMPLE = "simple";
+
public static final String SEARCH_SCOPE = "searchScope";
public static final String CONNECTION_POOLING = "connectionPooling";
public static final String PAGINATION = "pagination";