Example 21 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class ManagerAuthorization method findMyManager.
private User findMyManager(User me) throws Exception {
Attribute mgrAttr = me.getAttribs().get(this.managerID);
if (mgrAttr == null) {
return null;
} else {
if (this.managerIDDN) {
ArrayList<String> attrs = new ArrayList<String>();
attrs.addAll(me.getAttribs().keySet());
if (!attrs.isEmpty() && !attrs.contains("*")) {
attrs.add(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute());
}
LDAPSearchResults res = this.configManager.getMyVD().search(mgrAttr.getValues().get(0), 0, "(objectClass=*)", attrs);
if (!res.hasMore()) {
return null;
} else {
LDAPEntry entry = res.next();
User manager = new User(entry);
manager.setUserID(manager.getAttribs().get(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
manager.getAttribs().put(DISTINGUISHED_NAME, new Attribute(DISTINGUISHED_NAME, entry.getDN()));
return manager;
}
} else {
String filter = equal(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute(), mgrAttr.getValues().get(0)).toString();
ArrayList<String> attrs = new ArrayList<String>();
attrs.addAll(me.getAttribs().keySet());
if (!attrs.isEmpty() && !attrs.contains("*")) {
attrs.add(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute());
}
LDAPSearchResults res = this.configManager.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, attrs);
if (!res.hasMore()) {
return null;
} else {
LDAPEntry entry = res.next();
User manager = new User(entry);
manager.setUserID(manager.getAttribs().get(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
manager.getAttribs().put(DISTINGUISHED_NAME, new Attribute(DISTINGUISHED_NAME, entry.getDN()));
return manager;
}
}
}
}
Also used :
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
User(com.tremolosecurity.provisioning.core.User)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
Example 22 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBProvider method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
User amazonUser = this.findUser(user.getAttribs().get(this.uidAttrName).getValues().get(0), attributes, request);
if (amazonUser == null) {
this.createUser(user, attributes, request);
return;
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String userid = user.getAttribs().get(this.uidAttrName).getValues().get(0);
Set<String> done = new HashSet<String>();
Iterator<String> amazonAttrNames = amazonUser.getAttribs().keySet().iterator();
while (amazonAttrNames.hasNext()) {
String amznAttrName = amazonAttrNames.next();
done.add(amznAttrName);
Attribute userAttr = user.getAttribs().get(amznAttrName);
if (userAttr == null) {
if (addOnly) {
// do nothing
} else {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(amznAttrName.toLowerCase(), null));
sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
boolean ok = false;
while (!ok) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
StringBuffer select = new StringBuffer();
select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(amznAttrName).append(" IS NOT NULL");
SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
ok = res.getItems().size() == 0;
}
}
} else {
Set<String> vals = new HashSet<String>();
vals.addAll(userAttr.getValues());
List<String> amznVals = amazonUser.getAttribs().get(amznAttrName).getValues();
for (String val : amznVals) {
if (vals.contains(val)) {
vals.remove(val);
} else {
if (!addOnly) {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(userAttr.getName().toLowerCase(), val));
sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, userAttr.getName().toLowerCase(), val);
boolean ok = false;
while (!ok) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
StringBuffer select = new StringBuffer();
select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(userAttr.getName().toLowerCase()).append("='").append(val).append("'");
SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
ok = res.getItems().size() == 0;
}
}
}
}
if (vals.size() > 0) {
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
Iterator<String> itv = vals.iterator();
while (itv.hasNext()) {
String val = itv.next();
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(userAttr.getName().toLowerCase(), val, false));
}
sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
itv = vals.iterator();
while (itv.hasNext()) {
String val = itv.next();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, userAttr.getName().toLowerCase(), val);
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
}
}
Iterator<String> itattr = user.getAttribs().keySet().iterator();
while (itattr.hasNext()) {
String name = itattr.next();
if (attributes.contains(name) && !done.contains(name)) {
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
for (String val : user.getAttribs().get(name).getValues()) {
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(name.toLowerCase(), val, false));
}
sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
for (String val : user.getAttribs().get(name).getValues()) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, name, val);
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
}
}
String select = this.getGroupSelect(amazonUser.getUserID());
SelectResult res = this.sdb.select(new SelectRequest(select));
done.clear();
for (Item group : res.getItems()) {
String name = group.getName();
if (!user.getGroups().contains(name) && !addOnly) {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID()));
sdb.deleteAttributes(new DeleteAttributesRequest(this.groupDomain, name, list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", name);
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
}
done.add(name);
}
for (String groupName : user.getGroups()) {
if (done.contains(groupName)) {
continue;
}
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID(), false));
sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute)
ArrayList(java.util.ArrayList)
ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute)
Item(com.amazonaws.services.simpledb.model.Item)
DeleteAttributesRequest(com.amazonaws.services.simpledb.model.DeleteAttributesRequest)
SelectRequest(com.amazonaws.services.simpledb.model.SelectRequest)
HashSet(java.util.HashSet)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
SelectResult(com.amazonaws.services.simpledb.model.SelectResult)
PutAttributesRequest(com.amazonaws.services.simpledb.model.PutAttributesRequest)
ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute)
Example 23 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class UserPrincipal method syncUser.
