Examples with SearchControls javax.naming.directory.SearchControls used on opensource projects

Example 51 with SearchControls

use of javax.naming.directory.SearchControls in project Openfire by igniterealtime.

the class LdapManager method lookupExistence.

/**
     * Looks up an LDAP object by its DN and returns <tt>true</tt> if
     * the search was successful.
     *
     * @param ctx the Context to use for the lookup.
     * @param dn the object's dn to lookup.
     * @return true if the lookup was successful.
     * @throws NamingException if login credentials were wrong.
     */
private Boolean lookupExistence(InitialDirContext ctx, String dn, String[] returnattrs) throws NamingException {
    boolean debug = Log.isDebugEnabled();
    if (debug) {
        Log.debug("LdapManager: In lookupExistence(ctx, dn, returnattrs), searchdn is: " + dn);
    }
    // Bind to the object's DN
    ctx.addToEnvironment(Context.PROVIDER_URL, getProviderURL(dn));
    String filter = "(&(objectClass=*))";
    SearchControls srcnt = new SearchControls();
    srcnt.setSearchScope(SearchControls.OBJECT_SCOPE);
    srcnt.setReturningAttributes(returnattrs);
    NamingEnumeration<SearchResult> answer = null;
    try {
        answer = ctx.search("", filter, srcnt);
    } catch (javax.naming.NameNotFoundException nex) {
    // DN not found
    } catch (NamingException ex) {
        throw ex;
    }
    if (answer == null || !answer.hasMoreElements()) {
        Log.debug("LdapManager: .... lookupExistence: DN not found.");
        return false;
    } else {
        Log.debug("LdapManager: .... lookupExistence: DN found.");
        return true;
    }
}

Example 52 with SearchControls

use of javax.naming.directory.SearchControls in project Openfire by igniterealtime.

the class LdapManager method findGroupDN.

/**
     * Finds a groups's dn using it's group name. Normally, this search will
     * be performed using the field "cn", but this can be changed by setting
     * the <tt>groupNameField</tt> property.<p>
     *
     * Searches are performed over all subtrees relative to the <tt>baseDN</tt>.
     * If the search fails in the <tt>baseDN</tt> then another search will be
     * performed in the <tt>alternateBaseDN</tt>. For example, if the <tt>baseDN</tt>
     * is "o=jivesoftware, o=com" and we do a search for "managers", then we might
     * find a groupDN of "uid=managers,ou=Groups". This kind of searching is a good
     * thing since it doesn't make the assumption that all user records are stored
     * in a flat structure. However, it does add the requirement that "cn" field
     * (or the other field specified) must be unique over the entire subtree from
     * the <tt>baseDN</tt>. For example, it's entirely possible to create two dn's
     * in your LDAP directory with the same cn: "cn=managers,ou=Financial" and
     * "cn=managers,ou=Engineers". In such a case, it's not possible to
     * uniquely identify a group, so this method will throw an error.<p>
     *
     * The dn that's returned is relative to the default <tt>baseDN</tt>.
     *
     * @param groupname the groupname to lookup the dn for.
     * @param baseDN the base DN to use for this search.
     * @return the dn associated with <tt>groupname</tt>.
     * @throws Exception if the search for the dn fails.
     * @see #findGroupDN(String) to search using the default baseDN and alternateBaseDN.
     */
public String findGroupDN(String groupname, String baseDN) throws Exception {
    boolean debug = Log.isDebugEnabled();
    if (debug) {
        Log.debug("LdapManager: Trying to find a groups's DN based on it's groupname. " + groupNameField + ": " + groupname + ", Base DN: " + baseDN + "...");
    }
    DirContext ctx = null;
    try {
        ctx = getContext(baseDN);
        if (debug) {
            Log.debug("LdapManager: Starting LDAP search...");
        }
        // Search for the dn based on the groupname.
        SearchControls constraints = new SearchControls();
        // If sub-tree searching is enabled (default is true) then search the entire tree.
        if (subTreeSearch) {
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        } else // Otherwise, only search a single level.
        {
            constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
        }
        constraints.setReturningAttributes(new String[] { groupNameField });
        String filter = MessageFormat.format(getGroupSearchFilter(), sanitizeSearchFilter(groupname));
        NamingEnumeration<SearchResult> answer = ctx.search("", filter, constraints);
        if (debug) {
            Log.debug("LdapManager: ... search finished");
        }
        if (answer == null || !answer.hasMoreElements()) {
            if (debug) {
                Log.debug("LdapManager: Group DN based on groupname '" + groupname + "' not found.");
            }
            throw new GroupNotFoundException("Groupname " + groupname + " not found");
        }
        String groupDN = answer.next().getName();
        // The baseDN must be set correctly so that this doesn't happen.
        if (answer.hasMoreElements()) {
            if (debug) {
                Log.debug("LdapManager: Search for groupDN based on groupname '" + groupname + "' found multiple " + "responses, throwing exception.");
            }
            throw new GroupNotFoundException("LDAP groupname lookup for " + groupname + " matched multiple entries.");
        }
        // Close the enumeration.
        answer.close();
        // following code converts a referral back to a "partial" LDAP string.
        if (groupDN.startsWith("ldap://")) {
            groupDN = groupDN.replace("," + baseDN, "");
            groupDN = groupDN.substring(groupDN.lastIndexOf("/") + 1);
            groupDN = java.net.URLDecoder.decode(groupDN, "UTF-8");
        }
        if (encloseGroupDN) {
            groupDN = getEnclosedDN(groupDN);
        }
        return groupDN;
    } catch (Exception e) {
        if (debug) {
            Log.debug("LdapManager: Exception thrown when searching for groupDN based on groupname '" + groupname + "'", e);
        }
        throw e;
    } finally {
        try {
            ctx.close();
        } catch (Exception ignored) {
        // Ignore.
        }
    }
}

