Search in sources :

Example 1 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method doFindUser.

private User doFindUser(String userID, Set<String> attributes, StringBuffer filter, LDAPConnection con) throws LDAPException {
    boolean externalUser = false;
    LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
    LDAPEntry ldapUser = null;
    if (!res.hasMore()) {
        ldapUser = getMyVDUser(filter);
        if (ldapUser == null) {
            return null;
        } else {
            externalUser = true;
        }
    } else {
        try {
            ldapUser = res.next();
            while (res.hasMore()) res.next();
        } catch (LDAPReferralException e) {
        }
        if (ldapUser == null) {
            ldapUser = getMyVDUser(filter);
            if (ldapUser == null) {
                return null;
            } else {
                externalUser = true;
            }
        }
    }
    User user = new User(userID);
    Iterator<LDAPAttribute> it = ldapUser.getAttributeSet().iterator();
    while (it.hasNext()) {
        LDAPAttribute attr = it.next();
        Attribute userAttr = new Attribute(attr.getName());
        String[] vals = attr.getStringValueArray();
        for (int i = 0; i < vals.length; i++) {
            userAttr.getValues().add(vals[i]);
        }
        user.getAttribs().put(userAttr.getName(), userAttr);
    }
    if (externalUser) {
        /*if (ldapf.contains("\\,")) { 
				ldapf = ldapf.replaceAll("\\\\\\\\,","\\5C,");               
			} */
        // ldapf = this.adEscape(ldapf);
        res = con.search(searchBase, 2, equal(this.externalGroupAttr, ldapUser.getDN()).toString(), new String[] { "cn" }, false);
        while (res.hasMore()) {
            LDAPEntry group = null;
            try {
                group = res.next();
            } catch (LDAPReferralException e) {
                continue;
            }
            user.getGroups().add(group.getAttribute("cn").getStringValue());
        }
    } else {
        StringBuffer f = new StringBuffer();
        String ldapf = equal("member", ldapUser.getDN()).toString();
        /*if (ldapf.contains("\\,")) { 
			                       ldapf = ldapf.replaceAll("[\\\\][,]","\\\\5C,");               
			} */
        // ldapf = this.adEscape(ldapf);
        res = con.search(searchBase, 2, ldapf, new String[] { "cn" }, false);
        while (res.hasMore()) {
            LDAPEntry group = null;
            try {
                group = res.next();
            } catch (LDAPReferralException e) {
                continue;
            }
            user.getGroups().add(group.getAttribute("cn").getStringValue());
        }
    }
    return user;
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPAttribute(com.novell.ldap.LDAPAttribute) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute)

Example 2 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method doSync.

private void doSync(User user, boolean fromUserOnly, Set<String> attributes, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
    LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
    int approvalID = 0;
    boolean isExternal = false;
    LDAPEntry ldapUser = null;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    if (!res.hasMore()) {
        if (this.supportExternalUsers) {
            ldapUser = this.getMyVDUser(filter);
            if (ldapUser == null) {
                this.createUser(user, attributes, request);
            } else {
                isExternal = true;
                ArrayList<LDAPModification> mods = new ArrayList<LDAPModification>();
                HashSet<String> done = new HashSet<String>();
                syncUser(user, fromUserOnly, attributes, con, approvalID, workflow, mods, done, ldapUser, isExternal, request);
            }
        } else {
            this.createUser(user, attributes, request);
        }
    } else {
        ArrayList<LDAPModification> mods = new ArrayList<LDAPModification>();
        HashSet<String> done = new HashSet<String>();
        try {
            ldapUser = res.next();
            try {
                while (res.hasMore()) res.next();
            } catch (LDAPReferralException e) {
            }
        } catch (LDAPReferralException e) {
            if (this.supportExternalUsers) {
                ldapUser = this.getMyVDUser(filter);
                if (ldapUser == null) {
                    this.createUser(user, attributes, request);
                    return;
                } else {
                    isExternal = true;
                }
            } else {
                this.createUser(user, attributes, request);
                return;
            }
        }
        syncUser(user, fromUserOnly, attributes, con, approvalID, workflow, mods, done, ldapUser, isExternal, request);
    }
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPModification(com.novell.ldap.LDAPModification) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) HashSet(java.util.HashSet)

