From e83de896c97c4487b5d17e2627b8ac64af50d1d0 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 28 May 2015 19:20:31 +0200 Subject: [PATCH] LDAP fixes + added authType to UI to allow users specify authType --- .../keycloak/federation/ldap/LDAPConfig.java | 11 +++++++---- .../ldap/LDAPFederationProvider.java | 6 +++--- .../keycloak/federation/ldap/LDAPUtils.java | 2 +- .../idm/store/ldap/LDAPIdentityStore.java | 12 ++++++------ .../idm/store/ldap/LDAPOperationManager.java | 5 +++-- .../admin/resources/js/controllers/users.js | 12 +++++++++++- .../resources/partials/federated-ldap.html | 19 ++++++++++++++++--- .../org/keycloak/models/LDAPConstants.java | 4 ++++ 8 files changed, 51 insertions(+), 20 deletions(-) diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java index 580a556da6..e192cf833d 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java @@ -12,7 +12,6 @@ import javax.naming.directory.SearchControls; import org.keycloak.models.LDAPConstants; import org.keycloak.models.UserFederationProvider; -import org.keycloak.models.UserFederationProviderModel; /** * @author Marek Posolda @@ -37,8 +36,12 @@ public class LDAPConfig { } public String getAuthType() { - // hardcoded for now - return "simple"; + String value = config.get(LDAPConstants.AUTH_TYPE); + if (value == null) { + return LDAPConstants.AUTH_TYPE_SIMPLE; + } else { + return value; + } } public String getSecurityProtocol() { @@ -70,7 +73,7 @@ public class LDAPConfig { String[] objectClasses = objClassesStr.split(","); // Trim them - Set userObjClasses = new HashSet(); + Set userObjClasses = new HashSet<>(); for (int i=0 ; i federationMappers = realm.getUserFederationMappers(); + Set federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId()); for (UserFederationMapperModel mapperModel : federationMappers) { LDAPFederationMapper ldapMapper = getMapper(mapperModel); proxied = ldapMapper.proxy(mapperModel, this, ldapObject, proxied, realm); @@ -263,7 +263,7 @@ public class LDAPFederationProvider implements UserFederationProvider { UserModel imported = session.userStorage().addUser(realm, ldapUsername); imported.setEnabled(true); - Set federationMappers = realm.getUserFederationMappers(); + Set federationMappers = realm.getUserFederationMappersByFederationProvider(getModel().getId()); for (UserFederationMapperModel mapperModel : federationMappers) { LDAPFederationMapper ldapMapper = getMapper(mapperModel); ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, imported, realm, true); @@ -399,7 +399,7 @@ public class LDAPFederationProvider implements UserFederationProvider { if ((fedModel.getId().equals(currentUser.getFederationLink())) && (ldapUser.getUuid().equals(currentUser.getAttribute(LDAPConstants.LDAP_ID)))) { // Update keycloak user - Set federationMappers = realm.getUserFederationMappers(); + Set federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId()); for (UserFederationMapperModel mapperModel : federationMappers) { LDAPFederationMapper ldapMapper = getMapper(mapperModel); ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, currentUser, realm, false); diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java index 37e110ceab..d267bb196e 100755 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java @@ -62,7 +62,7 @@ public class LDAPUtils { ldapQuery.addSearchDns(config.getUserDns()); ldapQuery.addObjectClasses(config.getUserObjectClasses()); - Set mapperModels = realm.getUserFederationMappers(); + Set mapperModels = realm.getUserFederationMappersByFederationProvider(ldapProvider.getModel().getId()); ldapQuery.addMappers(mapperModels); return ldapQuery; diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java index 552d298e20..be37f746e2 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java @@ -108,7 +108,7 @@ public class LDAPIdentityStore implements IdentityStore { @Override public List fetchQueryResults(LDAPIdentityQuery identityQuery) { - List results = new ArrayList(); + List results = new ArrayList<>(); try { if (identityQuery.getSorting() != null && !identityQuery.getSorting().isEmpty()) { @@ -153,7 +153,7 @@ public class LDAPIdentityStore implements IdentityStore { } } } catch (Exception e) { - throw new ModelException("Querying of identity type failed " + identityQuery, e); + throw new ModelException("Querying of LDAP failed " + identityQuery, e); } return results; @@ -382,7 +382,7 @@ public class LDAPIdentityStore implements IdentityStore { NamingEnumeration