Example 1 with ActionType
use of com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType in project OpenUnison by TremoloSecurity.
the class ADProvider method syncUserAttributes.
private void syncUserAttributes(User user, boolean fromUserOnly, Set<String> attributes, LDAPConnection con, int approvalID, Workflow workflow, List<LDAPModification> mods, HashSet<String> done, LDAPEntry ldapUser, Map<String, Object> request) throws LDAPException, ProvisioningException {
LDAPAttributeSet attrs = ldapUser.getAttributeSet();
Iterator<LDAPAttribute> it = attrs.iterator();
while (it.hasNext()) {
LDAPAttribute ldapAttr = it.next();
done.add(ldapAttr.getName());
Attribute userAttr = user.getAttribs().get(ldapAttr.getName());
if (userAttr == null) {
if (fromUserOnly) {
// do nothing
} else {
mods.add(new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(ldapAttr.getName())));
}
} else if (userAttr.getName().equalsIgnoreCase("userAccountControl") && request.containsKey(ProvisioningUtil.SET_PASSWORD)) {
// we need set this AFTER the password
continue;
} else {
HashSet<String> vals = new HashSet<String>();
HashSet<String> valslcase = new HashSet<String>();
for (String v : userAttr.getValues()) {
String vlcase = v.toLowerCase();
if (!valslcase.contains(vlcase)) {
vals.add(v);
valslcase.add(vlcase);
}
}
String[] ldapVals = ldapAttr.getStringValueArray();
for (int i = 0; i < ldapVals.length; i++) {
String ldapVal = ldapVals[i];
boolean found = false;
for (String objVal : vals) {
if (logger.isDebugEnabled()) {
logger.debug("From LDAP : '" + ldapVal + "' / From UserObject : '" + objVal + "'");
}
if (objVal.equalsIgnoreCase(ldapVal)) {
found = true;
ldapVal = objVal;
if (logger.isDebugEnabled()) {
logger.debug("matched, need to remove");
}
break;
}
}
if (found) {
if (logger.isDebugEnabled()) {
logger.debug("found match, removing : '" + ldapVal + "' - vals pre - '" + vals + "'");
}
vals.remove(ldapVal);
if (logger.isDebugEnabled()) {
logger.debug("After remove : '" + vals + "'");
}
} else {
if (!fromUserOnly) {
LDAPAttribute todel = new LDAPAttribute(userAttr.getName());
todel.addValue(ldapVal);
mods.add(new LDAPModification(LDAPModification.DELETE, todel));
}
}
}
if (vals.size() > 0) {
Iterator<String> itv = vals.iterator();
LDAPAttribute toadd = new LDAPAttribute(userAttr.getName());
while (itv.hasNext()) {
String val = itv.next();
toadd.addValue(val);
}
mods.add(new LDAPModification(LDAPModification.ADD, toadd));
}
}
}
Iterator<String> itattr = user.getAttribs().keySet().iterator();
while (itattr.hasNext()) {
String name = itattr.next();
if (logger.isDebugEnabled()) {
logger.debug("post sync checking '" + name + "' / done : '" + done + "'");
}
if (attributes.contains(name) && !done.contains(name)) {
if (logger.isDebugEnabled()) {
logger.debug("Not added yet, adding");
}
Attribute attrib = user.getAttribs().get(name);
LDAPAttribute attr = new LDAPAttribute(name);
for (String val : attrib.getValues()) {
attr.addValue(val);
}
mods.add(new LDAPModification(LDAPModification.ADD, attr));
}
}
if (logger.isDebugEnabled()) {
logger.debug("Mods : '" + mods + "'");
}
if (mods.size() > 0) {
con.modify(ldapUser.getDN(), this.toModArray(mods));
}
for (LDAPModification mod : mods) {
ActionType at = ActionType.Add;
;
switch(mod.getOp()) {
case (LDAPModification.ADD):
at = ActionType.Add;
break;
case (LDAPModification.REPLACE):
at = ActionType.Replace;
break;
case (LDAPModification.DELETE):
at = ActionType.Delete;
break;
}
String[] vals = mod.getAttribute().getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, at, approvalID, workflow, mod.getAttribute().getBaseName(), val);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ActionType(com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
LDAPModification(com.novell.ldap.LDAPModification)
Iterator(java.util.Iterator)
HashSet(java.util.HashSet)
Example 2 with ActionType
use of com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType in project OpenUnison by TremoloSecurity.
the class LDAPProvider method doSync.
