Example 21 with SearchResult
use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class OpenLdapUserManagerImpl method getUsersInGroup.
@Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
String attributeName = _ldapConfiguration.getGroupUniqueMemeberAttribute();
final SearchControls controls = new SearchControls();
controls.setSearchScope(_ldapConfiguration.getScope());
controls.setReturningAttributes(new String[] { attributeName });
NamingEnumeration<SearchResult> result = context.search(_ldapConfiguration.getBaseDn(), generateGroupSearchFilter(groupName), controls);
final List<LdapUser> users = new ArrayList<LdapUser>();
//Expecting only one result which has all the users
if (result.hasMoreElements()) {
Attribute attribute = result.nextElement().getAttributes().get(attributeName);
NamingEnumeration<?> values = attribute.getAll();
while (values.hasMoreElements()) {
String userdn = String.valueOf(values.nextElement());
try {
users.add(getUserForDn(userdn, context));
} catch (NamingException e) {
s_logger.info("Userdn: " + userdn + " Not Found:: Exception message: " + e.getMessage());
}
}
}
Collections.sort(users);
return users;
}
Also used :
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
Example 22 with SearchResult
use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class OpenLdapUserManagerImpl method searchUser.
public LdapUser searchUser(final String basedn, final String searchString, final LdapContext context) throws NamingException, IOException {
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(_ldapConfiguration.getScope());
searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
NamingEnumeration<SearchResult> results = context.search(basedn, searchString, searchControls);
final List<LdapUser> users = new ArrayList<LdapUser>();
while (results.hasMoreElements()) {
final SearchResult result = results.nextElement();
users.add(createUser(result));
}
if (users.size() == 1) {
return users.get(0);
} else {
throw new NamingException("No user found for basedn " + basedn + " and searchString " + searchString);
}
}
Also used :
ArrayList(java.util.ArrayList)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
Example 23 with SearchResult
use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class ADLdapUserManagerImpl method getUsersInGroup.
@Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
if (StringUtils.isBlank(groupName)) {
throw new IllegalArgumentException("ldap group name cannot be blank");
}
String basedn = _ldapConfiguration.getBaseDn();
if (StringUtils.isBlank(basedn)) {
throw new IllegalArgumentException("ldap basedn is not configured");
}
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(_ldapConfiguration.getScope());
searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
NamingEnumeration<SearchResult> results = context.search(basedn, generateADGroupSearchFilter(groupName), searchControls);
final List<LdapUser> users = new ArrayList<LdapUser>();
while (results.hasMoreElements()) {
final SearchResult result = results.nextElement();
users.add(createUser(result));
}
return users;
}
Also used :
ArrayList(java.util.ArrayList)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
Example 24 with SearchResult
use of javax.naming.directory.SearchResult in project presto by prestodb.
the class LdapFilter method checkForGroupMembership.
private void checkForGroupMembership(String user, DirContext context) throws AuthenticationException {
if (!groupAuthorizationSearchPattern.isPresent()) {
return;
}
String searchFilter = replaceUser(groupAuthorizationSearchPattern.get(), user);
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
boolean authorized;
NamingEnumeration<SearchResult> search = null;
try {
search = context.search(userBaseDistinguishedName.get(), searchFilter, searchControls);
authorized = search.hasMoreElements();
} catch (NamingException e) {
log.debug("Authentication failed", e.getMessage());
throw new AuthenticationException(INTERNAL_SERVER_ERROR, "Authentication failed", e);
} finally {
if (search != null) {
try {
search.close();
} catch (NamingException ignore) {
}
}
}
if (!authorized) {
String message = format("Unauthorized user: User %s not a member of the authorized group", user);
log.debug("Authorization failed for user. " + message);
throw new AuthenticationException(UNAUTHORIZED, message);
}
log.debug("Authorization succeeded for user %s", user);
}
Also used :
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
Example 25 with SearchResult
use of javax.naming.directory.SearchResult in project spring-security by spring-projects.
the class ActiveDirectoryLdapAuthenticationProviderTests method bindPrincipalUsed.
// SEC-2897
@Test
public void bindPrincipalUsed() throws Exception {
// given
final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
DirContext ctx = mock(DirContext.class);
when(ctx.getNameInNamespace()).thenReturn("");
DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
when(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))).thenReturn(new MockNamingEnumeration(sr));
ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
customProvider.contextFactory = createContextFactoryReturning(ctx);
// when
Authentication result = customProvider.authenticate(joe);
// then
assertThat(captor.getValue()).containsOnly("joe@mydomain.eu");
assertThat(result.isAuthenticated()).isTrue();
}
Also used :
Authentication(org.springframework.security.core.Authentication)
DirContextAdapter(org.springframework.ldap.core.DirContextAdapter)
SearchResult(javax.naming.directory.SearchResult)
SearchControls(javax.naming.directory.SearchControls)
DirContext(javax.naming.directory.DirContext)
Name(javax.naming.Name)
DistinguishedName(org.springframework.ldap.core.DistinguishedName)
Test(org.junit.Test)
Aggregations
SearchResult (javax.naming.directory.SearchResult)248
SearchControls (javax.naming.directory.SearchControls)146
NamingException (javax.naming.NamingException)113
Attributes (javax.naming.directory.Attributes)96
Attribute (javax.naming.directory.Attribute)86
ArrayList (java.util.ArrayList)75
LdapContext (javax.naming.ldap.LdapContext)39
NamingEnumeration (javax.naming.NamingEnumeration)36
DirContext (javax.naming.directory.DirContext)35
Test (org.junit.Test)32
BasicAttributes (javax.naming.directory.BasicAttributes)30
HashSet (java.util.HashSet)28
InitialDirContext (javax.naming.directory.InitialDirContext)27
InitialLdapContext (javax.naming.ldap.InitialLdapContext)23
PagedResultsControl (javax.naming.ldap.PagedResultsControl)22
HashMap (java.util.HashMap)20
IOException (java.io.IOException)19
BasicAttribute (javax.naming.directory.BasicAttribute)19
Control (javax.naming.ldap.Control)16
PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)15