ldapAttributes = attributes.getAll(); // Exact name of attributes might be different - List uppercasedReadOnlyAttrNames = new ArrayList(); + List uppercasedReadOnlyAttrNames = new ArrayList<>(); for (String readonlyAttr : readOnlyAttrNames) { uppercasedReadOnlyAttrNames.add(readonlyAttr.toUpperCase()); } @@ -402,11 +402,11 @@ public class LDAPIdentityStore implements IdentityStore { Object uuidValue = ldapAttribute.get(); ldapObject.setUuid(this.operationManager.decodeEntryUUID(uuidValue)); } else { - Set attrValues = new TreeSet(); + Set attrValues = new TreeSet<>(); NamingEnumeration enumm = ldapAttribute.getAll(); while (enumm.hasMoreElements()) { - String objectClass = enumm.next().toString(); - attrValues.add(objectClass); + String attrVal = enumm.next().toString(); + attrValues.add(attrVal); } if (ldapAttributeName.toLowerCase().equals(LDAPConstants.OBJECT_CLASS)) { diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java index 0a9f4dcf09..c097e4e1a8 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java @@ -451,8 +451,9 @@ public class LDAPOperationManager { private Map createConnectionProperties() { HashMap env = new HashMap(); + String authType = this.config.getAuthType(); env.put(Context.INITIAL_CONTEXT_FACTORY, this.config.getFactoryName()); - env.put(Context.SECURITY_AUTHENTICATION, this.config.getAuthType()); + env.put(Context.SECURITY_AUTHENTICATION, authType); String protocol = this.config.getSecurityProtocol(); @@ -468,7 +469,7 @@ public class LDAPOperationManager { bindCredential = this.config.getBindCredential().toCharArray(); } - if (bindDN != null) { + if (!LDAPConstants.AUTH_TYPE_NONE.equals(authType)) { env.put(Context.SECURITY_PRINCIPAL, bindDN); env.put(Context.SECURITY_CREDENTIALS, bindCredential); } diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js index cee2689a77..0be51220cf 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js @@ -541,6 +541,7 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications, instance.config.debug = false; instance.config.useKerberosForPasswordAuthentication = false; + instance.config.authType = 'simple'; instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE; instance.config.searchScope = "1"; @@ -556,12 +557,16 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications, instance.config.debug = (instance.config.debug === 'true' || instance.config.debug === true); instance.config.useKerberosForPasswordAuthentication = (instance.config.useKerberosForPasswordAuthentication === 'true' || instance.config.useKerberosForPasswordAuthentication === true); + if (!instance.config.authType) { + instance.config.authType = 'simple'; + } if (!instance.config.batchSizeForSync) { instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE; } if (!instance.config.searchScope) { - instance.config.searchScope = "1"; + instance.config.searchScope = '1'; } + $scope.fullSyncEnabled = (instance.fullSyncPeriod && instance.fullSyncPeriod > 0); $scope.changedSyncEnabled = (instance.changedSyncPeriod && instance.changedSyncPeriod > 0); } @@ -581,6 +586,11 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications, { "id": "other", "name": "Other" } ]; + $scope.authTypes = [ + { "id": "none", "name": "none" }, + { "id": "simple", "name": "simple" } + ]; + $scope.searchScopes = [ { "id": "1", "name": "One Level" }, { "id": "2", "name": "Subtree" } diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html index 2b86f0941b..95d0ae9f8e 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html @@ -119,16 +119,29 @@
+ +
+
+ +
+
+ LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available +
+
- +
DN of LDAP admin, which will be used by Keycloak to access LDAP server
-
+
- +
Password of LDAP admin
diff --git a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java index 8e5d567e45..84fe6af6d5 100644 --- a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java +++ b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java @@ -23,6 +23,10 @@ public class LDAPConstants { public static final String BIND_DN = "bindDn"; public static final String BIND_CREDENTIAL = "bindCredential"; + public static final String AUTH_TYPE = "authType"; + public static final String AUTH_TYPE_NONE = "none"; + public static final String AUTH_TYPE_SIMPLE = "simple"; + public static final String SEARCH_SCOPE = "searchScope"; public static final String CONNECTION_POOLING = "connectionPooling"; public static final String PAGINATION = "pagination";