Examples with SearchResult javax.naming.directory.SearchResult used on opensource projects

Example 11 with SearchResult

use of javax.naming.directory.SearchResult in project camel by apache.

the class LdapRouteTest method testLdapRouteReturnedAttributes.

@Test
public void testLdapRouteReturnedAttributes() throws Exception {
    // LDAP servers behave differently when it comes to what attributes are returned
    // by default (Apache Directory server returns all attributes by default)
    // Using the returnedAttributes parameter this behavior can be controlled
    camel.addRoutes(createRouteBuilder("ldap:localhost:" + port + "?base=ou=system&returnedAttributes=uid,cn"));
    camel.start();
    Endpoint endpoint = camel.getEndpoint("direct:start");
    Exchange exchange = endpoint.createExchange();
    // then we set the LDAP filter on the in body
    exchange.getIn().setBody("(uid=tcruise)");
    // now we send the exchange to the endpoint, and receives the response from Camel
    Exchange out = template.send(endpoint, exchange);
    Collection<SearchResult> searchResults = defaultLdapModuleOutAssertions(out);
    assertEquals(1, searchResults.size());
    assertTrue(contains("uid=tcruise,ou=actors,ou=system", searchResults));
    Attributes theOneResultAtts = searchResults.iterator().next().getAttributes();
    assertEquals("tcruise", theOneResultAtts.get("uid").get());
    assertEquals("Tom Cruise", theOneResultAtts.get("cn").get());
    // make sure this att is NOT returned anymore 
    assertNull(theOneResultAtts.get("sn"));
}

Example 12 with SearchResult

use of javax.naming.directory.SearchResult in project hadoop by apache.

the class LdapGroupsMapping method lookupGroup.

/**
   * Perform the second query to get the groups of the user.
   *
   * If posixGroups is enabled, use use posix gid/uid to find.
   * Otherwise, use the general group member attribute to find it.
   *
   * @param result the result object returned from the prior user lookup.
   * @param c the context object of the LDAP connection.
   * @return a list of strings representing group names of the user.
   * @throws NamingException if unable to find group names
   */
private List<String> lookupGroup(SearchResult result, DirContext c, int goUpHierarchy) throws NamingException {
    List<String> groups = new ArrayList<String>();
    Set<String> groupDNs = new HashSet<String>();
    NamingEnumeration<SearchResult> groupResults = null;
    // perform the second LDAP query
    if (isPosix) {
        groupResults = lookupPosixGroup(result, c);
    } else {
        String userDn = result.getNameInNamespace();
        groupResults = c.search(baseDN, "(&" + groupSearchFilter + "(" + groupMemberAttr + "={0}))", new Object[] { userDn }, SEARCH_CONTROLS);
    }
    // returned. Get group names from the returned objects.
    if (groupResults != null) {
        while (groupResults.hasMoreElements()) {
            SearchResult groupResult = groupResults.nextElement();
            getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0);
        }
        if (goUpHierarchy > 0 && !isPosix) {
            // convert groups to a set to ensure uniqueness
            Set<String> groupset = new HashSet<String>(groups);
            goUpGroupHierarchy(groupDNs, goUpHierarchy, groupset);
            // convert set back to list for compatibility
            groups = new ArrayList<String>(groupset);
        }
    }
    return groups;
}

Example 13 with SearchResult

use of javax.naming.directory.SearchResult in project hadoop by apache.

the class LdapGroupsMapping method doGetGroups.