Example 3 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method syncGroups.

private void syncGroups(User user, boolean fromUserOnly, LDAPConnection con, int approvalID, Workflow workflow, HashSet<String> done, LDAPEntry ldapUser, boolean isExternal) throws LDAPException, ProvisioningException {
    LDAPSearchResults res;
    if (isExternal) {
        String fdn = ldapUser.getDN();
        /*if (fdn.contains("\\\\\\\\,")) { 
				fdn = fdn.replaceAll("\\\\\\\\,","\\5C,");               
			}
			
			
			
			if (fdn.contains("\\,")) { 
				fdn = fdn.replaceAll("\\\\,","\\\\5C,");               
			}*/
        // fdn = this.adEscape(fdn);
        res = con.search(searchBase, 2, equal(this.externalGroupAttr, fdn).toString(), new String[] { "cn" }, false);
    } else {
        String fdn = ldapUser.getDN();
        /*if (fdn.contains("\\,")) { 
				fdn = fdn.replaceAll("[\\\\][,]","\\\\5C,");               
			} */
        // fdn = this.adEscape(fdn);
        StringBuffer f = new StringBuffer();
        res = con.search(searchBase, 2, equal("member", fdn).toString(), new String[] { "cn" }, false);
    }
    done.clear();
    while (res.hasMore()) {
        LDAPEntry groupEntry = null;
        try {
            groupEntry = res.next();
        } catch (LDAPReferralException e) {
            break;
        }
        String memberDN = ldapUser.getDN();
        if (memberDN.contains("\\\\\\,")) {
            memberDN = memberDN.replaceAll("\\\\\\\\,", "\\,");
        }
        if (!user.getGroups().contains(groupEntry.getAttribute("cn").getStringValue())) {
            if (!fromUserOnly) {
                if (isExternal) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Deleting external '" + memberDN + "' from '" + groupEntry.getDN() + "'");
                    }
                    con.modify(groupEntry.getDN(), new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(this.externalGroupAttr, memberDN)));
                } else {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Deleting internal '" + memberDN + "' from '" + groupEntry.getDN() + "'");
                    }
                    con.modify(groupEntry.getDN(), new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("member", memberDN)));
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "group", groupEntry.getAttribute("cn").getStringValue());
            }
        }
        done.add(groupEntry.getAttribute("cn").getStringValue());
    }
    Iterator<String> itgroups = user.getGroups().iterator();
    while (itgroups.hasNext()) {
        String groupName = itgroups.next();
        if (done.contains(groupName)) {
            continue;
        }
        StringBuffer b = new StringBuffer();
        b.append("(cn=").append(groupName).append(")");
        res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
        if (!res.hasMore()) {
            if (!isExternal) {
                b.setLength(0);
                b.append("Group ").append(groupName).append(" does not exist");
                logger.warn(b.toString());
            }
            continue;
        }
        String groupDN = res.next().getDN();
        while (res.hasMore()) {
            try {
                res.next();
            } catch (LDAPException e) {
            // do nothing
            }
        }
        String memberDN = ldapUser.getDN();
        if (memberDN.contains("\\\\\\,")) {
            memberDN = memberDN.replaceAll("\\\\\\\\,", "\\,");
        }
        if (isExternal) {
            if (logger.isDebugEnabled()) {
                logger.debug("Adding external '" + memberDN + "' to '" + groupDN + "'");
            }
            con.modify(groupDN, new LDAPModification(LDAPModification.ADD, new LDAPAttribute(this.externalGroupAttr, memberDN)));
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Adding internal '" + memberDN + "' to '" + groupDN + "'");
            }
            con.modify(groupDN, new LDAPModification(LDAPModification.ADD, new LDAPAttribute("member", memberDN)));
        }
        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
    }
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPAttribute(com.novell.ldap.LDAPAttribute) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) LDAPModification(com.novell.ldap.LDAPModification)

Example 4 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class LDAPProvider method doFindUser.

