use of javax.naming.directory.Attribute in project ranger by apache.
the class LdapDeltaUserGroupBuilder method goUpGroupHierarchyLdap.
private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels) throws Throwable {
if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
return;
}
Set<String> nextLevelGroups = new HashSet<String>();
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
groupFilter += customFilter + "(|";
}
StringBuilder filter = new StringBuilder();
for (String groupDN : groupDNs) {
filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
}
filter.append("))");
groupFilter += filter;
LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
for (int ou = 0; ou < groupSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
do {
groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], groupFilter, groupSearchControls);
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
if (LOG.isInfoEnabled()) {
LOG.info("groupEntry null, skipping sync for the entry");
}
continue;
}
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
nextLevelGroups.add(groupEntry.getNameInNamespace());
String gName = (String) groupNameAttr.get();
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
userCount++;
originalUserFullName = originalUserFullName.toLowerCase();
if (userNameMap.get(originalUserFullName) != null) {
groupUserTable.put(gName, originalUserFullName, userNameMap.get(originalUserFullName));
} else {
groupUserTable.put(gName, originalUserFullName, originalUserFullName);
}
groupNameMap.put(groupEntry.getNameInNamespace().toLowerCase(), gName);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
} catch (RuntimeException re) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
throw re;
} catch (Exception t) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
}
}
} catch (RuntimeException re) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
throw re;
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1);
}
use of javax.naming.directory.Attribute in project ranger by apache.
the class UserInfo method getGroups.
private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable {
// LOG.debug("getGroups(): for user " + userInfo.getUserName());
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
for (String ou : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
if (!groupSearchFirstEnabled) {
if (userInfo == null) {
// Should never reach this.
LOG.error("No user information provided for group search!");
return;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
}
groupSearchResultEnum = ldapContext.search(ou, extendedGroupSearchFilter, new Object[] { userInfo.getUserFullName(), userInfo.getUserName() }, groupSearchControls);
} else {
// If group based search is enabled, then first retrieve all the groups based on the group configuration.
groupSearchResultEnum = ldapContext.search(ou, extendedAllGroupsSearchFilter, groupSearchControls);
}
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry != null) {
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
// System.out.println("getGroups(): Going through all groups");
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String groupDN = groupEntry.getNameInNamespace();
// System.out.println("getGroups(): groupDN = " + groupDN);
String gName = (String) groupNameAttr.get();
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
} else {
gName = gName.toUpperCase();
}
}
if (groupNameRegExInst != null) {
gName = groupNameRegExInst.transform(gName);
}
if (!groupSearchFirstEnabled) {
// computedGroups.add(gName);
if (LOG.isInfoEnabled()) {
LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + gName);
}
userInfo.addGroupDN(groupDN);
userInfo.addGroup(gName);
} else {
// If group based search is enabled, then
// update the group name to ranger admin
// check for group members and populate userInfo object with user's full name and group mapping
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
LOG.debug("Update Ranger admin with " + gName);
sink.addOrUpdateGroup(gName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
String userFullName = originalUserFullName.toLowerCase();
userCount++;
if (!userGroupMap.containsKey(userFullName)) {
// Preserving the original full name for later
userInfo = new UserInfo(userFullName, originalUserFullName);
userGroupMap.put(userFullName, userInfo);
} else {
userInfo = userGroupMap.get(userFullName);
}
LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
userInfo.addGroup(gName);
userInfo.addGroupDN(groupDN);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + counter);
} catch (Throwable t) {
LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + counter);
}
}
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
}
use of javax.naming.directory.Attribute in project qpid-broker-j by apache.
the class SimpleLDAPAuthenticationManagerImpl method findGroups.
private Set<Principal> findGroups(DirContext context, String userDN) throws NamingException {
Set<Principal> groupPrincipals = new HashSet<>();
if (getGroupAttributeName() != null && !"".equals(getGroupAttributeName())) {
Attributes attributes = context.getAttributes(userDN, new String[] { getGroupAttributeName() });
NamingEnumeration<? extends Attribute> namingEnum = attributes.getAll();
while (namingEnum.hasMore()) {
Attribute attribute = namingEnum.next();
if (attribute != null) {
NamingEnumeration<?> attributeValues = attribute.getAll();
while (attributeValues.hasMore()) {
Object attributeValue = attributeValues.next();
if (attributeValue != null) {
String groupDN = String.valueOf(attributeValue);
groupPrincipals.add(new GroupPrincipal(groupDN, this));
}
}
}
}
}
if (getGroupSearchContext() != null && !"".equals(getGroupSearchContext()) && getGroupSearchFilter() != null && !"".equals(getGroupSearchFilter())) {
SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(new String[] {});
searchControls.setSearchScope(isGroupSubtreeSearchScope() ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<?> groupEnumeration = context.search(getGroupSearchContext(), getGroupSearchFilter(), new String[] { encode(userDN) }, searchControls);
while (groupEnumeration.hasMore()) {
SearchResult result = (SearchResult) groupEnumeration.next();
String groupDN = result.getNameInNamespace();
groupPrincipals.add(new GroupPrincipal(groupDN, this));
}
}
return groupPrincipals;
}
use of javax.naming.directory.Attribute in project ART-TIME by Artezio.
the class LdapAdapter method createEmployee.
protected Employee createEmployee(Attributes attrs) throws NamingException, IllegalAccessException, InvocationTargetException {
Employee employee = new Employee();
for (Entry<String, String> item : attributeMapping.entrySet()) {
Attribute attr = attrs.get(item.getKey());
String value = parseAttribute(attr);
BeanUtils.setProperty(employee, item.getValue(), value);
}
employee.castDepartmentToNameCase();
WorkdaysCalendar calendar = workdaysCalendarRepository.findDefaultCalendar(employee);
employee.setCalendar(calendar);
return employee;
}
use of javax.naming.directory.Attribute in project fess by codelibs.
the class LdapManager method processSearchRoles.
protected void processSearchRoles(final List<SearchResult> result, final BiConsumer<String, String> consumer) throws NamingException {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
for (final SearchResult srcrslt : result) {
final Attributes attrs = srcrslt.getAttributes();
//get group attr
final Attribute attr = attrs.get(fessConfig.getLdapMemberofAttribute());
if (attr == null) {
continue;
}
for (int i = 0; i < attr.size(); i++) {
final Object attrValue = attr.get(i);
if (attrValue != null) {
final String entryDn = attrValue.toString();
int start = 0;
int end = 0;
start = entryDn.indexOf("CN=");
if (start < 0) {
start = entryDn.indexOf("cn=");
}
if (start == -1) {
continue;
}
start += 3;
end = entryDn.indexOf(',');
String name;
if (end == -1) {
name = entryDn.substring(start);
} else {
name = entryDn.substring(start, end);
}
consumer.accept(entryDn, name);
}
}
}
}
Aggregations