Search in sources :

Example 11 with SearchResult

use of javax.naming.directory.SearchResult in project camel by apache.

the class LdapRouteTest method testLdapRouteReturnedAttributes.

@Test
public void testLdapRouteReturnedAttributes() throws Exception {
    // LDAP servers behave differently when it comes to what attributes are returned
    // by default (Apache Directory server returns all attributes by default)
    // Using the returnedAttributes parameter this behavior can be controlled
    camel.addRoutes(createRouteBuilder("ldap:localhost:" + port + "?base=ou=system&returnedAttributes=uid,cn"));
    camel.start();
    Endpoint endpoint = camel.getEndpoint("direct:start");
    Exchange exchange = endpoint.createExchange();
    // then we set the LDAP filter on the in body
    exchange.getIn().setBody("(uid=tcruise)");
    // now we send the exchange to the endpoint, and receives the response from Camel
    Exchange out = template.send(endpoint, exchange);
    Collection<SearchResult> searchResults = defaultLdapModuleOutAssertions(out);
    assertEquals(1, searchResults.size());
    assertTrue(contains("uid=tcruise,ou=actors,ou=system", searchResults));
    Attributes theOneResultAtts = searchResults.iterator().next().getAttributes();
    assertEquals("tcruise", theOneResultAtts.get("uid").get());
    assertEquals("Tom Cruise", theOneResultAtts.get("cn").get());
    // make sure this att is NOT returned anymore 
    assertNull(theOneResultAtts.get("sn"));
}
Also used : Exchange(org.apache.camel.Exchange) Endpoint(org.apache.camel.Endpoint) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) Test(org.junit.Test)

Example 12 with SearchResult

use of javax.naming.directory.SearchResult in project hadoop by apache.

the class LdapGroupsMapping method lookupGroup.

/**
   * Perform the second query to get the groups of the user.
   *
   * If posixGroups is enabled, use use posix gid/uid to find.
   * Otherwise, use the general group member attribute to find it.
   *
   * @param result the result object returned from the prior user lookup.
   * @param c the context object of the LDAP connection.
   * @return a list of strings representing group names of the user.
   * @throws NamingException if unable to find group names
   */
private List<String> lookupGroup(SearchResult result, DirContext c, int goUpHierarchy) throws NamingException {
    List<String> groups = new ArrayList<String>();
    Set<String> groupDNs = new HashSet<String>();
    NamingEnumeration<SearchResult> groupResults = null;
    // perform the second LDAP query
    if (isPosix) {
        groupResults = lookupPosixGroup(result, c);
    } else {
        String userDn = result.getNameInNamespace();
        groupResults = c.search(baseDN, "(&" + groupSearchFilter + "(" + groupMemberAttr + "={0}))", new Object[] { userDn }, SEARCH_CONTROLS);
    }
    // returned. Get group names from the returned objects.
    if (groupResults != null) {
        while (groupResults.hasMoreElements()) {
            SearchResult groupResult = groupResults.nextElement();
            getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0);
        }
        if (goUpHierarchy > 0 && !isPosix) {
            // convert groups to a set to ensure uniqueness
            Set<String> groupset = new HashSet<String>(groups);
            goUpGroupHierarchy(groupDNs, goUpHierarchy, groupset);
            // convert set back to list for compatibility
            groups = new ArrayList<String>(groupset);
        }
    }
    return groups;
}
Also used : ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) HashSet(java.util.HashSet)

Example 13 with SearchResult

use of javax.naming.directory.SearchResult in project hadoop by apache.

the class LdapGroupsMapping method doGetGroups.

/**
   * Perform LDAP queries to get group names of a user.
   *
   * Perform the first LDAP query to get the user object using the user's name.
   * If one-query is enabled, retrieve the group names from the user object.
   * If one-query is disabled, or if it failed, perform the second query to
   * get the groups.
   *
   * @param user user name
   * @return a list of group names for the user. If the user can not be found,
   * return an empty string array.
   * @throws NamingException if unable to get group names
   */
List<String> doGetGroups(String user, int goUpHierarchy) throws NamingException {
    DirContext c = getDirContext();
    // Search for the user. We'll only ever need to look at the first result
    NamingEnumeration<SearchResult> results = c.search(baseDN, userSearchFilter, new Object[] { user }, SEARCH_CONTROLS);
    // return empty list if the user can not be found.
    if (!results.hasMoreElements()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("doGetGroups(" + user + ") returned no groups because the " + "user is not found.");
        }
        return new ArrayList<String>();
    }
    SearchResult result = results.nextElement();
    List<String> groups = null;
    if (useOneQuery) {
        try {
            /**
         * For Active Directory servers, the user object has an attribute
         * 'memberOf' that represents the DNs of group objects to which the
         * user belongs. So the second query may be skipped.
         */
            Attribute groupDNAttr = result.getAttributes().get(memberOfAttr);
            if (groupDNAttr == null) {
                throw new NamingException("The user object does not have '" + memberOfAttr + "' attribute." + "Returned user object: " + result.toString());
            }
            groups = new ArrayList<String>();
            NamingEnumeration groupEnumeration = groupDNAttr.getAll();
            while (groupEnumeration.hasMore()) {
                String groupDN = groupEnumeration.next().toString();
                groups.add(getRelativeDistinguishedName(groupDN));
            }
        } catch (NamingException e) {
            // If the first lookup failed, fall back to the typical scenario.
            LOG.info("Failed to get groups from the first lookup. Initiating " + "the second LDAP query using the user's DN.", e);
        }
    }
    if (groups == null || groups.isEmpty() || goUpHierarchy > 0) {
        groups = lookupGroup(result, c, goUpHierarchy);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("doGetGroups(" + user + ") returned " + groups);
    }
    return groups;
}
Also used : Attribute(javax.naming.directory.Attribute) ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) NamingException(javax.naming.NamingException) NamingEnumeration(javax.naming.NamingEnumeration) InitialDirContext(javax.naming.directory.InitialDirContext) DirContext(javax.naming.directory.DirContext)

