Search in sources :

Example 31 with SearchResult

use of javax.naming.directory.SearchResult in project ranger by apache.

the class LdapDeltaUserGroupBuilder method goUpGroupHierarchyLdap.

private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels) throws Throwable {
    if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
        return;
    }
    Set<String> nextLevelGroups = new HashSet<String>();
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
        if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
            String customFilter = groupSearchFilter.trim();
            if (!customFilter.startsWith("(")) {
                customFilter = "(" + customFilter + ")";
            }
            groupFilter += customFilter + "(|";
        }
        StringBuilder filter = new StringBuilder();
        for (String groupDN : groupDNs) {
            filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
        }
        filter.append("))");
        groupFilter += filter;
        LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
        for (int ou = 0; ou < groupSearchBase.length; ou++) {
            byte[] cookie = null;
            int counter = 0;
            try {
                do {
                    groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], groupFilter, groupSearchControls);
                    while (groupSearchResultEnum.hasMore()) {
                        final SearchResult groupEntry = groupSearchResultEnum.next();
                        if (groupEntry == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("groupEntry null, skipping sync for the entry");
                            }
                            continue;
                        }
                        counter++;
                        Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
                        if (groupNameAttr == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        nextLevelGroups.add(groupEntry.getNameInNamespace());
                        String gName = (String) groupNameAttr.get();
                        Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
                        int userCount = 0;
                        if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
                            LOG.info("No members available for " + gName);
                            continue;
                        }
                        NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
                        while (userEnum.hasMore()) {
                            String originalUserFullName = (String) userEnum.next();
                            if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
                                continue;
                            }
                            userCount++;
                            originalUserFullName = originalUserFullName.toLowerCase();
                            if (userNameMap.get(originalUserFullName) != null) {
                                groupUserTable.put(gName, originalUserFullName, userNameMap.get(originalUserFullName));
                            } else {
                                groupUserTable.put(gName, originalUserFullName, originalUserFullName);
                            }
                            groupNameMap.put(groupEntry.getNameInNamespace().toLowerCase(), gName);
                        }
                        LOG.info("No. of members in the group " + gName + " = " + userCount);
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (int i = 0; i < controls.length; i++) {
                            if (controls[i] instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
            } catch (RuntimeException re) {
                LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
                throw re;
            } catch (Exception t) {
                LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
                LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
            }
        }
    } catch (RuntimeException re) {
        LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
        throw re;
    } finally {
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
    goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1);
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchResult(javax.naming.directory.SearchResult) InvalidNameException(javax.naming.InvalidNameException) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) HashSet(java.util.HashSet) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 32 with SearchResult

use of javax.naming.directory.SearchResult in project ranger by apache.

the class UserInfo method getGroups.

