Search in sources :

Example 31 with Attribute

use of javax.naming.directory.Attribute in project ranger by apache.

the class LdapDeltaUserGroupBuilder method goUpGroupHierarchyLdap.

private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels) throws Throwable {
    if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
        return;
    }
    Set<String> nextLevelGroups = new HashSet<String>();
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
        if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
            String customFilter = groupSearchFilter.trim();
            if (!customFilter.startsWith("(")) {
                customFilter = "(" + customFilter + ")";
            }
            groupFilter += customFilter + "(|";
        }
        StringBuilder filter = new StringBuilder();
        for (String groupDN : groupDNs) {
            filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
        }
        filter.append("))");
        groupFilter += filter;
        LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
        for (int ou = 0; ou < groupSearchBase.length; ou++) {
            byte[] cookie = null;
            int counter = 0;
            try {
                do {
                    groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], groupFilter, groupSearchControls);
                    while (groupSearchResultEnum.hasMore()) {
                        final SearchResult groupEntry = groupSearchResultEnum.next();
                        if (groupEntry == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("groupEntry null, skipping sync for the entry");
                            }
                            continue;
                        }
                        counter++;
                        Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
                        if (groupNameAttr == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        nextLevelGroups.add(groupEntry.getNameInNamespace());
                        String gName = (String) groupNameAttr.get();
                        Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
                        int userCount = 0;
                        if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
                            LOG.info("No members available for " + gName);
                            continue;
                        }
                        NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
                        while (userEnum.hasMore()) {
                            String originalUserFullName = (String) userEnum.next();
                            if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
                                continue;
                            }
                            userCount++;
                            originalUserFullName = originalUserFullName.toLowerCase();
                            if (userNameMap.get(originalUserFullName) != null) {
                                groupUserTable.put(gName, originalUserFullName, userNameMap.get(originalUserFullName));
                            } else {
                                groupUserTable.put(gName, originalUserFullName, originalUserFullName);
                            }
                            groupNameMap.put(groupEntry.getNameInNamespace().toLowerCase(), gName);
                        }
                        LOG.info("No. of members in the group " + gName + " = " + userCount);
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (int i = 0; i < controls.length; i++) {
                            if (controls[i] instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
            } catch (RuntimeException re) {
                LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
                throw re;
            } catch (Exception t) {
                LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
                LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
            }
        }
    } catch (RuntimeException re) {
        LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
        throw re;
    } finally {
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
    goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1);
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchResult(javax.naming.directory.SearchResult) InvalidNameException(javax.naming.InvalidNameException) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) HashSet(java.util.HashSet) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 32 with Attribute

use of javax.naming.directory.Attribute in project ranger by apache.

the class UserInfo method getGroups.

private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable {
    // LOG.debug("getGroups(): for user " + userInfo.getUserName());
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        for (String ou : groupSearchBase) {
            byte[] cookie = null;
            int counter = 0;
            try {
                int paged = 0;
                do {
                    if (!groupSearchFirstEnabled) {
                        if (userInfo == null) {
                            // Should never reach this.
                            LOG.error("No user information provided for group search!");
                            return;
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
                        }
                        groupSearchResultEnum = ldapContext.search(ou, extendedGroupSearchFilter, new Object[] { userInfo.getUserFullName(), userInfo.getUserName() }, groupSearchControls);
                    } else {
                        // If group based search is enabled, then first retrieve all the groups based on the group configuration.
                        groupSearchResultEnum = ldapContext.search(ou, extendedAllGroupsSearchFilter, groupSearchControls);
                    }
                    while (groupSearchResultEnum.hasMore()) {
                        final SearchResult groupEntry = groupSearchResultEnum.next();
                        if (groupEntry != null) {
                            counter++;
                            Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
                            // System.out.println("getGroups(): Going through all groups");
                            if (groupNameAttr == null) {
                                if (LOG.isInfoEnabled()) {
                                    LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
                                }
                                continue;
                            }
                            String groupDN = groupEntry.getNameInNamespace();
                            // System.out.println("getGroups(): groupDN = " + groupDN);
                            String gName = (String) groupNameAttr.get();
                            if (groupNameCaseConversionFlag) {
                                if (groupNameLowerCaseFlag) {
                                    gName = gName.toLowerCase();
                                } else {
                                    gName = gName.toUpperCase();
                                }
                            }
                            if (groupNameRegExInst != null) {
                                gName = groupNameRegExInst.transform(gName);
                            }
                            if (!groupSearchFirstEnabled) {
                                // computedGroups.add(gName);
                                if (LOG.isInfoEnabled()) {
                                    LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + gName);
                                }
                                userInfo.addGroupDN(groupDN);
                                userInfo.addGroup(gName);
                            } else {
                                // If group based search is enabled, then
                                // update the group name to ranger admin
                                // check for group members and populate userInfo object with user's full name and group mapping
                                Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
                                LOG.debug("Update Ranger admin with " + gName);
                                sink.addOrUpdateGroup(gName);
                                int userCount = 0;
                                if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
                                    LOG.info("No members available for " + gName);
                                    continue;
                                }
                                NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
                                while (userEnum.hasMore()) {
                                    String originalUserFullName = (String) userEnum.next();
                                    if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
                                        continue;
                                    }
                                    String userFullName = originalUserFullName.toLowerCase();
                                    userCount++;
                                    if (!userGroupMap.containsKey(userFullName)) {
                                        // Preserving the original full name for later
                                        userInfo = new UserInfo(userFullName, originalUserFullName);
                                        userGroupMap.put(userFullName, userInfo);
                                    } else {
                                        userInfo = userGroupMap.get(userFullName);
                                    }
                                    LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
                                    userInfo.addGroup(gName);
                                    userInfo.addGroupDN(groupDN);
                                }
                                LOG.info("No. of members in the group " + gName + " = " + userCount);
                            }
                        }
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (Control control : controls) {
                            if (control instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        LOG.debug(String.format("Fetched paged results round: %s", ++paged));
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + counter);
            } catch (Throwable t) {
                LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
                LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + counter);
            }
        }
    } finally {
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchResult(javax.naming.directory.SearchResult) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 33 with Attribute

use of javax.naming.directory.Attribute in project qpid-broker-j by apache.