Example 53 with SearchControls

use of javax.naming.directory.SearchControls in project Openfire by igniterealtime.

the class LdapManager method findUserDN.

/**
     * Finds a user's dn using their username in the specified baseDN. Normally, this search
     * will be performed using the field "uid", but this can be changed by setting
     * the <tt>usernameField</tt> property.<p>
     *
     * Searches are performed over all sub-trees relative to the <tt>baseDN</tt> unless
     * sub-tree searching has been disabled. For example, if the <tt>baseDN</tt> is
     * "o=jivesoftware, o=com" and we do a search for "mtucker", then we might find a userDN of
     * "uid=mtucker,ou=People". This kind of searching is a good thing since
     * it doesn't make the assumption that all user records are stored in a flat
     * structure. However, it does add the requirement that "uid" field (or the
     * other field specified) must be unique over the entire subtree from the
     * <tt>baseDN</tt>. For example, it's entirely possible to create two dn's
     * in your LDAP directory with the same uid: "uid=mtucker,ou=People" and
     * "uid=mtucker,ou=Administrators". In such a case, it's not possible to
     * uniquely identify a user, so this method will throw an error.<p>
     *
     * The DN that's returned is relative to the <tt>baseDN</tt>.
     *
     * @param username the username to lookup the dn for.
     * @param baseDN the base DN to use for this search.
     * @return the dn associated with <tt>username</tt>.
     * @throws Exception if the search for the dn fails.
     * @see #findUserDN(String) to search using the default baseDN and alternateBaseDN.
     */
public String findUserDN(String username, String baseDN) throws Exception {
    boolean debug = Log.isDebugEnabled();
    //Support for usernameSuffix
    username = username + usernameSuffix;
    if (debug) {
        Log.debug("LdapManager: Trying to find a user's DN based on their username. " + usernameField + ": " + username + ", Base DN: " + baseDN + "...");
    }
    DirContext ctx = null;
    try {
        ctx = getContext(baseDN);
        if (debug) {
            Log.debug("LdapManager: Starting LDAP search...");
        }
        // Search for the dn based on the username.
        SearchControls constraints = new SearchControls();
        // If sub-tree searching is enabled (default is true) then search the entire tree.
        if (subTreeSearch) {
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        } else // Otherwise, only search a single level.
        {
            constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
        }
        constraints.setReturningAttributes(new String[] { usernameField });
        // NOTE: this assumes that the username has already been JID-unescaped
        NamingEnumeration<SearchResult> answer = ctx.search("", getSearchFilter(), new String[] { sanitizeSearchFilter(username) }, constraints);
        if (debug) {
            Log.debug("LdapManager: ... search finished");
        }
        if (answer == null || !answer.hasMoreElements()) {
            if (debug) {
                Log.debug("LdapManager: User DN based on username '" + username + "' not found.");
            }
            throw new UserNotFoundException("Username " + username + " not found");
        }
        String userDN = answer.next().getName();
        // The baseDN must be set correctly so that this doesn't happen.
        if (answer.hasMoreElements()) {
            if (debug) {
                Log.debug("LdapManager: Search for userDN based on username '" + username + "' found multiple " + "responses, throwing exception.");
            }
            throw new UserNotFoundException("LDAP username lookup for " + username + " matched multiple entries.");
        }
        // Close the enumeration.
        answer.close();
        // following code converts a referral back to a "partial" LDAP string.
        if (userDN.startsWith("ldap://")) {
            userDN = userDN.replace("," + baseDN, "");
            userDN = userDN.substring(userDN.lastIndexOf("/") + 1);
            userDN = java.net.URLDecoder.decode(userDN, "UTF-8");
        }
        if (encloseUserDN) {
            userDN = getEnclosedDN(userDN);
        }
        return userDN;
    } catch (Exception e) {
        if (debug) {
            Log.debug("LdapManager: Exception thrown when searching for userDN based on username '" + username + "'", e);
        }
        throw e;
    } finally {
        try {
            ctx.close();
        } catch (Exception ignored) {
        // Ignore.
        }
    }
}