private void doSync(User user, boolean fromUserOnly, Set<String> attributes, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
boolean isExternal = false;
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
if (!res.hasMore()) {
if (this.allowExternalUsers) {
res = this.searchExternalUser(user.getUserID());
if (!res.hasMore()) {
this.createUser(user, attributes, request);
return;
} else {
isExternal = true;
}
} else {
this.createUser(user, attributes, request);
return;
}
}
Set<String> done = new HashSet<String>();
LDAPEntry ldapUser = res.next();
while (res.hasMore()) res.next();
if (!isExternal) {
ArrayList<LDAPModification> mods = new ArrayList<LDAPModification>();
LDAPAttributeSet attrs = ldapUser.getAttributeSet();
Iterator<LDAPAttribute> it = attrs.iterator();
while (it.hasNext()) {
LDAPAttribute ldapAttr = it.next();
done.add(ldapAttr.getName());
Attribute userAttr = user.getAttribs().get(ldapAttr.getName());
if (userAttr == null) {
if (fromUserOnly) {
// do nothing
} else {
mods.add(new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(ldapAttr.getName())));
}
} else {
Set<String> vals = new HashSet<String>();
vals.addAll(userAttr.getValues());
String[] ldapVals = ldapAttr.getStringValueArray();
for (int i = 0; i < ldapVals.length; i++) {
String val = ldapVals[i];
boolean found = false;
for (String v : vals) {
if (v.equalsIgnoreCase(val)) {
found = true;
val = v;
break;
}
}
if (found) {
vals.remove(val);
} else {
if (!fromUserOnly) {
LDAPAttribute todel = new LDAPAttribute(userAttr.getName());
todel.addValue(val);
mods.add(new LDAPModification(LDAPModification.DELETE, todel));
}
}
}
if (vals.size() > 0) {
Iterator<String> itv = vals.iterator();
LDAPAttribute toadd = new LDAPAttribute(userAttr.getName());
while (itv.hasNext()) {
String val = itv.next();
if (val == null) {
continue;
}
toadd.addValue(val);
}
if (toadd.size() > 0) {
mods.add(new LDAPModification(LDAPModification.ADD, toadd));
}
}
}
}
Iterator<String> itattr = user.getAttribs().keySet().iterator();
while (itattr.hasNext()) {
String name = itattr.next();
if (attributes.contains(name) && !done.contains(name)) {
Attribute attrib = user.getAttribs().get(name);
String[] vals = new String[attrib.getValues().size()];
int i = 0;
for (String val : attrib.getValues()) {
vals[i] = val;
i++;
}
LDAPAttribute attr = new LDAPAttribute(name, vals);
mods.add(new LDAPModification(LDAPModification.ADD, attr));
}
}
if (mods.size() > 0) {
con.modify(ldapUser.getDN(), this.toModArray(mods));
}
for (LDAPModification mod : mods) {
ActionType at = ActionType.Add;
;
switch(mod.getOp()) {
case (LDAPModification.ADD):
at = ActionType.Add;
break;
case (LDAPModification.REPLACE):
at = ActionType.Replace;
break;
case (LDAPModification.DELETE):
at = ActionType.Delete;
break;
}
String[] vals = mod.getAttribute().getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, at, approvalID, workflow, mod.getAttribute().getBaseName(), val);
}
}
}
// Groups
String userDN = ldapUser.getDN();
if (isExternal) {
userDN = this.mapUnison2Dir(userDN);
}
StringBuffer b = new StringBuffer();
b.append("(").append(cfgMgr.getCfg().getGroupMemberAttribute()).append("=").append(userDN).append(")");
res = con.search(searchBase, 2, b.toString(), new String[] { "cn" }, false);
done.clear();
while (res.hasMore()) {
LDAPEntry groupEntry = res.next();
if (!user.getGroups().contains(groupEntry.getAttribute("cn").getStringValue())) {
if (!fromUserOnly) {
con.modify(groupEntry.getDN(), new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN)));
cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupEntry.getAttribute("cn").getStringValue());
}
}
done.add(groupEntry.getAttribute("cn").getStringValue());
}
Iterator<String> itgroups = user.getGroups().iterator();
while (itgroups.hasNext()) {
String groupName = itgroups.next();
if (done.contains(groupName)) {
continue;
}
b.setLength(0);
b.append("(cn=").append(groupName).append(")");
res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
b.setLength(0);
b.append("Group ").append(groupName).append(" does not exist");
logger.warn(b.toString());
continue;
}
String groupDN = res.next().getDN();
while (res.hasMore()) res.next();
con.modify(groupDN, new LDAPModification(LDAPModification.ADD, new LDAPAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN)));
cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ActionType(com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPModification(com.novell.ldap.LDAPModification)
HashSet(java.util.HashSet)
Aggregations
LDAPAttribute (com.novell.ldap.LDAPAttribute)2
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)2
LDAPModification (com.novell.ldap.LDAPModification)2
ActionType (com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType)2
Attribute (com.tremolosecurity.saml.Attribute)2
HashSet (java.util.HashSet)2
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
Workflow (com.tremolosecurity.provisioning.core.Workflow)1
ArrayList (java.util.ArrayList)1
Iterator (java.util.Iterator)1
