Commit graph

296 commits

Author SHA1 Message Date
Cédric Couralet
5f006b283a KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Felix Borchers
3d175dbe0c KEYCLOAK-11582 Fix ldap groups sync which fails when syncing back to MSAD (#6348)
* KEYCLOAK-11582 Fix sync which fails when syncing to MSAD
2019-10-03 20:13:12 +02:00
Sven-Torben Janus
1887d3b038 KEYCLOAK-10942 Incorporate comments from code review
see https://github.com/keycloak/keycloak/pull/6251/files#r325212980
2019-09-18 09:47:18 +02:00
Sven-Torben Janus
f261c43fab KEYCLOAK-10942 Support eDirectory GUID
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
2019-09-18 09:47:18 +02:00
Jan Lieskovsky
7ab854fecf [KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Sven-Torben Janus
c883c11e7e KEYCLOAK-10158 Use PEM cert as X.509 user identity
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).

KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
rmartinc
a9a4e9daae KEYCLOAK-9884: "user-attribute-ldap-mapper" is not propagating the change of "username" (uid) attribute. 2019-03-27 19:07:51 +01:00
rmartinc
2602c222cd KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted 2019-03-14 18:40:15 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
mposolda
adc3017ff9 KEYCLOAK-8688 LDAPSyncTest is failing in some environments 2019-02-13 12:48:48 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
Jonatas Esteves Silverio
0d9964c185 KEYCLOAK-7990 Use attribute name from config on LDAP group creation
Use CommonLDAPGroupMapperConfig.getMembershipLdapAttribute() instead of
constant LDAPConstants.MEMBER to honor the "membership.ldap.attribute"
config key when creating a LDAP group. This fixes an error when trying
to create a group on a DS server configured with a different member
attribute than the standard "member" (eg. 389ds).
2018-12-13 07:53:09 +01:00
mposolda
88141320ac KEYCLOAK-9002 StackOverflowError when reading LDAP-backed users via REST API 2018-12-07 12:25:05 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
575851d45c KEYCLOAK-6038 Kerberos cross-realm trust test 2018-08-10 13:31:36 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Jean-Loup Maillet
af47bd5da8 corrected groups set to be able to add group & explicit imports 2018-06-26 13:30:44 +02:00
J-Loup
0ee5c97b1c Tooltip correction on group selection
Tooltip correction on group selection for hardcoded-ldap-group-mapper
2018-06-26 13:30:44 +02:00
Jean-Loup Maillet
d07f13eace hardcoded-ldap-group-mapper 2018-06-26 13:30:44 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Rick van den Hof
2e22dcfc47 Add unit tests 2018-05-29 10:03:54 +02:00
Rick van den Hof
16fd6558a6 Enable adding of default groups 2018-05-29 10:03:54 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
Lubos.Palisek
2bab2acf5b [KEYCLOAK-7239] Fixed ConcurrentModificationException while importing from LDAP with "ignoreMissingGroups" checked.
Fixed test so that now it checks this use case.
2018-04-26 18:54:00 +02:00
Ingo Bauersachs
5e4d173f1d KEYCLOAK-7194: avoid NullPointerException (#5157) 2018-04-20 09:24:12 +02:00
Douglas Palmer
cf056b3464 [KEYCLOAK-6069] Allow configuration of LDAP connection pooling 2018-04-06 20:27:11 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hisanobu Okuda
3d0512efd8 KEYCLOAK-3842 SPNEGO: Support for multiple kerberos realms 2017-12-14 12:54:20 +01:00
mposolda
b793e42c53 KEYCLOAK-5017 Adding user to newly created group caused sync all groups to LDAP 2017-12-13 09:15:47 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
mposolda
bd25040e22 KEYCLOAK-5827 Retrieve member attribute from LDAP on group/role queries just when necessary 2017-11-15 15:29:19 +01:00
mposolda
c4a1764801 KEYCLOAK-5836 More logging around LDAP performance. Added LdapManyObjectsInitializerCommand to easily add many users and groups to the LDAP 2017-11-15 15:29:19 +01:00
mposolda
0c414eee80 KEYCLOAK-5848 Possibility to configure different attribute for GET_GROUPS_FROM_USER_MEMBEROF_STRATEGY 2017-11-14 15:05:26 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00