Example 56 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class LDAPProvider method doSync.
private void doSync(User user, boolean fromUserOnly, Set<String> attributes, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
boolean isExternal = false;
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
if (!res.hasMore()) {
if (this.allowExternalUsers) {
res = this.searchExternalUser(user.getUserID());
if (!res.hasMore()) {
this.createUser(user, attributes, request);
return;
} else {
isExternal = true;
}
} else {
this.createUser(user, attributes, request);
return;
}
}
Set<String> done = new HashSet<String>();
LDAPEntry ldapUser = res.next();
while (res.hasMore()) res.next();
if (!isExternal) {
ArrayList<LDAPModification> mods = new ArrayList<LDAPModification>();
LDAPAttributeSet attrs = ldapUser.getAttributeSet();
Iterator<LDAPAttribute> it = attrs.iterator();
while (it.hasNext()) {
LDAPAttribute ldapAttr = it.next();
done.add(ldapAttr.getName());
Attribute userAttr = user.getAttribs().get(ldapAttr.getName());
if (userAttr == null) {
if (fromUserOnly) {
// do nothing
} else {
mods.add(new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(ldapAttr.getName())));
}
} else {
Set<String> vals = new HashSet<String>();
vals.addAll(userAttr.getValues());
String[] ldapVals = ldapAttr.getStringValueArray();
for (int i = 0; i < ldapVals.length; i++) {
String val = ldapVals[i];
boolean found = false;
for (String v : vals) {
if (v.equalsIgnoreCase(val)) {
found = true;
val = v;
break;
}
}
if (found) {
vals.remove(val);
} else {
if (!fromUserOnly) {
LDAPAttribute todel = new LDAPAttribute(userAttr.getName());
todel.addValue(val);
mods.add(new LDAPModification(LDAPModification.DELETE, todel));
}
}
}
if (vals.size() > 0) {
Iterator<String> itv = vals.iterator();
LDAPAttribute toadd = new LDAPAttribute(userAttr.getName());
while (itv.hasNext()) {
String val = itv.next();
if (val == null) {
continue;
}
toadd.addValue(val);
}
if (toadd.size() > 0) {
mods.add(new LDAPModification(LDAPModification.ADD, toadd));
}
}
}
}
Iterator<String> itattr = user.getAttribs().keySet().iterator();
while (itattr.hasNext()) {
String name = itattr.next();
if (attributes.contains(name) && !done.contains(name)) {
Attribute attrib = user.getAttribs().get(name);
String[] vals = new String[attrib.getValues().size()];
int i = 0;
for (String val : attrib.getValues()) {
vals[i] = val;
i++;
}
LDAPAttribute attr = new LDAPAttribute(name, vals);
mods.add(new LDAPModification(LDAPModification.ADD, attr));
}
}
if (mods.size() > 0) {
con.modify(ldapUser.getDN(), this.toModArray(mods));
}
for (LDAPModification mod : mods) {
ActionType at = ActionType.Add;
;
switch(mod.getOp()) {
case (LDAPModification.ADD):
at = ActionType.Add;
break;
case (LDAPModification.REPLACE):
at = ActionType.Replace;
break;
case (LDAPModification.DELETE):
at = ActionType.Delete;
break;
}
String[] vals = mod.getAttribute().getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, at, approvalID, workflow, mod.getAttribute().getBaseName(), val);
}
}
}
// Groups
String userDN = ldapUser.getDN();
if (isExternal) {
userDN = this.mapUnison2Dir(userDN);
}
StringBuffer b = new StringBuffer();
b.append("(").append(cfgMgr.getCfg().getGroupMemberAttribute()).append("=").append(userDN).append(")");
res = con.search(searchBase, 2, b.toString(), new String[] { "cn" }, false);
done.clear();
while (res.hasMore()) {
LDAPEntry groupEntry = res.next();
if (!user.getGroups().contains(groupEntry.getAttribute("cn").getStringValue())) {
if (!fromUserOnly) {
con.modify(groupEntry.getDN(), new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN)));
cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupEntry.getAttribute("cn").getStringValue());
}
}
done.add(groupEntry.getAttribute("cn").getStringValue());
}
Iterator<String> itgroups = user.getGroups().iterator();
while (itgroups.hasNext()) {
String groupName = itgroups.next();
if (done.contains(groupName)) {
continue;
}
b.setLength(0);
b.append("(cn=").append(groupName).append(")");
res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
b.setLength(0);
b.append("Group ").append(groupName).append(" does not exist");
logger.warn(b.toString());
continue;
}
String groupDN = res.next().getDN();
while (res.hasMore()) res.next();
con.modify(groupDN, new LDAPModification(LDAPModification.ADD, new LDAPAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN)));
cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ActionType(com.tremolosecurity.provisioning.core.ProvisioningUtil.ActionType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPModification(com.novell.ldap.LDAPModification)
HashSet(java.util.HashSet)
Example 57 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class CopyGroupMembers method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localWorkflowName = task.renderTemplate(this.workflowName, request);
String localCopyFrom = task.renderTemplate(this.copyFrom, request);
String localCopyTo = task.renderTemplate(this.copyTo, request);
String memberAttr = task.getConfigManager().getCfg().getGroupMemberAttribute();
String[] members = null;
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(localCopyFrom, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry group = rs.next();
while (rs.hasMore()) rs.next();
members = group.getAttribute(memberAttr).getStringValueArray();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load from group", e);
}
for (String member : members) {
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(member, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry ldapMember = rs.next();
TremoloUser userToUpdate = new TremoloUser();
userToUpdate.setUid(ldapMember.getAttribute(this.uidAttribute).getStringValue());
userToUpdate.getAttributes().add(new Attribute(this.uidAttribute, userToUpdate.getUid()));
userToUpdate.getGroups().add(localCopyTo);
Workflow wf = task.getConfigManager().getProvisioningEngine().getWorkFlow(localWorkflowName);
WFCall call = new WFCall();
call.setReason("auto-creating approval group " + localCopyTo);
call.setUidAttributeName(this.uidAttribute);
call.setUser(userToUpdate);
call.setRequestor(this.requestor);
call.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wf.executeWorkflow(call);
} catch (LDAPException e) {
logger.warn("Could not load user '" + member + "'", e);
}
}
return true;
}
Also used :
LDAPEntry(com.novell.ldap.LDAPEntry)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Attribute(com.tremolosecurity.saml.Attribute)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Example 58 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class MongoDBTarget method syncUser.