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
User fromIPA = null;
HttpCon con = null;
try {
con = this.createClient();
try {
fromIPA = this.findUser(user.getUserID(), attributes, request);
} catch (IPAException ipaException) {
if (ipaException.getCode() != 4001) {
throw ipaException;
}
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
if (fromIPA == null) {
if (principal.isPrimaryDomain()) {
this.createUser(user, attributes, request);
}
} else {
if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
this.createUser(user, attributes, request);
return;
}
// check to see if the attributes from the incoming object match
for (String attrName : attributes) {
if (attrName.equalsIgnoreCase("uid")) {
continue;
}
Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
}
if (!addOnly) {
for (String attrToDel : fromIPA.getAttribs().keySet()) {
if (!attrToDel.equalsIgnoreCase("uid")) {
// These attributes were no longer on the user, delete them
this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
}
}
}
// }
// check groups
HashSet<String> curGroups = new HashSet<String>();
curGroups.addAll(fromIPA.getGroups());
for (String group : user.getGroups()) {
if (curGroups.contains(group)) {
curGroups.remove(group);
} else {
this.addGroup(principal, group, con, approvalID, workflow);
}
}
if (!addOnly) {
for (String group : curGroups) {
this.removeGroup(principal, group, con, approvalID, workflow);
}
}
if (principal.isPrimaryDomain()) {
if (this.createShadowAccount) {
String password = new BigInteger(130, random).toString(32);
password = PBKDF2.generateHash(password);
user.setPassword(password);
this.setUserPassword(user, request);
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not sync user", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
Attribute(com.tremolosecurity.saml.Attribute)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
BigInteger(java.math.BigInteger)
HashSet(java.util.HashSet)
Example 24 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class UserPrincipal method findUser.
private User findUser(String userID, Set<String> attributes, HttpCon con, Map<String, Object> request) throws IPAException, ClientProtocolException, IOException {
UserPrincipal principal = new UserPrincipal(userID, multiDomain, primaryDomain);
if (principal.isPrimaryDomain()) {
IPACall userSearch = new IPACall();
userSearch.setId(0);
userSearch.setMethod("user_show");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
userSearch.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("all", "true");
additionalParams.put("rights", "true");
userSearch.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(userSearch, con);
User user = new User();
user.setUserID(userID);
Map<String, Object> results = (Map<String, Object>) resp.getResult().getResult();
for (String attributeName : attributes) {
if (attributeName.equalsIgnoreCase("uid")) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
StringBuilder s = new StringBuilder().append((String) ((List) results.get(attributeName)).get(0));
if (this.multiDomain) {
s.append('@').append(principal.getDomain());
}
a.getValues().add(s.toString());
} else {
if (results.get(attributeName) != null) {
if (results.get(attributeName) instanceof List) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
List l = (List) results.get(attributeName);
for (Object o : l) {
a.getValues().add((String) o);
}
} else {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
a.getValues().add((String) results.get(attributeName));
}
}
}
}
if (results != null && results.get("memberof_group") != null) {
for (Object o : ((List) results.get("memberof_group"))) {
String groupName = (String) o;
user.getGroups().add(groupName);
}
}
return user;
} else {
IPACall listGroups = new IPACall();
listGroups.setId(0);
listGroups.setMethod("group_find");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add("");
listGroups.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("pkey_only", "true");
additionalParams.put("sizelimit", "0");
listGroups.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(listGroups, con);
List<Map> groups = (List<Map>) resp.getResult().getResult();
List<IPACall> groupsToFind = new ArrayList<IPACall>();
for (Map group : groups) {
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(((List) group.get("cn")).get(0).toString());
showGroup.getParams().add(groupName);
additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
groupsToFind.add(showGroup);
}
