org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate の継承関係図

org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate 連携図

公開メンバ関数
	MSADUserModelDelegate (UserModel delegate, LDAPObject ldapUser)

boolean	isEnabled ()

void	setEnabled (boolean enabled)

void	addRequiredAction (RequiredAction action)

void	addRequiredAction (String action)

void	removeRequiredAction (RequiredAction action)

void	removeRequiredAction (String action)

Set< String >	getRequiredActions ()

限定公開メンバ関数
long	getPwdLastSet ()

非公開変数類
final LDAPObject	ldapUser

詳解

構築子と解体子

◆ MSADUserModelDelegate()

org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.MSADUserModelDelegate	(	UserModel	delegate,
		LDAPObject	ldapUser
	)

inline

                                                                               {
             super(delegate);
             this.ldapUser = ldapUser;
         }

関数詳解

◆ addRequiredAction() [1/2]

void org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.addRequiredAction ( RequiredAction action )

inline

                                                              {
             String actionName = action.name();
             addRequiredAction(actionName);
         }

◆ addRequiredAction() [2/2]

void org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.addRequiredAction ( String action )

inline

                                                      {
             // Always update DB
             super.addRequiredAction(action);
 
             if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
                 logger.debugf("Going to propagate required action UPDATE_PASSWORD to MSAD for ldap user '%s' ", ldapUser.getDn().toString());
 
                 // Normally it's read-only
                 ldapUser.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);
 
                 ldapUser.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "0");
                 ldapProvider.getLdapIdentityStore().update(ldapUser);
             }
         }

◆ getPwdLastSet()

long org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.getPwdLastSet ( )

inlineprotected

                                        {
             String pwdLastSet = ldapUser.getAttributeAsString(LDAPConstants.PWD_LAST_SET);
             return pwdLastSet == null ? 0 : Long.parseLong(pwdLastSet);
         }

◆ getRequiredActions()

Set<String> org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.getRequiredActions ( )

inline

                                                 {
             Set<String> requiredActions = super.getRequiredActions();
 
             if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE) {
                 if (getPwdLastSet() == 0 || Boolean.parseBoolean(ldapUser.getAttributeAsString(LDAPConstants.MSDS_USER_PASSWORD_EXPIRED))) {
                     requiredActions = new HashSet<>(requiredActions);
                     requiredActions.add(RequiredAction.UPDATE_PASSWORD.toString());
                     return requiredActions;
                 }
             }
 
             return requiredActions;
         }

◆ isEnabled()

boolean org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.isEnabled ( )

inline

                                    {
             boolean kcEnabled = super.isEnabled();
 
             if (getPwdLastSet() > 0) {
                 // Merge KC and MSAD LDS
                 return kcEnabled && !Boolean.parseBoolean(ldapUser.getAttributeAsString(LDAPConstants.MSDS_USER_ACCOUNT_DISABLED));
             } else {
                 // If new MSAD LDS user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
                 return kcEnabled;
             }
         }

◆ removeRequiredAction() [1/2]

void org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.removeRequiredAction ( RequiredAction action )

inline

                                                                 {
             String actionName = action.name();
             removeRequiredAction(actionName);
         }

◆ removeRequiredAction() [2/2]

void org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.removeRequiredAction ( String action )

inline

                                                         {
             // Always update DB
             super.removeRequiredAction(action);
 
             if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
 
                 // Don't set pwdLastSet in MSAD LDS when it is new user
                 if (!Boolean.parseBoolean(ldapUser.getAttributeAsString(LDAPConstants.MSDS_USER_PASSWORD_NOTREQD))) {
                     logger.debugf("Going to remove required action UPDATE_PASSWORD from MSAD LDS for ldap user '%s' ", ldapUser.getDn().toString());
 
                     // Normally it's read-only
                     ldapUser.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);
 
                     ldapUser.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "-1");
                     ldapProvider.getLdapIdentityStore().update(ldapUser);
                 }
             }
         }

◆ setEnabled()

void org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.setEnabled ( boolean enabled )

inline

                                                 {
             // Always update DB
             super.setEnabled(enabled);
 
             if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && getPwdLastSet() > 0) {
                 if (enabled) {
                     logger.debugf("Removing msDS-UserAccountDisabled of user '%s'", ldapUser.getDn().toString());
                     // TODO: Use removeAttribute once available
                     ldapUser.setSingleAttribute(LDAPConstants.MSDS_USER_ACCOUNT_DISABLED, "FALSE");
                 } else {
                     logger.debugf("Setting msDS-UserAccountDisabled of user '%s' to value 'TRUE'", ldapUser.getDn().toString());
                     ldapUser.setSingleAttribute(LDAPConstants.MSDS_USER_ACCOUNT_DISABLED, "TRUE");
                 }
                 
                 ldapProvider.getLdapIdentityStore().update(ldapUser);
             }
         }

メンバ詳解

◆ ldapUser

final LDAPObject org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate.ldapUser

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/federation/src/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java

公開メンバ関数

限定公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ MSADUserModelDelegate()

関数詳解

◆ addRequiredAction() [1/2]

◆ addRequiredAction() [2/2]

◆ getPwdLastSet()

◆ getRequiredActions()

◆ isEnabled()

◆ removeRequiredAction() [1/2]

◆ removeRequiredAction() [2/2]

◆ setEnabled()

メンバ詳解

◆ ldapUser