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
User fromServer = this.findUser(user.getUserID(), attributes, request);
if (fromServer == null || ((!this.supportExternalUsers) && (!fromServer.getAttribs().containsKey("_id")))) {
this.createUser(user, attributes, request);
} else {
if (user.getAttribs().containsKey("_id")) {
updateAttributes(user, addOnly, attributes, approvalID, workflow, fromServer);
}
updateGroups(user, addOnly, approvalID, workflow, fromServer);
}
}Example 59 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class MongoDBTarget method createUser.
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
Document doc = new Document();
String collection = null;
String groupIdAttr = null;
for (String attr : attributes) {
if (user.getAttribs().containsKey(attr)) {
if (attr.equalsIgnoreCase(this.collectionAttributeName)) {
collection = user.getAttribs().get(attr).getValues().get(0);
} else {
if (attr.equalsIgnoreCase(this.groupUserIdAttribute)) {
groupIdAttr = user.getAttribs().get(attr).getValues().get(0);
}
Attribute attribute = user.getAttribs().get(attr);
if (attribute.getValues().size() == 1) {
doc.append(attr, attribute.getValues().get(0));
} else {
doc.append(attr, attribute.getValues());
}
}
}
}
doc.append("unisonRdnAttributeName", this.userRDN);
doc.append("objectClass", this.userObjectClass);
if (collection == null) {
throw new ProvisioningException("no collection specified");
} else {
this.mongo.getDatabase(database).getCollection(collection).insertOne(doc);
}
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "_id", doc.get("_id").toString());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "unisonRdnAttributeName", this.userRDN);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "collection", collection);
for (String attr : attributes) {
if (user.getAttribs().containsKey(attr)) {
if (attr.equalsIgnoreCase(this.collectionAttributeName)) {
} else {
Attribute attribute = user.getAttribs().get(attr);
for (String val : attribute.getValues()) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attribute.getName(), val);
}
}
}
}
addGroupsToUser(user, user.getGroups(), approvalID, workflow);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Document(org.bson.Document)
Example 60 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class MongoDBTarget method deleteUser.
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
if (!user.getAttribs().containsKey(this.groupUserIdAttribute)) {
HashSet<String> attrs = new HashSet<String>();
attrs.add(this.userIdAttribute);
attrs.add(this.groupUserIdAttribute);
user = this.findUser(user.getUserID(), attrs, request);
if (user == null) {
return;
}
}
String groupMemberID = user.getAttribs().get(this.groupUserIdAttribute).getValues().get(0);
MongoIterable<String> collections = mongo.getDatabase(this.database).listCollectionNames();
for (String collection : collections) {
Document deleted = mongo.getDatabase(this.database).getCollection(collection).findOneAndDelete(and(eq("objectClass", this.userObjectClass), eq(this.userIdAttribute, user.getUserID())));
if (deleted != null) {
break;
}
// check to see if any groups references this object
FindIterable<Document> groups = mongo.getDatabase(this.database).getCollection(collection).find(and(eq("objectClass", this.groupObjectClass), eq(this.groupMemberAttribute, groupMemberID)));
for (Document group : groups) {
Object o = group.get(this.groupMemberAttribute);
if (o instanceof String) {
// one value, not mine
Document newVals = new Document();
newVals.append(this.groupMemberAttribute, "");
Document setGroup = new Document("$unset", newVals);
mongo.getDatabase(database).getCollection(collection).updateOne(eq("_id", group.getObjectId("_id")), setGroup);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "group", group.getString(this.groupIdAttribute));
} else {
List<String> members = (List<String>) o;
members.remove(groupMemberID);
Document newVals = new Document();
newVals.append(this.groupMemberAttribute, members);
Document setGroup = new Document("$set", newVals);
mongo.getDatabase(database).getCollection(collection).updateOne(eq("_id", group.getObjectId("_id")), setGroup);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "group", group.getString(this.groupIdAttribute));
}
}
}
}Aggregations
Workflow (com.tremolosecurity.provisioning.core.Workflow)78
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32
IOException (java.io.IOException)30
UnsupportedEncodingException (java.io.UnsupportedEncodingException)22
ClientProtocolException (org.apache.http.client.ClientProtocolException)21
Attribute (com.tremolosecurity.saml.Attribute)19
ArrayList (java.util.ArrayList)18
LDAPException (com.novell.ldap.LDAPException)17
HashMap (java.util.HashMap)17
User (com.tremolosecurity.provisioning.core.User)16
HashSet (java.util.HashSet)15
ParseException (org.json.simple.parser.ParseException)14
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12
JSONObject (org.json.simple.JSONObject)12
Gson (com.google.gson.Gson)11
LDAPEntry (com.novell.ldap.LDAPEntry)11
LDAPAttribute (com.novell.ldap.LDAPAttribute)10
GitLabApiException (org.gitlab4j.api.GitLabApiException)10
SQLException (java.sql.SQLException)9
