KEYCLOAK-1357 LDAP migration

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java

@@ -48,7 +48,14 @@ public String getSecurityProtocol() {
     }
 
     public String getUsersDn() {
-        return config.get(LDAPConstants.USERS_DN);
+        String usersDn = config.get(LDAPConstants.USERS_DN);
+
+        if (usersDn == null) {
+            // Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
+            usersDn = config.get("userDnSuffix");
+        }
+
+        return usersDn;
     }
 
     public Collection<String> getUserObjectClasses() {
@@ -101,31 +108,13 @@ public String getUuidLDAPAttributeName() {
         if (uuidAttrName == null) {
             // Differences of unique attribute among various vendors
             String vendor = getVendor();
-            if (vendor != null) {
-                switch (vendor) {
-                    case LDAPConstants.VENDOR_RHDS:
-                        uuidAttrName = "nsuniqueid";
-                        break;
-                    case LDAPConstants.VENDOR_TIVOLI:
-                        uuidAttrName = "uniqueidentifier";
-                        break;
-                    case LDAPConstants.VENDOR_NOVELL_EDIRECTORY:
-                        uuidAttrName = "guid";
-                        break;
-                    case LDAPConstants.VENDOR_ACTIVE_DIRECTORY:
-                        uuidAttrName = LDAPConstants.OBJECT_GUID;
-                }
-            }
-
-            if (uuidAttrName == null) {
-                uuidAttrName = LDAPConstants.ENTRY_UUID;
-            }
+            uuidAttrName = LDAPConstants.getUuidAttributeName(vendor);
         }
 
         return uuidAttrName;
     }
 
-    // TODO: Remove and use mapper instead
+    // TODO: Remove and use mapper instead?
     public boolean isUserAccountControlsAfterPasswordUpdate() {
         String userAccountCtrls = config.get(LDAPConstants.USER_ACCOUNT_CONTROLS_AFTER_PASSWORD_UPDATE);
         return userAccountCtrls==null ? false : Boolean.parseBoolean(userAccountCtrls);
@@ -148,6 +137,12 @@ public String getRdnLdapAttribute() {
         String rdn = config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE);
         if (rdn == null) {
             rdn = getUsernameLdapAttribute();
+
+            if (rdn.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                // Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
+                rdn = LDAPConstants.CN;
+            }
+
         }
         return rdn;
     }

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java

@@ -41,7 +41,7 @@
  */
 public class LDAPFederationProviderFactory extends UserFederationEventAwareProviderFactory {
     private static final Logger logger = Logger.getLogger(LDAPFederationProviderFactory.class);
-    public static final String PROVIDER_NAME = "ldap";
+    public static final String PROVIDER_NAME = LDAPConstants.LDAP_PROVIDER;
 
     private LDAPIdentityStoreRegistry ldapStoreRegistry;
 
@@ -79,7 +79,7 @@ public Set<String> getConfigurationOptions() {
 
     // Best effort to create appropriate mappers according to our LDAP config
     @Override
-    protected void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
+    public void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
         LDAPConfig ldapConfig = new LDAPConfig(newProviderModel.getConfig());
 
         boolean activeDirectory = ldapConfig.isActiveDirectory();

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java

@@ -55,23 +55,6 @@ public static LDAPIdentityStore createLdapIdentityStore(Map<String,String> ldapC
         checkSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain");
         checkSystemProperty("com.sun.jndi.ldap.connect.pool.debug", "off");
 
-        /*String ldapLoginNameMapping = ldapConfig.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
-        if (ldapLoginNameMapping == null) {
-            ldapLoginNameMapping = activeDirectory ? LDAPConstants.CN : LDAPConstants.UID;
-        }
-
-        String ldapFirstNameMapping = activeDirectory ?  "givenName" : LDAPConstants.CN;
-        String createTimestampMapping = activeDirectory ? "whenCreated" : LDAPConstants.CREATE_TIMESTAMP;
-        String modifyTimestampMapping = activeDirectory ? "whenChanged" : LDAPConstants.MODIFY_TIMESTAMP;
-        String[] userObjectClasses = getUserObjectClasses(ldapConfig);  */
-
-
-/*        if (activeDirectory && ldapLoginNameMapping.equals("sAMAccountName")) {
-            ldapUserMappingConfig.setBindingDnPropertyName("fullName");
-            ldapUserMappingConfig.addAttributeMapping("fullName", LDAPConstants.CN);
-            logger.infof("Using 'cn' attribute for DN of user and 'sAMAccountName' for username");
-        }    */
-
         return new LDAPIdentityStore(cfg);
     }
 

