Example 46 with Attribute
use of javax.naming.directory.Attribute in project karaf by apache.
the class LDAPCache method doGetUserRoles.
private String[] doGetUserRoles(String user, String userDn, String userDnNamespace) throws NamingException {
DirContext context = open();
SearchControls controls = new SearchControls();
if (options.getRoleSearchSubtree()) {
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
} else {
controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
}
String filter = options.getRoleFilter();
if (filter != null) {
filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn));
filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace));
filter = filter.replace("\\", "\\\\");
LOGGER.debug("Looking for the user roles in LDAP with ");
LOGGER.debug(" base DN: " + options.getRoleBaseDn());
LOGGER.debug(" filter: " + filter);
NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls);
try {
List<String> rolesList = new ArrayList<>();
while (namingEnumeration.hasMore()) {
SearchResult result = (SearchResult) namingEnumeration.next();
Attributes attributes = result.getAttributes();
Attribute roles1 = attributes.get(options.getRoleNameAttribute());
if (roles1 != null) {
for (int i = 0; i < roles1.size(); i++) {
String role = (String) roles1.get(i);
if (role != null) {
LOGGER.debug("User {} is a member of role {}", user, role);
// handle role mapping
Set<String> roleMappings = tryMappingRole(role);
if (roleMappings.isEmpty()) {
rolesList.add(role);
} else {
for (String roleMapped : roleMappings) {
rolesList.add(roleMapped);
}
}
}
}
}
}
return rolesList.toArray(new String[rolesList.size()]);
} finally {
if (namingEnumeration != null) {
try {
namingEnumeration.close();
} catch (NamingException e) {
// Ignore
}
}
}
} else {
LOGGER.debug("The user role filter is null so no roles are retrieved");
return new String[] {};
}
}
Also used :
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchControls(javax.naming.directory.SearchControls)
NamingEnumeration(javax.naming.NamingEnumeration)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
InitialDirContext(javax.naming.directory.InitialDirContext)
EventDirContext(javax.naming.event.EventDirContext)
DirContext(javax.naming.directory.DirContext)
Example 47 with Attribute
use of javax.naming.directory.Attribute in project gerrit by GerritCodeReview.
the class Helper method queryForGroups.
Set<AccountGroup.UUID> queryForGroups(final DirContext ctx, final String username, LdapQuery.Result account) throws NamingException {
final LdapSchema schema = getSchema(ctx);
final Set<String> groupDNs = new HashSet<>();
if (!schema.groupMemberQueryList.isEmpty()) {
final HashMap<String, String> params = new HashMap<>();
if (account == null) {
try {
account = findAccount(schema, ctx, username, false);
} catch (AccountException e) {
return Collections.emptySet();
}
}
for (String name : schema.groupMemberQueryList.get(0).getParameters()) {
params.put(name, account.get(name));
}
params.put(LdapRealm.USERNAME, username);
for (LdapQuery groupMemberQuery : schema.groupMemberQueryList) {
for (LdapQuery.Result r : groupMemberQuery.query(ctx, params)) {
recursivelyExpandGroups(groupDNs, schema, ctx, r.getDN());
}
}
}
if (schema.accountMemberField != null) {
if (account == null || account.getAll(schema.accountMemberField) == null) {
try {
account = findAccount(schema, ctx, username, true);
} catch (AccountException e) {
return Collections.emptySet();
}
}
final Attribute groupAtt = account.getAll(schema.accountMemberField);
if (groupAtt != null) {
final NamingEnumeration<?> groups = groupAtt.getAll();
try {
while (groups.hasMore()) {
final String nextDN = (String) groups.next();
recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
}
} catch (PartialResultException e) {
// Ignored
}
}
}
final Set<AccountGroup.UUID> actual = new HashSet<>();
for (String dn : groupDNs) {
actual.add(new AccountGroup.UUID(LDAP_UUID + dn));
}
if (actual.isEmpty()) {
return Collections.emptySet();
}
return ImmutableSet.copyOf(actual);
}
Also used :
HashMap(java.util.HashMap)
Attribute(javax.naming.directory.Attribute)
PartialResultException(javax.naming.PartialResultException)
ParameterizedString(com.google.gerrit.common.data.ParameterizedString)
AccountException(com.google.gerrit.server.account.AccountException)
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
HashSet(java.util.HashSet)
Example 48 with Attribute
use of javax.naming.directory.Attribute in project gerrit by GerritCodeReview.
the class Helper method recursivelyExpandGroups.
private void recursivelyExpandGroups(final Set<String> groupDNs, final LdapSchema schema, final DirContext ctx, final String groupDN) {
if (groupDNs.add(groupDN) && schema.accountMemberField != null && schema.accountMemberExpandGroups) {
ImmutableSet<String> cachedParentsDNs = parentGroups.getIfPresent(groupDN);
if (cachedParentsDNs == null) {
// Recursively identify the groups it is a member of.