private User doFindUser(String userID, Set<String> attributes, StringBuffer filter, LDAPConnection con) throws LDAPException {
    LDAPEntry ldapUser = null;
    boolean isExternal = false;
    LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
    if (!res.hasMore()) {
        if (this.allowExternalUsers) {
            res = searchExternalUser(userID);
            if (!res.hasMore()) {
                return null;
            }
            isExternal = true;
        } else {
            return null;
        }
    }
    try {
        ldapUser = res.next();
        while (res.hasMore()) res.next();
    } catch (LDAPReferralException e) {
    }
    if (ldapUser == null) {
        return null;
    }
    User user = new User(userID);
    Iterator<LDAPAttribute> it = ldapUser.getAttributeSet().iterator();
    while (it.hasNext()) {
        LDAPAttribute attr = it.next();
        Attribute userAttr = new Attribute(attr.getName());
        String[] vals = attr.getStringValueArray();
        for (int i = 0; i < vals.length; i++) {
            userAttr.getValues().add(vals[i]);
        }
        user.getAttribs().put(userAttr.getName(), userAttr);
    }
    StringBuffer b = new StringBuffer();
    // b.append("(uniqueMember=").append(ldapUser.getDN()).append(")");
    String userDN = ldapUser.getDN();
    if (isExternal) {
        userDN = this.mapUnison2Dir(userDN);
    }
    res = con.search(searchBase, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN).toString(), new String[] { "cn" }, false);
    while (res.hasMore()) {
        LDAPEntry group = res.next();
        user.getGroups().add(group.getAttribute("cn").getStringValue());
    }
    return user;
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPAttribute(com.novell.ldap.LDAPAttribute) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute)

Example 5 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class UpdateApprovalAZListener method sendNotification.

private void sendNotification(String emailTemplate, ConfigManager cfg, Session session, String userKey) throws ProvisioningException {
    try {
        ArrayList<String> attrs = new ArrayList<String>();
        // attrs.add("mail");
        // attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
        LDAPSearchResults res = cfg.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(cfg.getProvisioningEngine().getUserIDAttribute(), userKey).toString(), attrs);
        if (!res.hasMore()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Can not find '" + userKey + "'");
            }
            return;
        }
        LDAPEntry entry = res.next();
        if (logger.isDebugEnabled()) {
            logger.debug("Approver DN - " + entry.getDN());
            LDAPAttributeSet attrsx = entry.getAttributeSet();
            for (Object o : attrsx) {
                LDAPAttribute attrx = (LDAPAttribute) o;
                for (String val : attrx.getStringValueArray()) {
                    logger.debug("Approver Attribute '" + attrx.getName() + "'='" + val + "'");
                }
            }
        }
        String userID = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute()).getStringValue();
        if (entry.getAttribute("mail") == null) {
            StringBuffer b = new StringBuffer();
            b.append("No email address for ").append(userKey);
            logger.warn(b.toString());
        } else {
            String mail = entry.getAttribute("mail").getStringValue();
            logger.debug("Sedning notification to '" + mail + "'");
            cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
        }
    } catch (LDAPReferralException le) {
        StringBuffer b = new StringBuffer();
        b.append("User : '").append(userKey).append("' not found");
        logger.warn(b.toString());
    } catch (LDAPException le) {
        if (le.getResultCode() == 32) {
            StringBuffer b = new StringBuffer();
            b.append("User : '").append(userKey).append("' not found");
            logger.warn(b.toString());
        } else {
            throw new ProvisioningException("could not create approver", le);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create approver", e);
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) User(com.tremolosecurity.provisioning.core.User) LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) ArrayList(java.util.ArrayList) LDAPException(com.novell.ldap.LDAPException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) SQLException(java.sql.SQLException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) JMSException(javax.jms.JMSException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

LDAPEntry (com.novell.ldap.LDAPEntry)9 LDAPReferralException (com.novell.ldap.LDAPReferralException)9 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)9 LDAPAttribute (com.novell.ldap.LDAPAttribute)7 LDAPException (com.novell.ldap.LDAPException)5 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5 LDAPModification (com.novell.ldap.LDAPModification)4 User (com.tremolosecurity.provisioning.core.User)4 Workflow (com.tremolosecurity.provisioning.core.Workflow)3 ArrayList (java.util.ArrayList)3 LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)2 Attribute (com.tremolosecurity.saml.Attribute)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 SQLException (java.sql.SQLException)2 GenPasswd (com.tremolosecurity.provisioning.util.GenPasswd)1 LdapConnection (com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)1 IOException (java.io.IOException)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1