Examples with Attribute javax.naming.directory.Attribute used on opensource projects

Example 6 with Attribute

use of javax.naming.directory.Attribute in project hadoop by apache.

the class LdapGroupsMapping method lookupPosixGroup.

/**
   * Look up groups using posixGroups semantics. Use posix gid/uid to find
   * groups of the user.
   *
   * @param result the result object returned from the prior user lookup.
   * @param c the context object of the LDAP connection.
   * @return an object representing the search result.
   *
   * @throws NamingException if the server does not support posixGroups
   * semantics.
   */
private NamingEnumeration<SearchResult> lookupPosixGroup(SearchResult result, DirContext c) throws NamingException {
    String gidNumber = null;
    String uidNumber = null;
    Attribute gidAttribute = result.getAttributes().get(posixGidAttr);
    Attribute uidAttribute = result.getAttributes().get(posixUidAttr);
    String reason = "";
    if (gidAttribute == null) {
        reason = "Can't find attribute '" + posixGidAttr + "'.";
    } else {
        gidNumber = gidAttribute.get().toString();
    }
    if (uidAttribute == null) {
        reason = "Can't find attribute '" + posixUidAttr + "'.";
    } else {
        uidNumber = uidAttribute.get().toString();
    }
    if (uidNumber != null && gidNumber != null) {
        return c.search(baseDN, "(&" + groupSearchFilter + "(|(" + posixGidAttr + "={0})" + "(" + groupMemberAttr + "={1})))", new Object[] { gidNumber, uidNumber }, SEARCH_CONTROLS);
    }
    throw new NamingException("The server does not support posixGroups " + "semantics. Reason: " + reason + " Returned user object: " + result.toString());
}

Example 7 with Attribute

use of javax.naming.directory.Attribute in project hadoop by apache.

the class LdapGroupsMapping method doGetGroups.

/**
   * Perform LDAP queries to get group names of a user.
   *
   * Perform the first LDAP query to get the user object using the user's name.
   * If one-query is enabled, retrieve the group names from the user object.
   * If one-query is disabled, or if it failed, perform the second query to
   * get the groups.
   *
   * @param user user name
   * @return a list of group names for the user. If the user can not be found,
   * return an empty string array.
   * @throws NamingException if unable to get group names
   */
List<String> doGetGroups(String user, int goUpHierarchy) throws NamingException {
    DirContext c = getDirContext();
    // Search for the user. We'll only ever need to look at the first result
    NamingEnumeration<SearchResult> results = c.search(baseDN, userSearchFilter, new Object[] { user }, SEARCH_CONTROLS);
    // return empty list if the user can not be found.
    if (!results.hasMoreElements()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("doGetGroups(" + user + ") returned no groups because the " + "user is not found.");
        }
        return new ArrayList<String>();
    }
    SearchResult result = results.nextElement();
    List<String> groups = null;
    if (useOneQuery) {
        try {
            /**
         * For Active Directory servers, the user object has an attribute
         * 'memberOf' that represents the DNs of group objects to which the
         * user belongs. So the second query may be skipped.
         */
            Attribute groupDNAttr = result.getAttributes().get(memberOfAttr);
            if (groupDNAttr == null) {
                throw new NamingException("The user object does not have '" + memberOfAttr + "' attribute." + "Returned user object: " + result.toString());
            }
            groups = new ArrayList<String>();
            NamingEnumeration groupEnumeration = groupDNAttr.getAll();
            while (groupEnumeration.hasMore()) {
                String groupDN = groupEnumeration.next().toString();
                groups.add(getRelativeDistinguishedName(groupDN));
            }
        } catch (NamingException e) {
            // If the first lookup failed, fall back to the typical scenario.
            LOG.info("Failed to get groups from the first lookup. Initiating " + "the second LDAP query using the user's DN.", e);
        }
    }
    if (groups == null || groups.isEmpty() || goUpHierarchy > 0) {
        groups = lookupGroup(result, c, goUpHierarchy);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("doGetGroups(" + user + ") returned " + groups);
    }
    return groups;
}

Example 8 with Attribute

use of javax.naming.directory.Attribute in project OpenAM by OpenRock.

the class AMSetupServlet method getLdapHostAndPort.