model/api/src/main/java/org/keycloak/migration/MigrationModel.java

@@ -11,7 +11,7 @@ public interface MigrationModel {
     /**
      * Must have the form of major.minor.micro as the version is parsed and numbers are compared
      */
-    public static final String LATEST_VERSION = "1.2.0.CR1";
+    public static final String LATEST_VERSION = "1.3.0.Beta1";
 
     String getStoredVersion();
     void setStoredVersion(String version);

model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java

@@ -17,11 +17,13 @@ public static void migrate(KeycloakSession session) {
         String storedVersion = model.getStoredVersion();
         if (MigrationModel.LATEST_VERSION.equals(storedVersion)) return;
         ModelVersion stored = null;
-        if (storedVersion != null) new ModelVersion(storedVersion);
+        if (storedVersion != null) {
+            stored = new ModelVersion(storedVersion);
+        }
 
         if (stored == null || stored.lessThan(MigrationTo1_2_0_CR1.VERSION)) {
             if (stored != null) {
-                logger.debug("Migrating older model to 1.2.0.RC1 updates");
+                logger.debug("Migrating older model to 1.2.0.CR1 updates");
             }
             new MigrationTo1_2_0_CR1().migrate(session);
         }

model/api/src/main/java/org/keycloak/migration/ModelVersion.java

@@ -59,7 +59,7 @@ public boolean lessThan(ModelVersion version) {
         if (major < version.major) return true;
         if (minor < version.minor) return true;
         if (micro < version.micro) return true;
-        if (qualifier == version.qualifier) return false;
+        if (qualifier != null && qualifier.equals(version.qualifier)) return false;
         if (qualifier == null) return false;
         if (version.qualifier == null) return true;
         int comp = qualifier.compareTo(version.qualifier);

model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java

@@ -2,10 +2,18 @@
 
 import org.keycloak.migration.ModelVersion;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserFederationEventAwareProviderFactory;
+import org.keycloak.models.UserFederationProvider;
+import org.keycloak.models.UserFederationProviderFactory;
+import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 
 import java.util.List;
+import java.util.Map;
+
+import javax.naming.directory.SearchControls;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -21,7 +29,45 @@ public void migrate(KeycloakSession session) {
             if (realm.getAuthenticationFlows().size() == 0) {
                 DefaultAuthenticationFlows.addFlows(realm);
             }
+
+            migrateLDAPProviders(session, realm);
         }
 
     }
+
+    private void migrateLDAPProviders(KeycloakSession session, RealmModel realm) {
+        List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
+        for (UserFederationProviderModel fedProvider : federationProviders) {
+
+            if (fedProvider.getProviderName().equals(LDAPConstants.LDAP_PROVIDER)) {
+                Map<String, String> config = fedProvider.getConfig();
+
+                // Update config properties for LDAP federation provider
+                config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
+
+                String usersDn = config.remove("userDnSuffix");
+                config.put(LDAPConstants.USERS_DN, usersDn);
+
+                String rdnLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
+                if (rdnLdapAttribute != null) {
+                    if (rdnLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
+                    } else {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, rdnLdapAttribute);
+                    }
+                }
+
+                String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
+                config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
+
+                realm.updateUserFederationProvider(fedProvider);
+
+                // Create default mappers for LDAP
+                UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
+                if (ldapFactory != null) {
+                    ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
+                }
+            }
+        }
+    }
 }