private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable {
    // LOG.debug("getGroups(): for user " + userInfo.getUserName());
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        for (String ou : groupSearchBase) {
            byte[] cookie = null;
            int counter = 0;
            try {
                int paged = 0;
                do {
                    if (!groupSearchFirstEnabled) {
                        if (userInfo == null) {
                            // Should never reach this.
                            LOG.error("No user information provided for group search!");
                            return;
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
                        }
                        groupSearchResultEnum = ldapContext.search(ou, extendedGroupSearchFilter, new Object[] { userInfo.getUserFullName(), userInfo.getUserName() }, groupSearchControls);
                    } else {
                        // If group based search is enabled, then first retrieve all the groups based on the group configuration.
                        groupSearchResultEnum = ldapContext.search(ou, extendedAllGroupsSearchFilter, groupSearchControls);
                    }
                    while (groupSearchResultEnum.hasMore()) {
                        final SearchResult groupEntry = groupSearchResultEnum.next();
                        if (groupEntry != null) {
                            counter++;
                            Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
                            // System.out.println("getGroups(): Going through all groups");
                            if (groupNameAttr == null) {
                                if (LOG.isInfoEnabled()) {
                                    LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
                                }
                                continue;
                            }
                            String groupDN = groupEntry.getNameInNamespace();
                            // System.out.println("getGroups(): groupDN = " + groupDN);
                            String gName = (String) groupNameAttr.get();
                            if (groupNameCaseConversionFlag) {
                                if (groupNameLowerCaseFlag) {
                                    gName = gName.toLowerCase();
                                } else {
                                    gName = gName.toUpperCase();
                                }
                            }
                            if (groupNameRegExInst != null) {
                                gName = groupNameRegExInst.transform(gName);
                            }
                            if (!groupSearchFirstEnabled) {
                                // computedGroups.add(gName);
                                if (LOG.isInfoEnabled()) {
                                    LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + gName);
                                }
                                userInfo.addGroupDN(groupDN);
                                userInfo.addGroup(gName);
                            } else {
                                // If group based search is enabled, then
                                // update the group name to ranger admin
                                // check for group members and populate userInfo object with user's full name and group mapping
                                Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
                                LOG.debug("Update Ranger admin with " + gName);
                                sink.addOrUpdateGroup(gName);
                                int userCount = 0;
                                if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
                                    LOG.info("No members available for " + gName);
                                    continue;
                                }
                                NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
                                while (userEnum.hasMore()) {
                                    String originalUserFullName = (String) userEnum.next();
                                    if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
                                        continue;
                                    }
                                    String userFullName = originalUserFullName.toLowerCase();
                                    userCount++;
                                    if (!userGroupMap.containsKey(userFullName)) {
                                        // Preserving the original full name for later
                                        userInfo = new UserInfo(userFullName, originalUserFullName);
                                        userGroupMap.put(userFullName, userInfo);
                                    } else {
                                        userInfo = userGroupMap.get(userFullName);
                                    }
                                    LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
                                    userInfo.addGroup(gName);
                                    userInfo.addGroupDN(groupDN);
                                }
                                LOG.info("No. of members in the group " + gName + " = " + userCount);
                            }
                        }
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (Control control : controls) {
                            if (control instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        LOG.debug(String.format("Fetched paged results round: %s", ++paged));
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + counter);
            } catch (Throwable t) {
                LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
                LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + counter);
            }
        }
    } finally {
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchResult(javax.naming.directory.SearchResult) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 33 with SearchResult

use of javax.naming.directory.SearchResult in project uavstack by uavorg.

the class GUISSOLdapClient method getUserByLoginImpl.

// ======================================ldap api end========================================
// ======================================get user begin========================================
@Override
protected Map<String, String> getUserByLoginImpl(String loginId, String password) {
    String suffix = ldapConfig.get("suffix");
    if (loginId.indexOf(suffix) == -1) {
        loginId += suffix;
    }
    boolean login = ldapApiCheck(loginId, password);
    String primaryKey = ldapConfig.get("primaryKey");
    if (!login) {
        return Collections.emptyMap();
    }
    String action = "login";
    String filter = primaryKey + "=" + loginId;
    List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
    // filter userPrincipalName= 只能查询到一个结果
    SearchResult sResult = sResultList.get(0);
    String groupIdStr = formatGroupId(sResult);
    String emailListStr = formatEmailList(sResult);
    Map<String, String> result = new HashMap<String, String>();
    result.put("loginId", loginId);
    result.put("groupId", groupIdStr);
    result.put("emailList", emailListStr);
    return result;
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SearchResult(javax.naming.directory.SearchResult)

Example 34 with SearchResult

use of javax.naming.directory.SearchResult in project uavstack by uavorg.

the class GUISSOLdapClient method getUserByQuery.