Example 14 with SearchResult

use of javax.naming.directory.SearchResult in project neo4j by neo4j.

the class LdapRealmTest method shouldWarnAboutAmbiguousUserSearch.

@Test
public void shouldWarnAboutAmbiguousUserSearch() throws NamingException {
    when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
    LdapContext ldapContext = mock(LdapContext.class);
    NamingEnumeration result = mock(NamingEnumeration.class);
    SearchResult searchResult = mock(SearchResult.class);
    when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
    when(result.hasMoreElements()).thenReturn(true);
    when(result.next()).thenReturn(searchResult);
    when(searchResult.toString()).thenReturn("<ldap search result>");
    LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
    realm.findRoleNamesForUser("username", ldapContext);
    verify(securityLog).warn(contains("LDAP user search for user principal 'username' is ambiguous"));
}
Also used : NamingEnumeration(javax.naming.NamingEnumeration) SearchResult(javax.naming.directory.SearchResult) LdapContext(javax.naming.ldap.LdapContext) Test(org.junit.Test)

Example 15 with SearchResult

use of javax.naming.directory.SearchResult in project Activiti by Activiti.

the class LDAPUserManager method findUserByQueryCriteria.

@Override
public List<User> findUserByQueryCriteria(final UserQueryImpl query, final Page page) {
    if (query.getId() != null) {
        List<User> result = new ArrayList<User>();
        result.add(findUserById(query.getId()));
        return result;
    } else if (query.getFullNameLike() != null) {
        final String fullNameLike = query.getFullNameLike().replaceAll("%", "");
        LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
        return ldapTemplate.execute(new LDAPCallBack<List<User>>() {

            public List<User> executeInContext(InitialDirContext initialDirContext) {
                List<User> result = new ArrayList<User>();
                try {
                    String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullNameLike);
                    String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn();
                    NamingEnumeration<?> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
                    while (namingEnum.hasMore()) {
                        SearchResult searchResult = (SearchResult) namingEnum.next();
                        UserEntity user = new UserEntity();
                        mapSearchResultToUser(searchResult, user);
                        result.add(user);
                    }
                    namingEnum.close();
                } catch (NamingException ne) {
                    logger.debug("Could not execute LDAP query: " + ne.getMessage(), ne);
                    return null;
                }
                return result;
            }
        });
    } else {
        throw new ActivitiIllegalArgumentException("Query is currently not supported by LDAPUserManager.");
    }
}
Also used : User(org.activiti.engine.identity.User) ActivitiIllegalArgumentException(org.activiti.engine.ActivitiIllegalArgumentException) ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) NamingException(javax.naming.NamingException) InitialDirContext(javax.naming.directory.InitialDirContext) UserEntity(org.activiti.engine.impl.persistence.entity.UserEntity)

Aggregations

SearchResult (javax.naming.directory.SearchResult)248 SearchControls (javax.naming.directory.SearchControls)146 NamingException (javax.naming.NamingException)113 Attributes (javax.naming.directory.Attributes)96 Attribute (javax.naming.directory.Attribute)86 ArrayList (java.util.ArrayList)75 LdapContext (javax.naming.ldap.LdapContext)39 NamingEnumeration (javax.naming.NamingEnumeration)36 DirContext (javax.naming.directory.DirContext)35 Test (org.junit.Test)32 BasicAttributes (javax.naming.directory.BasicAttributes)30 HashSet (java.util.HashSet)28 InitialDirContext (javax.naming.directory.InitialDirContext)27 InitialLdapContext (javax.naming.ldap.InitialLdapContext)23 PagedResultsControl (javax.naming.ldap.PagedResultsControl)22 HashMap (java.util.HashMap)20 IOException (java.io.IOException)19 BasicAttribute (javax.naming.directory.BasicAttribute)19 Control (javax.naming.ldap.Control)16 PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)15