use of javax.naming.directory.SearchResult in project camel by apache.
the class LdapRouteTest method testLdapRouteReturnedAttributes.
@Test
public void testLdapRouteReturnedAttributes() throws Exception {
// LDAP servers behave differently when it comes to what attributes are returned
// by default (Apache Directory server returns all attributes by default)
// Using the returnedAttributes parameter this behavior can be controlled
camel.addRoutes(createRouteBuilder("ldap:localhost:" + port + "?base=ou=system&returnedAttributes=uid,cn"));
camel.start();
Endpoint endpoint = camel.getEndpoint("direct:start");
Exchange exchange = endpoint.createExchange();
// then we set the LDAP filter on the in body
exchange.getIn().setBody("(uid=tcruise)");
// now we send the exchange to the endpoint, and receives the response from Camel
Exchange out = template.send(endpoint, exchange);
Collection<SearchResult> searchResults = defaultLdapModuleOutAssertions(out);
assertEquals(1, searchResults.size());
assertTrue(contains("uid=tcruise,ou=actors,ou=system", searchResults));
Attributes theOneResultAtts = searchResults.iterator().next().getAttributes();
assertEquals("tcruise", theOneResultAtts.get("uid").get());
assertEquals("Tom Cruise", theOneResultAtts.get("cn").get());
// make sure this att is NOT returned anymore
assertNull(theOneResultAtts.get("sn"));
}
use of javax.naming.directory.SearchResult in project hadoop by apache.
the class LdapGroupsMapping method lookupGroup.
/**
* Perform the second query to get the groups of the user.
*
* If posixGroups is enabled, use use posix gid/uid to find.
* Otherwise, use the general group member attribute to find it.
*
* @param result the result object returned from the prior user lookup.
* @param c the context object of the LDAP connection.
* @return a list of strings representing group names of the user.
* @throws NamingException if unable to find group names
*/
private List<String> lookupGroup(SearchResult result, DirContext c, int goUpHierarchy) throws NamingException {
List<String> groups = new ArrayList<String>();
Set<String> groupDNs = new HashSet<String>();
NamingEnumeration<SearchResult> groupResults = null;
// perform the second LDAP query
if (isPosix) {
groupResults = lookupPosixGroup(result, c);
} else {
String userDn = result.getNameInNamespace();
groupResults = c.search(baseDN, "(&" + groupSearchFilter + "(" + groupMemberAttr + "={0}))", new Object[] { userDn }, SEARCH_CONTROLS);
}
// returned. Get group names from the returned objects.
if (groupResults != null) {
while (groupResults.hasMoreElements()) {
SearchResult groupResult = groupResults.nextElement();
getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0);
}
if (goUpHierarchy > 0 && !isPosix) {
// convert groups to a set to ensure uniqueness
Set<String> groupset = new HashSet<String>(groups);
goUpGroupHierarchy(groupDNs, goUpHierarchy, groupset);
// convert set back to list for compatibility
groups = new ArrayList<String>(groupset);
}
}
return groups;
}
use of javax.naming.directory.SearchResult in project hadoop by apache.
the class LdapGroupsMapping method doGetGroups.
/**
* Perform LDAP queries to get group names of a user.
*
* Perform the first LDAP query to get the user object using the user's name.
* If one-query is enabled, retrieve the group names from the user object.
* If one-query is disabled, or if it failed, perform the second query to
* get the groups.
*
* @param user user name
* @return a list of group names for the user. If the user can not be found,
* return an empty string array.
* @throws NamingException if unable to get group names
*/
List<String> doGetGroups(String user, int goUpHierarchy) throws NamingException {
DirContext c = getDirContext();
// Search for the user. We'll only ever need to look at the first result
NamingEnumeration<SearchResult> results = c.search(baseDN, userSearchFilter, new Object[] { user }, SEARCH_CONTROLS);
// return empty list if the user can not be found.
if (!results.hasMoreElements()) {
if (LOG.isDebugEnabled()) {
LOG.debug("doGetGroups(" + user + ") returned no groups because the " + "user is not found.");
}
return new ArrayList<String>();
}
SearchResult result = results.nextElement();
List<String> groups = null;
if (useOneQuery) {
try {
/**
* For Active Directory servers, the user object has an attribute
* 'memberOf' that represents the DNs of group objects to which the
* user belongs. So the second query may be skipped.
*/
Attribute groupDNAttr = result.getAttributes().get(memberOfAttr);
if (groupDNAttr == null) {
throw new NamingException("The user object does not have '" + memberOfAttr + "' attribute." + "Returned user object: " + result.toString());
}
groups = new ArrayList<String>();
NamingEnumeration groupEnumeration = groupDNAttr.getAll();
while (groupEnumeration.hasMore()) {
String groupDN = groupEnumeration.next().toString();
groups.add(getRelativeDistinguishedName(groupDN));
}
} catch (NamingException e) {
// If the first lookup failed, fall back to the typical scenario.
LOG.info("Failed to get groups from the first lookup. Initiating " + "the second LDAP query using the user's DN.", e);
}
}
if (groups == null || groups.isEmpty() || goUpHierarchy > 0) {
groups = lookupGroup(result, c, goUpHierarchy);
}
if (LOG.isDebugEnabled()) {
LOG.debug("doGetGroups(" + user + ") returned " + groups);
}
return groups;
}
use of javax.naming.directory.SearchResult in project neo4j by neo4j.
the class LdapRealmTest method shouldWarnAboutAmbiguousUserSearch.
@Test
public void shouldWarnAboutAmbiguousUserSearch() throws NamingException {
when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
LdapContext ldapContext = mock(LdapContext.class);
NamingEnumeration result = mock(NamingEnumeration.class);
SearchResult searchResult = mock(SearchResult.class);
when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
when(result.hasMoreElements()).thenReturn(true);
when(result.next()).thenReturn(searchResult);
when(searchResult.toString()).thenReturn("<ldap search result>");
LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
realm.findRoleNamesForUser("username", ldapContext);
verify(securityLog).warn(contains("LDAP user search for user principal 'username' is ambiguous"));
}
use of javax.naming.directory.SearchResult in project Activiti by Activiti.
the class LDAPUserManager method findUserByQueryCriteria.
@Override
public List<User> findUserByQueryCriteria(final UserQueryImpl query, final Page page) {
if (query.getId() != null) {
List<User> result = new ArrayList<User>();
result.add(findUserById(query.getId()));
return result;
} else if (query.getFullNameLike() != null) {
final String fullNameLike = query.getFullNameLike().replaceAll("%", "");
LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator);
return ldapTemplate.execute(new LDAPCallBack<List<User>>() {
public List<User> executeInContext(InitialDirContext initialDirContext) {
List<User> result = new ArrayList<User>();
try {
String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullNameLike);
String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn();
NamingEnumeration<?> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
while (namingEnum.hasMore()) {
SearchResult searchResult = (SearchResult) namingEnum.next();
UserEntity user = new UserEntity();
mapSearchResultToUser(searchResult, user);
result.add(user);
}
namingEnum.close();
} catch (NamingException ne) {
logger.debug("Could not execute LDAP query: " + ne.getMessage(), ne);
return null;
}
return result;
}
});
} else {
throw new ActivitiIllegalArgumentException("Query is currently not supported by LDAPUserManager.");
}
}
Aggregations