model/api/src/main/java/org/keycloak/models/LDAPConstants.java

@@ -5,6 +5,8 @@
  */
 public class LDAPConstants {
 
+    public static final String LDAP_PROVIDER = "ldap";
+
     public static final String VENDOR = "vendor";
     public static final String VENDOR_RHDS = "rhds";
     public static final String VENDOR_ACTIVE_DIRECTORY = "ad";
@@ -80,4 +82,21 @@ public class LDAPConstants {
     public static final String OBJECT_GUID = "objectGUID";
     public static final String CREATE_TIMESTAMP = "createTimestamp";
     public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
+
+    public static String getUuidAttributeName(String vendor) {
+        if (vendor != null) {
+            switch (vendor) {
+                case VENDOR_RHDS:
+                    return "nsuniqueid";
+                case VENDOR_TIVOLI:
+                    return "uniqueidentifier";
+                case VENDOR_NOVELL_EDIRECTORY:
+                    return "guid";
+                case VENDOR_ACTIVE_DIRECTORY:
+                    return OBJECT_GUID;
+            }
+        }
+
+        return ENTRY_UUID;
+    }
 }

model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java

@@ -29,5 +29,5 @@ public void onEvent(ProviderEvent event) {
         });
     }
 
-    protected abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
+    public abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
 }

model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java

@@ -16,30 +16,30 @@ public void testVersion() {
         Assert.assertEquals(version_100Beta1.getMajor(), 1);
         Assert.assertEquals(version_100Beta1.getMinor(), 0);
         Assert.assertEquals(version_100Beta1.getMicro(), 0);
-        ModelVersion version_100RC1 = new ModelVersion("1.0.0.RC1");
+        ModelVersion version_100CR1 = new ModelVersion("1.0.0.CR1");
         ModelVersion version_100 = new ModelVersion("1.0.0");
         ModelVersion version_110Beta1 = new ModelVersion("1.1.0.Beta1");
-        ModelVersion version_110RC1 = new ModelVersion("1.1.0.RC1");
+        ModelVersion version_110CR1 = new ModelVersion("1.1.0.CR1");
         ModelVersion version_110 = new ModelVersion("1.1.0");
         ModelVersion version_111Beta1 = new ModelVersion("1.1.1.Beta1");
-        ModelVersion version_111RC1 = new ModelVersion("1.1.1.RC1");
+        ModelVersion version_111CR1 = new ModelVersion("1.1.1.CR1");
         ModelVersion version_111 = new ModelVersion("1.1.1");
         ModelVersion version_211Beta1 = new ModelVersion("2.1.1.Beta1");
-        ModelVersion version_211RC1 = new ModelVersion("2.1.1.RC1");
-        Assert.assertEquals(version_211RC1.getMajor(), 2);
-        Assert.assertEquals(version_211RC1.getMinor(), 1);
-        Assert.assertEquals(version_211RC1.getMicro(), 1);
-        Assert.assertEquals(version_211RC1.getQualifier(), "RC1");
+        ModelVersion version_211CR1 = new ModelVersion("2.1.1.CR1");
+        Assert.assertEquals(version_211CR1.getMajor(), 2);
+        Assert.assertEquals(version_211CR1.getMinor(), 1);
+        Assert.assertEquals(version_211CR1.getMicro(), 1);
+        Assert.assertEquals(version_211CR1.getQualifier(), "CR1");
         ModelVersion version_211 = new ModelVersion("2.1.1");
 
         Assert.assertFalse(version_100Beta1.lessThan(version_100Beta1));
-        Assert.assertTrue(version_100Beta1.lessThan(version_100RC1));
+        Assert.assertTrue(version_100Beta1.lessThan(version_100CR1));
         Assert.assertTrue(version_100Beta1.lessThan(version_100));
         Assert.assertTrue(version_100Beta1.lessThan(version_110Beta1));
-        Assert.assertTrue(version_100Beta1.lessThan(version_110RC1));
+        Assert.assertTrue(version_100Beta1.lessThan(version_110CR1));
         Assert.assertTrue(version_100Beta1.lessThan(version_110));
 
-        Assert.assertFalse(version_211.lessThan(version_110RC1));
+        Assert.assertFalse(version_211.lessThan(version_110CR1));
 
     }
 }