@Override
public List<Map<String, String>> getUserByQuery(String email) {
    if (StringHelper.isEmpty(email)) {
        return Collections.emptyList();
    }
    String suffix = ldapConfig.get("suffix");
    String userCNField = "cn";
    String userQueryField = ldapConfig.get("userQueryField");
    String email1 = email + suffix;
    String filter = "(|(" + userCNField + "=" + email + ")(" + userQueryField + "=" + email + ")(" + userQueryField + "=" + email1 + "))";
    String action = "query";
    /**
     * 查询ldap 获取list信息
     */
    List<Map<String, String>> result = new ArrayList<Map<String, String>>();
    List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
    if (sResultList.isEmpty()) {
        Map<String, String> msg = new HashMap<String, String>();
        msg.put("msg", "email query,result is empty.");
        result.add(msg);
        return result;
    }
    for (SearchResult sResult : sResultList) {
        /**
         * 遍历格式化用户信息
         */
        Map<String, String> emailInfoMap = formatEmailInfo(sResult, userQueryField);
        String groupIdStr = formatGroupId(sResult);
        String emailListStr = formatEmailList(sResult);
        Map<String, String> info = new HashMap<String, String>();
        info.put("email", emailInfoMap.get("email"));
        info.put("name", emailInfoMap.get("name"));
        info.put("groupId", groupIdStr);
        info.put("emailList", emailListStr);
        result.add(info);
    }
    return result;
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 35 with SearchResult

use of javax.naming.directory.SearchResult in project uavstack by uavorg.

the class GUISSOLdapClient method getEmailListByQuery.

// ======================================get user end========================================
// ======================================get eamil begin========================================
@Override
public Map<String, Object> getEmailListByQuery(String email) {
    Map<String, Object> result = new LinkedHashMap<String, Object>();
    String action = "query";
    String filter = "";
    String suffix = ldapConfig.get("suffix");
    try {
        String groupCNField = "cn";
        String groupQueryField = ldapConfig.get("groupQueryField");
        String email1 = email + suffix;
        filter = "(|(" + groupCNField + "=" + email + ")(" + groupQueryField + "=" + email + ")(" + groupQueryField + "=" + email1 + "))";
        List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
        // filter 只能查询到一个结果
        SearchResult sResult = sResultList.get(0);
        if (null == sResult) {
            result.put("msg", "emailList query,result is empty.");
            return result;
        }
        Map<String, String> emailInfoMap = formatEmailInfo(sResult, groupQueryField);
        List<String> userEnNameList = formatUserEnName(sResult);
        /**
         * 获取用户信息,排除不是当前查询邮箱组的用户
         */
        String emailEnName = emailInfoMap.get("name");
        List<Map<String, String>> userInfoList = filterUserByQuery(userEnNameList, emailEnName);
        result.putAll(emailInfoMap);
        if (!userInfoList.isEmpty()) {
            result.put("groupIdFiltered", formatGroupDuplicateRemoval(userInfoList));
            result.put("emailList_Filtered", formatEmailDuplicateRemoval(userInfoList));
            result.put("userInfo", userInfoList);
        }
    } catch (Exception e) {
        clearLdapContext(action);
        logger.err(this, e.getMessage(), e);
    }
    return result;
}
Also used : SearchResult(javax.naming.directory.SearchResult) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) ApphubException(com.creditease.uav.exception.ApphubException) NamingException(javax.naming.NamingException) AuthenticationException(javax.naming.AuthenticationException) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

SearchResult (javax.naming.directory.SearchResult)248 SearchControls (javax.naming.directory.SearchControls)146 NamingException (javax.naming.NamingException)113 Attributes (javax.naming.directory.Attributes)96 Attribute (javax.naming.directory.Attribute)86 ArrayList (java.util.ArrayList)75 LdapContext (javax.naming.ldap.LdapContext)39 NamingEnumeration (javax.naming.NamingEnumeration)36 DirContext (javax.naming.directory.DirContext)35 Test (org.junit.Test)32 BasicAttributes (javax.naming.directory.BasicAttributes)30 HashSet (java.util.HashSet)28 InitialDirContext (javax.naming.directory.InitialDirContext)27 InitialLdapContext (javax.naming.ldap.InitialLdapContext)23 PagedResultsControl (javax.naming.ldap.PagedResultsControl)22 HashMap (java.util.HashMap)20 IOException (java.io.IOException)19 BasicAttribute (javax.naming.directory.BasicAttribute)19 Control (javax.naming.ldap.Control)16 PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)15