ImmutableSet.Builder<String> dns = ImmutableSet.builder();
try {
final Name compositeGroupName = new CompositeName().add(groupDN);
final Attribute in = ctx.getAttributes(compositeGroupName, schema.accountMemberFieldArray).get(schema.accountMemberField);
if (in != null) {
final NamingEnumeration<?> groups = in.getAll();
try {
while (groups.hasMore()) {
dns.add((String) groups.next());
}
} catch (PartialResultException e) {
// Ignored
}
}
} catch (NamingException e) {
LdapRealm.log.warn("Could not find group " + groupDN, e);
}
cachedParentsDNs = dns.build();
parentGroups.put(groupDN, cachedParentsDNs);
}
for (String dn : cachedParentsDNs) {
recursivelyExpandGroups(groupDNs, schema, ctx, dn);
}
}
}
Also used :
ImmutableSet(com.google.common.collect.ImmutableSet)
Attribute(javax.naming.directory.Attribute)
CompositeName(javax.naming.CompositeName)
PartialResultException(javax.naming.PartialResultException)
NamingException(javax.naming.NamingException)
ParameterizedString(com.google.gerrit.common.data.ParameterizedString)
CompositeName(javax.naming.CompositeName)
Name(javax.naming.Name)
Example 49 with Attribute
use of javax.naming.directory.Attribute in project fess by codelibs.
the class LdapManager method processSearchRoles.
protected void processSearchRoles(final List<SearchResult> result, final BiConsumer<String, String> consumer) throws NamingException {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
for (final SearchResult srcrslt : result) {
final Attributes attrs = srcrslt.getAttributes();
//get group attr
final Attribute attr = attrs.get(fessConfig.getLdapMemberofAttribute());
if (attr == null) {
continue;
}
for (int i = 0; i < attr.size(); i++) {
final Object attrValue = attr.get(i);
if (attrValue != null) {
final String entryDn = attrValue.toString();
int start = 0;
int end = 0;
start = entryDn.indexOf("CN=");
if (start < 0) {
start = entryDn.indexOf("cn=");
}
if (start == -1) {
continue;
}
start += 3;
end = entryDn.indexOf(',');
String name;
if (end == -1) {
name = entryDn.substring(start);
} else {
name = entryDn.substring(start, end);
}
consumer.accept(entryDn, name);
}
}
}
}
Also used :
BasicAttribute(javax.naming.directory.BasicAttribute)
Attribute(javax.naming.directory.Attribute)
BasicAttributes(javax.naming.directory.BasicAttributes)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
FessConfig(org.codelibs.fess.mylasta.direction.FessConfig)
Example 50 with Attribute
use of javax.naming.directory.Attribute in project fess by codelibs.
the class LdapManager method insert.
public void insert(final Group group) {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
if (!fessConfig.isLdapAdminEnabled()) {
return;
}
final Supplier<Hashtable<String, String>> adminEnv = () -> createAdminEnv();
final String entryDN = fessConfig.getLdapAdminGroupSecurityPrincipal(group.getName());
search(fessConfig.getLdapAdminGroupBaseDn(), fessConfig.getLdapAdminGroupFilter(group.getName()), null, adminEnv, result -> {
if (!result.isEmpty()) {
logger.info("{} exists in LDAP server.", group.getName());
modifyGroupAttributes(group, adminEnv, entryDN, result, fessConfig);
} else {
final BasicAttributes entry = new BasicAttributes();
addGroupAttributes(entry, group, fessConfig);
final Attribute oc = fessConfig.getLdapAdminGroupObjectClassAttribute();
entry.put(oc);
insert(entryDN, entry, adminEnv);
}
});
}
Also used :
BasicAttributes(javax.naming.directory.BasicAttributes)
BasicAttribute(javax.naming.directory.BasicAttribute)
Attribute(javax.naming.directory.Attribute)
Hashtable(java.util.Hashtable)
FessConfig(org.codelibs.fess.mylasta.direction.FessConfig)
Aggregations
Attribute (javax.naming.directory.Attribute)110
Attributes (javax.naming.directory.Attributes)57
NamingException (javax.naming.NamingException)39
BasicAttribute (javax.naming.directory.BasicAttribute)39
BasicAttributes (javax.naming.directory.BasicAttributes)30
ArrayList (java.util.ArrayList)29
SearchResult (javax.naming.directory.SearchResult)25
NamingEnumeration (javax.naming.NamingEnumeration)22
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)18
HashSet (java.util.HashSet)17
DirContext (javax.naming.directory.DirContext)17
SearchControls (javax.naming.directory.SearchControls)17
IOException (java.io.IOException)11
InitialDirContext (javax.naming.directory.InitialDirContext)11
ModificationItem (javax.naming.directory.ModificationItem)11
Hashtable (java.util.Hashtable)9
File (java.io.File)7
List (java.util.List)7
MutablePartitionConfiguration (org.apache.directory.server.core.configuration.MutablePartitionConfiguration)7
AbstractBootstrapSchema (org.apache.directory.server.core.schema.bootstrap.AbstractBootstrapSchema)7