the class SimpleLDAPAuthenticationManagerImpl method findGroups.

private Set<Principal> findGroups(DirContext context, String userDN) throws NamingException {
    Set<Principal> groupPrincipals = new HashSet<>();
    if (getGroupAttributeName() != null && !"".equals(getGroupAttributeName())) {
        Attributes attributes = context.getAttributes(userDN, new String[] { getGroupAttributeName() });
        NamingEnumeration<? extends Attribute> namingEnum = attributes.getAll();
        while (namingEnum.hasMore()) {
            Attribute attribute = namingEnum.next();
            if (attribute != null) {
                NamingEnumeration<?> attributeValues = attribute.getAll();
                while (attributeValues.hasMore()) {
                    Object attributeValue = attributeValues.next();
                    if (attributeValue != null) {
                        String groupDN = String.valueOf(attributeValue);
                        groupPrincipals.add(new GroupPrincipal(groupDN, this));
                    }
                }
            }
        }
    }
    if (getGroupSearchContext() != null && !"".equals(getGroupSearchContext()) && getGroupSearchFilter() != null && !"".equals(getGroupSearchFilter())) {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[] {});
        searchControls.setSearchScope(isGroupSubtreeSearchScope() ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
        NamingEnumeration<?> groupEnumeration = context.search(getGroupSearchContext(), getGroupSearchFilter(), new String[] { encode(userDN) }, searchControls);
        while (groupEnumeration.hasMore()) {
            SearchResult result = (SearchResult) groupEnumeration.next();
            String groupDN = result.getNameInNamespace();
            groupPrincipals.add(new GroupPrincipal(groupDN, this));
        }
    }
    return groupPrincipals;
}
Also used : Attribute(javax.naming.directory.Attribute) GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal) Attributes(javax.naming.directory.Attributes) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) SearchControls(javax.naming.directory.SearchControls) SearchResult(javax.naming.directory.SearchResult) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 34 with Attribute

use of javax.naming.directory.Attribute in project ART-TIME by Artezio.

the class LdapAdapter method createEmployee.

protected Employee createEmployee(Attributes attrs) throws NamingException, IllegalAccessException, InvocationTargetException {
    Employee employee = new Employee();
    for (Entry<String, String> item : attributeMapping.entrySet()) {
        Attribute attr = attrs.get(item.getKey());
        String value = parseAttribute(attr);
        BeanUtils.setProperty(employee, item.getValue(), value);
    }
    employee.castDepartmentToNameCase();
    WorkdaysCalendar calendar = workdaysCalendarRepository.findDefaultCalendar(employee);
    employee.setCalendar(calendar);
    return employee;
}
Also used : WorkdaysCalendar(com.artezio.arttime.datamodel.WorkdaysCalendar) Employee(com.artezio.arttime.datamodel.Employee) Attribute(javax.naming.directory.Attribute)

Example 35 with Attribute

use of javax.naming.directory.Attribute in project fess by codelibs.

the class LdapManager method processSearchRoles.

protected void processSearchRoles(final List<SearchResult> result, final BiConsumer<String, String> consumer) throws NamingException {
    final FessConfig fessConfig = ComponentUtil.getFessConfig();
    for (final SearchResult srcrslt : result) {
        final Attributes attrs = srcrslt.getAttributes();
        //get group attr
        final Attribute attr = attrs.get(fessConfig.getLdapMemberofAttribute());
        if (attr == null) {
            continue;
        }
        for (int i = 0; i < attr.size(); i++) {
            final Object attrValue = attr.get(i);
            if (attrValue != null) {
                final String entryDn = attrValue.toString();
                int start = 0;
                int end = 0;
                start = entryDn.indexOf("CN=");
                if (start < 0) {
                    start = entryDn.indexOf("cn=");
                }
                if (start == -1) {
                    continue;
                }
                start += 3;
                end = entryDn.indexOf(',');
                String name;
                if (end == -1) {
                    name = entryDn.substring(start);
                } else {
                    name = entryDn.substring(start, end);
                }
                consumer.accept(entryDn, name);
            }
        }
    }
}
Also used : BasicAttribute(javax.naming.directory.BasicAttribute) Attribute(javax.naming.directory.Attribute) BasicAttributes(javax.naming.directory.BasicAttributes) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) FessConfig(org.codelibs.fess.mylasta.direction.FessConfig)

Aggregations

Attribute (javax.naming.directory.Attribute)288 Attributes (javax.naming.directory.Attributes)162 NamingException (javax.naming.NamingException)133 BasicAttribute (javax.naming.directory.BasicAttribute)97 SearchResult (javax.naming.directory.SearchResult)92 ArrayList (java.util.ArrayList)74 BasicAttributes (javax.naming.directory.BasicAttributes)64 NamingEnumeration (javax.naming.NamingEnumeration)56 SearchControls (javax.naming.directory.SearchControls)55 DirContext (javax.naming.directory.DirContext)46 InitialDirContext (javax.naming.directory.InitialDirContext)40 HashSet (java.util.HashSet)38 HashMap (java.util.HashMap)29 IOException (java.io.IOException)24 LdapName (javax.naming.ldap.LdapName)20 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)18 Hashtable (java.util.Hashtable)17 Map (java.util.Map)17 ModificationItem (javax.naming.directory.ModificationItem)17 List (java.util.List)15