IPACall groupDetails = new IPACall();
groupDetails.setId(0);
groupDetails.setMethod("batch");
groupDetails.getParams().add(groupsToFind);
additionalParams = new HashMap<String, String>();
groupDetails.getParams().add(additionalParams);
IPABatchResponse batchResp = this.executeIPABatchCall(groupDetails, con);
User user = new User();
user.setUserID(userID);
user.getAttribs().put("uid", new Attribute("uid", userID));
if (batchResp.getResult() != null) {
for (IPATopResult res : batchResp.getResult().getResults()) {
String groupName = (String) res.getValue();
if (((Map) res.getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) res.getResult()).get("ipaexternalmember");
for (String val : vals) {
if (val.equalsIgnoreCase(userID)) {
user.getGroups().add(groupName);
break;
}
}
}
}
}
// call id_override
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_show");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(userID);
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
param2.put("all", true);
param2.put("rights", false);
idOveride.getParams().add(param2);
resp = null;
try {
resp = this.executeIPACall(idOveride, con);
Map<String, List<String>> attrFromIpa = (Map<String, List<String>>) resp.getResult().getResult();
for (String attrName : attrFromIpa.keySet()) {
if (attributes.contains(attrName)) {
Attribute attrToAdd = new Attribute(attrName);
attrToAdd.getValues().addAll(attrFromIpa.get(attrName));
user.getAttribs().put(attrName, attrToAdd);
}
}
} catch (IPAException e) {
if (!e.getMessage().contains("User ID override not found")) {
throw e;
} else {
request.put("freeipa.exists", false);
}
}
return user;
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
IPATopResult(com.tremolosecurity.unison.freeipa.json.IPATopResult)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
IPABatchResponse(com.tremolosecurity.unison.freeipa.json.IPABatchResponse)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 25 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AddAttributesFromProvisioningTarget method postSearchEntry.
public void postSearchEntry(PostSearchEntryInterceptorChain chain, Entry entry, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, LDAPSearchConstraints constraints) throws LDAPException {
chain.nextPostSearchEntry(entry, base, scope, filter, attributes, typesOnly, constraints);
if (logger.isDebugEnabled()) {
logger.debug("in post search entry");
}
// LDAPAttribute attr = new LDAPAttribute(this.attributeName);
try {
StringBuffer b = new StringBuffer();
LDAPAttribute userID = entry.getEntry().getAttribute(this.uidAttribute);
if (logger.isDebugEnabled()) {
logger.debug("Looking up user : '" + userID + "'");
}
if (userID != null) {
User user = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(targetName).findUser(userID.getStringValue(), new HashMap<String, Object>());
if (logger.isDebugEnabled()) {
logger.debug("User returned : '" + user + "'");
}
if (user != null) {
for (String attributeName : this.attributes) {
LDAPAttribute attr = entry.getEntry().getAttributeSet().getAttribute(attributeName);
if (attr == null) {
attr = new LDAPAttribute(attributeName);
entry.getEntry().getAttributeSet().add(attr);
}
com.tremolosecurity.saml.Attribute targetAttr = user.getAttribs().get(attributeName);
if (targetAttr != null) {
for (String val : targetAttr.getValues()) {
attr.addValue(val);
}
}
}
}
}
} catch (Throwable t) {
logger.warn("Could not load user : '" + t.getMessage() + "'");
if (logger.isDebugEnabled()) {
logger.debug(t);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
Aggregations
User (com.tremolosecurity.provisioning.core.User)64
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44
Attribute (com.tremolosecurity.saml.Attribute)33
IOException (java.io.IOException)25
ArrayList (java.util.ArrayList)21
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
HashMap (java.util.HashMap)17
Workflow (com.tremolosecurity.provisioning.core.Workflow)16
ClientProtocolException (org.apache.http.client.ClientProtocolException)16
UnsupportedEncodingException (java.io.UnsupportedEncodingException)15
LDAPException (com.novell.ldap.LDAPException)14
HashSet (java.util.HashSet)14
LDAPEntry (com.novell.ldap.LDAPEntry)13
JSONObject (org.json.simple.JSONObject)13
ParseException (org.json.simple.parser.ParseException)13
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11
JSONArray (org.json.simple.JSONArray)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
SQLException (java.sql.SQLException)9