Example 54 with SearchControls

use of javax.naming.directory.SearchControls in project Openfire by igniterealtime.

the class LdapAuthorizationMapping method map.

@Override
public String map(String principal) {
    String username = principal;
    DirContext ctx = null;
    try {
        Log.debug("LdapAuthorizationMapping: Starting LDAP search...");
        String usernameField = manager.getUsernameField();
        //String baseDN = manager.getBaseDN();
        boolean subTreeSearch = manager.isSubTreeSearch();
        ctx = manager.getContext();
        SearchControls constraints = new SearchControls();
        if (subTreeSearch) {
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        } else // Otherwise, only search a single level.
        {
            constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
        }
        constraints.setReturningAttributes(new String[] { usernameField });
        NamingEnumeration answer = ctx.search("", princSearchFilter, new String[] { LdapManager.sanitizeSearchFilter(principal) }, constraints);
        Log.debug("LdapAuthorizationMapping: ... search finished");
        if (answer == null || !answer.hasMoreElements()) {
            Log.debug("LdapAuthorizationMapping: Username based on principal '" + principal + "' not found.");
            return principal;
        }
        Attributes atrs = ((SearchResult) answer.next()).getAttributes();
        Attribute usernameAttribute = atrs.get(usernameField);
        username = (String) usernameAttribute.get();
    } catch (Exception e) {
    // Ignore.
    } finally {
        try {
            if (ctx != null) {
                ctx.close();
            }
        } catch (Exception ignored) {
        // Ignore.
        }
    }
    return username;
}

Example 55 with SearchControls

use of javax.naming.directory.SearchControls in project gocd by gocd.

the class LdapUserSearch method search.

public List<User> search(String username, LdapConfig ldapConfig) {
    if (ldapConfig.getBasesConfig().isEmpty()) {
        throw new RuntimeException("Atleast one Search Base needs to be configured.");
    }
    OrFilter filter = new OrFilter();
    String searchString = MessageFormat.format("*{0}*", username);
    filter.or(new LikeFilter(SAM_ACCOUNT_NAME, searchString));
    filter.or(new LikeFilter(UID, searchString));
    filter.or(new LikeFilter(COMMON_NAME, searchString));
    filter.or(new LikeFilter(MAIL_ID, searchString));
    // This field is optional to search based on. Only for alias emails.
    filter.or(new LikeFilter(ALIAS_EMAIL_ID, searchString));
    //List ldapUserList = template.search(ldapConfig.searchBase(), filter.encode(), attributes);
    SearchControls controls = new SearchControls();
    controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    controls.setCountLimit(MAX_RESULTS);
    AttributesMapperCallbackHandler handler = getAttributesMapperCallbackHandler();
    for (BaseConfig baseConfig : ldapConfig.getBasesConfig()) {
        try {
            ldapTemplate.search(baseConfig.getValue(), filter.encode(), controls, handler);
        } catch (org.springframework.ldap.LimitExceededException e) {
            throw new NotAllResultsShownException(buildUserList(handler.getList()));
        }
    }
    return buildUserList(handler.getList());
}