/**
   * Perform LDAP queries to get group names of a user.
   *
   * Perform the first LDAP query to get the user object using the user's name.
   * If one-query is enabled, retrieve the group names from the user object.
   * If one-query is disabled, or if it failed, perform the second query to
   * get the groups.
   *
   * @param user user name
   * @return a list of group names for the user. If the user can not be found,
   * return an empty string array.
   * @throws NamingException if unable to get group names
   */
List<String> doGetGroups(String user, int goUpHierarchy) throws NamingException {
    DirContext c = getDirContext();
    // Search for the user. We'll only ever need to look at the first result
    NamingEnumeration<SearchResult> results = c.search(baseDN, userSearchFilter, new Object[] { user }, SEARCH_CONTROLS);
    // return empty list if the user can not be found.
    if (!results.hasMoreElements()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("doGetGroups(" + user + ") returned no groups because the " + "user is not found.");
        }
        return new ArrayList<String>();
    }
    SearchResult result = results.nextElement();
    List<String> groups = null;
    if (useOneQuery) {
        try {
            /**
         * For Active Directory servers, the user object has an attribute
         * 'memberOf' that represents the DNs of group objects to which the
         * user belongs. So the second query may be skipped.
         */
            Attribute groupDNAttr = result.getAttributes().get(memberOfAttr);
            if (groupDNAttr == null) {
                throw new NamingException("The user object does not have '" + memberOfAttr + "' attribute." + "Returned user object: " + result.toString());
            }
            groups = new ArrayList<String>();
            NamingEnumeration groupEnumeration = groupDNAttr.getAll();
            while (groupEnumeration.hasMore()) {
                String groupDN = groupEnumeration.next().toString();
                groups.add(getRelativeDistinguishedName(groupDN));
            }
        } catch (NamingException e) {
            // If the first lookup failed, fall back to the typical scenario.
            LOG.info("Failed to get groups from the first lookup. Initiating " + "the second LDAP query using the user's DN.", e);
        }
    }
    if (groups == null || groups.isEmpty() || goUpHierarchy > 0) {
        groups = lookupGroup(result, c, goUpHierarchy);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("doGetGroups(" + user + ") returned " + groups);
    }
    return groups;
}

Example 14 with SearchResult

use of javax.naming.directory.SearchResult in project neo4j by neo4j.

the class LdapRealmTest method shouldWarnAboutAmbiguousUserSearch.

@Test
public void shouldWarnAboutAmbiguousUserSearch() throws NamingException {
    when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
    LdapContext ldapContext = mock(LdapContext.class);
    NamingEnumeration result = mock(NamingEnumeration.class);
    SearchResult searchResult = mock(SearchResult.class);
    when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
    when(result.hasMoreElements()).thenReturn(true);
    when(result.next()).thenReturn(searchResult);
    when(searchResult.toString()).thenReturn("<ldap search result>");
    LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
    realm.findRoleNamesForUser("username", ldapContext);
    verify(securityLog).warn(contains("LDAP user search for user principal 'username' is ambiguous"));
}

Example 15 with SearchResult

use of javax.naming.directory.SearchResult in project Activiti by Activiti.

the class LDAPUserManager method findUserByQueryCriteria.

@Override
public List<User> findUserByQueryCriteria(final UserQueryImpl query, final Page page) {
    if (query.getId() != null) {
        List<User> result = new ArrayList<User>();
        result.add(findUserById(query.getId()));
        return result;
    } else if (query.getFullNameLike() != null) {
        final String fullNameLike = query.getFullNameLike().replaceAll("%", "");
        LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
        return ldapTemplate.execute(new LDAPCallBack<List<User>>() {

            public List<User> executeInContext(InitialDirContext initialDirContext) {
                List<User> result = new ArrayList<User>();
                try {
                    String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullNameLike);
                    String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn();
                    NamingEnumeration<?> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
                    while (namingEnum.hasMore()) {
                        SearchResult searchResult = (SearchResult) namingEnum.next();
                        UserEntity user = new UserEntity();
                        mapSearchResultToUser(searchResult, user);
                        result.add(user);
                    }
                    namingEnum.close();
                } catch (NamingException ne) {
                    logger.debug("Could not execute LDAP query: " + ne.getMessage(), ne);
                    return null;
                }
                return result;
            }
        });
    } else {
        throw new ActivitiIllegalArgumentException("Query is currently not supported by LDAPUserManager.");
    }
}