[keycloak-user] How to retrieve Organiational Unit from LDAP?
Celso Agra
celso.agra at gmail.com
Fri Mar 31 06:35:26 EDT 2017
I was thinking to create a PR for class UserAttributeLDAPStorageMapper =.
would be possible to do that?
I created a fork for that -->
https://github.com/keycloak/keycloak/compare/3.0.x...celsoagra:master
and here i the attached file with an idea (just a simple idea!! ).
2017-03-31 3:44 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
> Yes, I would likely create subclass of this one and override some method,
> so the attribute value is just your ou and not full DN. Just a note that
> LDAP Mapper SPI is unsupported and some method signatures can change in the
> future etc.
>
> Marek
>
>
> On 31/03/17 02:44, Celso Agra wrote:
>
> Maybe this class could help me to create a new Mapper:
>
> https://github.com/keycloak/keycloak/blob/94afba91a0d3f51021e036796c5367
> 47cc33796e/federation/ldap/src/main/java/org/keycloak/
> storage/ldap/mappers/UserAttributeLDAPStorageMapper.java
>
> 2017-03-30 21:31 GMT-03:00 Celso Agra <celso.agra at gmail.com>:
>
>> Thanks Marek! For now, I'm using the (a) option!
>>
>> But I think would be possible to implement an LDAP Mapper in the future.
>> just to get the "ou" info.
>> I'll take a look in the code and try to add a new Mapper Type.
>>
>> Thanks again! This is a really great tool!
>>
>> 2017-03-30 16:33 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>>
>>> There is no built-in support for this. However you can achieve it by
>>> doing any of:
>>>
>>> a) Map the LDAP_ENTRY_DN as attribute in your token and then have some
>>> logic in your application (or whenever it is needed) that will just parse
>>> name of the OU from the full DN.
>>> b) Create the custom LDAP mapper, which will do the above. Then it will
>>> be available in user attributes
>>> c) Create protocol mapper, which will do the above. User attribute will
>>> still contain just LDAP_ENTRY_DN, but you will have claim in the token with
>>> the value of your OU.
>>>
>>> I would personally go with (a) and handle it in your app if possible.
>>> That's the easiest path IMO.
>>>
>>> Marek
>>>
>>>
>>> On 30/03/17 20:20, Celso Agra wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'd like to retrieve the organizational unit (ou) from LDAP Mapper and
>>>> set
>>>> this in the User Attributes.
>>>>
>>>> When I get a user from LDAP, it set an attribute called LDAP_ENTRY_DN,
>>>> with
>>>> value : "uid=xxxxxx,ou=group,dc=dom3,dc=dom2,dc=dom1"
>>>>
>>>> So, I'd like to retrieve just the ou info "group", and set this to the
>>>> user
>>>> attribute.
>>>> Would be possible to do that? Is there some mapper type just to retrieve
>>>> this information?
>>>>
>>>> Best Regards,
>>>>
>>>>
>>>
>>
>>
>> --
>> ---
>> *Celso Agra*
>>
>
>
>
> --
> ---
> *Celso Agra*
>
>
>
--
---
*Celso Agra*
More information about the keycloak-user
mailing list