use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class OpenLdapUserManagerImpl method getUsersInGroup.
@Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
String attributeName = _ldapConfiguration.getGroupUniqueMemeberAttribute();
final SearchControls controls = new SearchControls();
controls.setSearchScope(_ldapConfiguration.getScope());
controls.setReturningAttributes(new String[] { attributeName });
NamingEnumeration<SearchResult> result = context.search(_ldapConfiguration.getBaseDn(), generateGroupSearchFilter(groupName), controls);
final List<LdapUser> users = new ArrayList<LdapUser>();
//Expecting only one result which has all the users
if (result.hasMoreElements()) {
Attribute attribute = result.nextElement().getAttributes().get(attributeName);
NamingEnumeration<?> values = attribute.getAll();
while (values.hasMoreElements()) {
String userdn = String.valueOf(values.nextElement());
try {
users.add(getUserForDn(userdn, context));
} catch (NamingException e) {
s_logger.info("Userdn: " + userdn + " Not Found:: Exception message: " + e.getMessage());
}
}
}
Collections.sort(users);
return users;
}
use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class OpenLdapUserManagerImpl method searchUser.
public LdapUser searchUser(final String basedn, final String searchString, final LdapContext context) throws NamingException, IOException {
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(_ldapConfiguration.getScope());
searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
NamingEnumeration<SearchResult> results = context.search(basedn, searchString, searchControls);
final List<LdapUser> users = new ArrayList<LdapUser>();
while (results.hasMoreElements()) {
final SearchResult result = results.nextElement();
users.add(createUser(result));
}
if (users.size() == 1) {
return users.get(0);
} else {
throw new NamingException("No user found for basedn " + basedn + " and searchString " + searchString);
}
}
use of javax.naming.directory.SearchResult in project cloudstack by apache.
the class ADLdapUserManagerImpl method getUsersInGroup.
@Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
if (StringUtils.isBlank(groupName)) {
throw new IllegalArgumentException("ldap group name cannot be blank");
}
String basedn = _ldapConfiguration.getBaseDn();
if (StringUtils.isBlank(basedn)) {
throw new IllegalArgumentException("ldap basedn is not configured");
}
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(_ldapConfiguration.getScope());
searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
NamingEnumeration<SearchResult> results = context.search(basedn, generateADGroupSearchFilter(groupName), searchControls);
final List<LdapUser> users = new ArrayList<LdapUser>();
while (results.hasMoreElements()) {
final SearchResult result = results.nextElement();
users.add(createUser(result));
}
return users;
}
use of javax.naming.directory.SearchResult in project presto by prestodb.
the class LdapFilter method checkForGroupMembership.
private void checkForGroupMembership(String user, DirContext context) throws AuthenticationException {
if (!groupAuthorizationSearchPattern.isPresent()) {
return;
}
String searchFilter = replaceUser(groupAuthorizationSearchPattern.get(), user);
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
boolean authorized;
NamingEnumeration<SearchResult> search = null;
try {
search = context.search(userBaseDistinguishedName.get(), searchFilter, searchControls);
authorized = search.hasMoreElements();
} catch (NamingException e) {
log.debug("Authentication failed", e.getMessage());
throw new AuthenticationException(INTERNAL_SERVER_ERROR, "Authentication failed", e);
} finally {
if (search != null) {
try {
search.close();
} catch (NamingException ignore) {
}
}
}
if (!authorized) {
String message = format("Unauthorized user: User %s not a member of the authorized group", user);
log.debug("Authorization failed for user. " + message);
throw new AuthenticationException(UNAUTHORIZED, message);
}
log.debug("Authorization succeeded for user %s", user);
}
use of javax.naming.directory.SearchResult in project spring-security by spring-projects.
the class ActiveDirectoryLdapAuthenticationProviderTests method bindPrincipalUsed.
// SEC-2897
@Test
public void bindPrincipalUsed() throws Exception {
// given
final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
DirContext ctx = mock(DirContext.class);
when(ctx.getNameInNamespace()).thenReturn("");
DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
when(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))).thenReturn(new MockNamingEnumeration(sr));
ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
customProvider.contextFactory = createContextFactoryReturning(ctx);
// when
Authentication result = customProvider.authenticate(joe);
// then
assertThat(captor.getValue()).containsOnly("joe@mydomain.eu");
assertThat(result.isAuthenticated()).isTrue();
}
Aggregations