// Method to get hostname and port number with the
// provided Domain Name for Active Directory user data store.
private String[] getLdapHostAndPort(String domainName) throws NamingException, IOException {
    if (!domainName.endsWith(".")) {
        domainName += '.';
    }
    DirContext ictx;
    // The resource record type A is defined in RFC 1035.
    try {
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
        ictx = new InitialDirContext(env);
        Attributes attributes = ictx.getAttributes(domainName, new String[] { "A" });
        Attribute attrib = attributes.get("A");
        if (attrib == null) {
            throw new NamingException();
        }
    } catch (NamingException e) {
        // throw exception.
        throw e;
    }
    // then look for the LDAP server
    String serverHostName;
    String serverPortStr;
    String ldapServer = "_ldap._tcp." + domainName;
    try {
        // Attempting to resolve ldapServer to SRV record.
        // This is a mechanism defined in MSDN, querying
        // SRV records for _ldap._tcp.DOMAINNAME.
        // and get host and port from domain.
        Attributes attributes = ictx.getAttributes(ldapServer, new String[] { "SRV" });
        Attribute attr = attributes.get("SRV");
        if (attr == null) {
            throw new NamingException();
        }
        String[] srv = attr.get().toString().split(" ");
        String hostNam = srv[3];
        serverHostName = hostNam.substring(0, hostNam.length() - 1);
        serverPortStr = srv[2];
    } catch (NamingException e) {
        // throw exception.
        throw e;
    }
    // try to connect to LDAP port to make sure this machine
    // has LDAP service
    int serverPort = Integer.parseInt(serverPortStr);
    try {
        new Socket(serverHostName, serverPort).close();
    } catch (IOException e) {
        throw e;
    }
    String[] hostAndPort = new String[2];
    hostAndPort[0] = serverHostName;
    hostAndPort[1] = serverPortStr;
    return hostAndPort;
}

Example 9 with Attribute

use of javax.naming.directory.Attribute in project OpenAM by OpenRock.

the class SMSLdapObject method copyModItemsToModifyRequest.

// Method to covert JNDI ModificationItems to LDAPModificationSet
private static ModifyRequest copyModItemsToModifyRequest(DN dn, ModificationItem[] mods) throws SMSException {
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(dn);
    try {
        for (ModificationItem mod : mods) {
            Attribute attribute = mod.getAttribute();
            LinkedAttribute attr = new LinkedAttribute(attribute.getID());
            for (NamingEnumeration ne = attribute.getAll(); ne.hasMore(); ) {
                attr.add(ne.next());
            }
            switch(mod.getModificationOp()) {
                case DirContext.ADD_ATTRIBUTE:
                    modifyRequest.addModification(new Modification(ModificationType.ADD, attr));
                    break;
                case DirContext.REPLACE_ATTRIBUTE:
                    modifyRequest.addModification(new Modification(ModificationType.REPLACE, attr));
                    break;
                case DirContext.REMOVE_ATTRIBUTE:
                    modifyRequest.addModification(new Modification(ModificationType.DELETE, attr));
                    break;
            }
        }
    } catch (NamingException nne) {
        throw new SMSException(nne, "sms-cannot-copy-fromModItemToModSet");
    }
    return modifyRequest;
}

Example 10 with Attribute

use of javax.naming.directory.Attribute in project OpenAM by OpenRock.

the class SMSEmbeddedLdapObject method copyModItemsToLDAPModList.

// Method to covert JNDI ModificationItems to LDAPModificationSet
private static List copyModItemsToLDAPModList(ModificationItem[] mods) throws SMSException {
    if ((mods == null) || (mods.length == 0)) {
        return null;
    }
    List<LDAPModification> modList = new ArrayList<>(mods.length);
    try {
        for (ModificationItem mod : mods) {
            Attribute dAttr = mod.getAttribute();
            String attrName = dAttr.getID();
            List<String> values = new ArrayList<>();
            for (NamingEnumeration ne = dAttr.getAll(); ne.hasMore(); ) {
                values.add((String) ne.next());
            }
            ModificationType modType = null;
            switch(mod.getModificationOp()) {
                case DirContext.ADD_ATTRIBUTE:
                    modType = ModificationType.ADD;
                    break;
                case DirContext.REPLACE_ATTRIBUTE:
                    modType = ModificationType.REPLACE;
                    break;
                case DirContext.REMOVE_ATTRIBUTE:
                    modType = ModificationType.DELETE;
                    break;
            }
            if (modType != null) {
                modList.add(new LDAPModification(modType, new LDAPAttribute(attrName, values)));
            }
        }
    } catch (NamingException nne) {
        throw (new SMSException(nne, "sms-cannot-copy-fromModItemToModSet"));
    }
    return (modList);
}