Search in sources :

Example 16 with Attribute

use of com.unboundid.ldap.sdk.Attribute in project gitblit by gitblit.

the class LdapAuthProvider method getTeamsFromLdap.

private void getTeamsFromLdap(LdapConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {
    String loggingInUserDN = loggingInUser.getDN();
    // Clear the users team memberships - we're going to get them from LDAP
    user.teams.clear();
    String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
    String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
    groupMemberPattern = StringUtils.replace(groupMemberPattern, "${dn}", LdapConnection.escapeLDAPSearchFilter(loggingInUserDN));
    groupMemberPattern = StringUtils.replace(groupMemberPattern, "${username}", LdapConnection.escapeLDAPSearchFilter(simpleUsername));
    // Fill in attributes into groupMemberPattern
    for (Attribute userAttribute : loggingInUser.getAttributes()) {
        groupMemberPattern = StringUtils.replace(groupMemberPattern, "${" + userAttribute.getName() + "}", LdapConnection.escapeLDAPSearchFilter(userAttribute.getValue()));
    }
    SearchResult teamMembershipResult = searchTeamsInLdap(ldapConnection, groupBase, true, groupMemberPattern, Arrays.asList("cn"));
    if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
        for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
            SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
            String teamName = teamEntry.getAttribute("cn").getValue();
            TeamModel teamModel = userManager.getTeamModel(teamName);
            if (teamModel == null) {
                teamModel = createTeamFromLdap(teamEntry);
            }
            user.teams.add(teamModel);
            teamModel.addUser(user.getName());
        }
    }
}
Also used : TeamModel(com.gitblit.models.TeamModel) Attribute(com.unboundid.ldap.sdk.Attribute) SearchResult(com.unboundid.ldap.sdk.SearchResult) SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry)

Example 17 with Attribute

use of com.unboundid.ldap.sdk.Attribute in project gitblit by gitblit.

the class LdapAuthProvider method setUserAttributes.

private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
    // Is this user an admin?
    setAdminAttribute(user);
    // Don't want visibility into the real password, make up a dummy
    user.password = Constants.EXTERNAL_ACCOUNT;
    user.accountType = getAccountType();
    // Get full name Attribute
    String displayName = settings.getString(Keys.realm.ldap.displayName, "");
    if (!StringUtils.isEmpty(displayName)) {
        // Replace embedded ${} with attributes
        if (displayName.contains("${")) {
            for (Attribute userAttribute : userEntry.getAttributes()) {
                displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
            }
            user.displayName = displayName;
        } else {
            Attribute attribute = userEntry.getAttribute(displayName);
            if (attribute != null && attribute.hasValue()) {
                user.displayName = attribute.getValue();
            }
        }
    }
    // Get email address Attribute
    String email = settings.getString(Keys.realm.ldap.email, "");
    if (!StringUtils.isEmpty(email)) {
        if (email.contains("${")) {
            for (Attribute userAttribute : userEntry.getAttributes()) {
                email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
            }
            user.emailAddress = email;
        } else {
            Attribute attribute = userEntry.getAttribute(email);
            if (attribute != null && attribute.hasValue()) {
                user.emailAddress = attribute.getValue();
            } else {
                // issue-456/ticket-134
                // allow LDAP to delete an email address
                user.emailAddress = null;
            }
        }
    }
}
Also used : Attribute(com.unboundid.ldap.sdk.Attribute)

Example 18 with Attribute

use of com.unboundid.ldap.sdk.Attribute in project keywhiz by square.

the class LdapAuthenticatorTest method setup.

@Before
public void setup() throws Exception {
    LdapLookupConfig config = new LdapLookupConfig("ou=users,dc=example,dc=com", "uid", ImmutableSet.of("admin"), "ou=roles,dc=example,dc=com");
    ldapAuthenticator = new LdapAuthenticator(ldapConnectionFactory, config);
    List<SearchResultEntry> dnResults = Arrays.asList(new SearchResultEntry(PEOPLE_DN, new Attribute[] {}));
    List<SearchResultEntry> roleResults = Arrays.asList(new SearchResultEntry("cn=admin,ou=roles", new Attribute[] {}));
    when(ldapConnectionFactory.getLDAPConnection()).thenReturn(ldapConnection);
    doAnswer(invocation -> dnSearchResult).when(ldapConnection).search(argThat(searchRequest -> Optional.ofNullable(searchRequest).map(SearchRequest::getBaseDN).map(o -> o.equals("ou=users,dc=example,dc=com")).orElse(false)));
    // when(ldapConnection.search(argThat(new IsDnSearch()))).thenReturn(dnSearchResult);
    when(dnSearchResult.getEntryCount()).thenReturn(1);
    when(dnSearchResult.getSearchEntries()).thenReturn(dnResults);
    doAnswer(invocation -> roleSearchResult).when(ldapConnection).search(argThat(searchRequest -> Optional.ofNullable(searchRequest).map(SearchRequest::getBaseDN).map(o -> o.equals("ou=roles,dc=example,dc=com")).orElse(false)));
    // when(ldapConnection.search(argThat(new IsRoleSearch()))).thenReturn(roleSearchResult);
    when(roleSearchResult.getEntryCount()).thenReturn(1);
    when(roleSearchResult.getSearchEntries()).thenReturn(roleResults);
}
Also used : LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) Arrays(java.util.Arrays) ImmutableSet(com.google.common.collect.ImmutableSet) BasicCredentials(io.dropwizard.auth.basic.BasicCredentials) ArgumentMatchers.argThat(org.mockito.ArgumentMatchers.argThat) Mock(org.mockito.Mock) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Attribute(com.unboundid.ldap.sdk.Attribute) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) User(keywhiz.auth.User) SearchResult(com.unboundid.ldap.sdk.SearchResult) List(java.util.List) SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry) Ignore(org.junit.Ignore) Mockito.doAnswer(org.mockito.Mockito.doAnswer) Optional(java.util.Optional) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) Before(org.junit.Before) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) Attribute(com.unboundid.ldap.sdk.Attribute) SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry) Before(org.junit.Before)

Aggregations

Attribute (com.unboundid.ldap.sdk.Attribute)18 ArrayList (java.util.ArrayList)6 LDAPException (com.unboundid.ldap.sdk.LDAPException)4 SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)4 Entry (com.unboundid.ldap.sdk.Entry)3 SearchResult (com.unboundid.ldap.sdk.SearchResult)3 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 AttributeData (org.gluu.persist.model.AttributeData)3 Test (org.junit.Test)3 TeamModel (com.gitblit.models.TeamModel)2 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)2 AddRequest (com.unboundid.ldap.sdk.AddRequest)2 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2 LDIFAddChangeRecord (com.unboundid.ldif.LDIFAddChangeRecord)2 AttributeManager (com.zimbra.cs.account.AttributeManager)2 MappingException (org.gluu.persist.exception.mapping.MappingException)2 ConnectionException (org.gluu.persist.exception.operation.ConnectionException)2 SearchException (org.gluu.persist.exception.operation.SearchException)2 LdapAttribute (org.ldaptive.LdapAttribute)2