Package org.keycloak.storage.ldap.idm.store.ldap

Class LDAPIdentityStore

java.lang.Object

org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore

All Implemented Interfaces:

IdentityStore

public class LDAPIdentityStore
extends Object
implements IdentityStore

An IdentityStore implementation backed by an LDAP directory

Author:

Shane Bryzak, Anil Saldhana, Pedro Silva

Constructor Summary

Constructors

Constructor	Description
LDAPIdentityStore(KeycloakSession session, LDAPConfig config)

Method Summary

Modifier and Type	Method	Description
void	add(LDAPObject ldapObject)	Persists the specified IdentityType
void	addMemberToGroup(LdapName groupDn, String memberAttrName, String value)	Adds a member to a group.
protected void	checkRename(LDAPObject ldapObject)
int	countQueryResults(LDAPQuery identityQuery)
protected Condition	createIdentityTypeSearchFilter(LDAPQuery identityQuery)
protected BasicAttributes	extractAttributesForSaving(LDAPObject ldapObject, boolean isCreate)
List<LDAPObject>	fetchQueryResults(LDAPQuery identityQuery)
LDAPConfig	getConfig()	Returns the configuration for this IdentityStore instance
String	getPasswordModificationTimeAttributeName()
Set<LDAPCapabilityRepresentation>	queryServerCapabilities()	Query the LDAP server RootDSE and extract the LDAPCapabilityRepresentation of all supported extensions, controls and features the server announces.
void	remove(LDAPObject ldapObject)	Removes the specified IdentityType
void	removeMemberFromGroup(LdapName groupDn, String memberAttrName, String value)	Removes a member from a group.
void	update(LDAPObject ldapObject)	Updates the specified IdentityType
void	updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator)	Updates the specified credential value.
void	validatePassword(LDAPObject user, String password)	Validates the specified credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LDAPIdentityStore

public LDAPIdentityStore(KeycloakSession session,
 LDAPConfig config)

Method Details

getConfig

public LDAPConfig getConfig()

Description copied from interface: IdentityStore

Returns the configuration for this IdentityStore instance

Specified by:

getConfig in interface IdentityStore

Returns:

add

public void add(LDAPObject ldapObject)

Description copied from interface: IdentityStore

Persists the specified IdentityType

Specified by:

add in interface IdentityStore

addMemberToGroup

public void addMemberToGroup(LdapName groupDn,
 String memberAttrName,
 String value)

Description copied from interface: IdentityStore

Adds a member to a group.

Specified by:

addMemberToGroup in interface IdentityStore

Parameters:

groupDn - The DN of the group object

memberAttrName - The member attribute name

value - The value (it can be uid or dn depending the group type)

removeMemberFromGroup

public void removeMemberFromGroup(LdapName groupDn,
 String memberAttrName,
 String value)

Description copied from interface: IdentityStore

Removes a member from a group.

Specified by:

removeMemberFromGroup in interface IdentityStore

Parameters:

groupDn - The DN of the group object

memberAttrName - The member attribute name

value - The value (it can be uid or dn depending the group type)

update

public void update(LDAPObject ldapObject)

Description copied from interface: IdentityStore

Updates the specified IdentityType

Specified by:

update in interface IdentityStore

checkRename

protected void checkRename(LDAPObject ldapObject)

remove

public void remove(LDAPObject ldapObject)

Description copied from interface: IdentityStore

Removes the specified IdentityType

Specified by:

remove in interface IdentityStore

fetchQueryResults

public List<LDAPObject> fetchQueryResults(LDAPQuery identityQuery)

Specified by:

fetchQueryResults in interface IdentityStore

countQueryResults

public int countQueryResults(LDAPQuery identityQuery)

Specified by:

countQueryResults in interface IdentityStore

queryServerCapabilities

public Set<LDAPCapabilityRepresentation> queryServerCapabilities()

Description copied from interface: IdentityStore

Query the LDAP server RootDSE and extract the LDAPCapabilityRepresentation of all supported extensions, controls and features the server announces. The LDAP Wiki provides a list of known capabilities. Will throw a ModelException on any LDAP error, or when the searchResult is empty.

Specified by:

queryServerCapabilities in interface IdentityStore

Returns:

a set of LDAPOid, each representing a server capability (control, extension or feature).

validatePassword

public void validatePassword(LDAPObject user,
 String password)
                      throws AuthenticationException

Description copied from interface: IdentityStore

Validates the specified credentials.

Specified by:

validatePassword in interface IdentityStore

Parameters:

user - Keycloak user

password - Ldap password

Throws:

AuthenticationException - if authentication is not successful

updatePassword

public void updatePassword(LDAPObject user,
 String password,
 LDAPOperationDecorator passwordUpdateDecorator)

Description copied from interface: IdentityStore

Updates the specified credential value.

Specified by:

updatePassword in interface IdentityStore

Parameters:

user - Keycloak user

password - Ldap password

passwordUpdateDecorator - Callback to be executed before/after password update. Can be null

createIdentityTypeSearchFilter

protected Condition createIdentityTypeSearchFilter(LDAPQuery identityQuery)

extractAttributesForSaving

protected BasicAttributes extractAttributesForSaving(LDAPObject ldapObject,
 boolean isCreate)

getPasswordModificationTimeAttributeName

public String getPasswordModificationTimeAttributeName()