use of javax.naming.directory.SearchResult in project ranger by apache.
the class LdapDeltaUserGroupBuilder method goUpGroupHierarchyLdap.
private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels) throws Throwable {
if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
return;
}
Set<String> nextLevelGroups = new HashSet<String>();
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
groupFilter += customFilter + "(|";
}
StringBuilder filter = new StringBuilder();
for (String groupDN : groupDNs) {
filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
}
filter.append("))");
groupFilter += filter;
LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
for (int ou = 0; ou < groupSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
do {
groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], groupFilter, groupSearchControls);
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
if (LOG.isInfoEnabled()) {
LOG.info("groupEntry null, skipping sync for the entry");
}
continue;
}
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
nextLevelGroups.add(groupEntry.getNameInNamespace());
String gName = (String) groupNameAttr.get();
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
userCount++;
originalUserFullName = originalUserFullName.toLowerCase();
if (userNameMap.get(originalUserFullName) != null) {
groupUserTable.put(gName, originalUserFullName, userNameMap.get(originalUserFullName));
} else {
groupUserTable.put(gName, originalUserFullName, originalUserFullName);
}
groupNameMap.put(groupEntry.getNameInNamespace().toLowerCase(), gName);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
} catch (RuntimeException re) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
throw re;
} catch (Exception t) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
LOG.info("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
}
}
} catch (RuntimeException re) {
LOG.error("LdapDeltaUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
throw re;
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1);
}
use of javax.naming.directory.SearchResult in project ranger by apache.
the class UserInfo method getGroups.
private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable {
// LOG.debug("getGroups(): for user " + userInfo.getUserName());
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
for (String ou : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
if (!groupSearchFirstEnabled) {
if (userInfo == null) {
// Should never reach this.
LOG.error("No user information provided for group search!");
return;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
}
groupSearchResultEnum = ldapContext.search(ou, extendedGroupSearchFilter, new Object[] { userInfo.getUserFullName(), userInfo.getUserName() }, groupSearchControls);
} else {
// If group based search is enabled, then first retrieve all the groups based on the group configuration.
groupSearchResultEnum = ldapContext.search(ou, extendedAllGroupsSearchFilter, groupSearchControls);
}
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry != null) {
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
// System.out.println("getGroups(): Going through all groups");
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String groupDN = groupEntry.getNameInNamespace();
// System.out.println("getGroups(): groupDN = " + groupDN);
String gName = (String) groupNameAttr.get();
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
} else {
gName = gName.toUpperCase();
}
}
if (groupNameRegExInst != null) {
gName = groupNameRegExInst.transform(gName);
}
if (!groupSearchFirstEnabled) {
// computedGroups.add(gName);
if (LOG.isInfoEnabled()) {
LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + gName);
}
userInfo.addGroupDN(groupDN);
userInfo.addGroup(gName);
} else {
// If group based search is enabled, then
// update the group name to ranger admin
// check for group members and populate userInfo object with user's full name and group mapping
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
LOG.debug("Update Ranger admin with " + gName);
sink.addOrUpdateGroup(gName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
String userFullName = originalUserFullName.toLowerCase();
userCount++;
if (!userGroupMap.containsKey(userFullName)) {
// Preserving the original full name for later
userInfo = new UserInfo(userFullName, originalUserFullName);
userGroupMap.put(userFullName, userInfo);
} else {
userInfo = userGroupMap.get(userFullName);
}
LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
userInfo.addGroup(gName);
userInfo.addGroupDN(groupDN);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + counter);
} catch (Throwable t) {
LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + counter);
}
}
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
}
use of javax.naming.directory.SearchResult in project uavstack by uavorg.
the class GUISSOLdapClient method getUserByLoginImpl.
// ======================================ldap api end========================================
// ======================================get user begin========================================
@Override
protected Map<String, String> getUserByLoginImpl(String loginId, String password) {
String suffix = ldapConfig.get("suffix");
if (loginId.indexOf(suffix) == -1) {
loginId += suffix;
}
boolean login = ldapApiCheck(loginId, password);
String primaryKey = ldapConfig.get("primaryKey");
if (!login) {
return Collections.emptyMap();
}
String action = "login";
String filter = primaryKey + "=" + loginId;
List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
// filter userPrincipalName= 只能查询到一个结果
SearchResult sResult = sResultList.get(0);
String groupIdStr = formatGroupId(sResult);
String emailListStr = formatEmailList(sResult);
Map<String, String> result = new HashMap<String, String>();
result.put("loginId", loginId);
result.put("groupId", groupIdStr);
result.put("emailList", emailListStr);
return result;
}
use of javax.naming.directory.SearchResult in project uavstack by uavorg.
the class GUISSOLdapClient method getUserByQuery.
@Override
public List<Map<String, String>> getUserByQuery(String email) {
if (StringHelper.isEmpty(email)) {
return Collections.emptyList();
}
String suffix = ldapConfig.get("suffix");
String userCNField = "cn";
String userQueryField = ldapConfig.get("userQueryField");
String email1 = email + suffix;
String filter = "(|(" + userCNField + "=" + email + ")(" + userQueryField + "=" + email + ")(" + userQueryField + "=" + email1 + "))";
String action = "query";
/**
* 查询ldap 获取list信息
*/
List<Map<String, String>> result = new ArrayList<Map<String, String>>();
List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
if (sResultList.isEmpty()) {
Map<String, String> msg = new HashMap<String, String>();
msg.put("msg", "email query,result is empty.");
result.add(msg);
return result;
}
for (SearchResult sResult : sResultList) {
/**
* 遍历格式化用户信息
*/
Map<String, String> emailInfoMap = formatEmailInfo(sResult, userQueryField);
String groupIdStr = formatGroupId(sResult);
String emailListStr = formatEmailList(sResult);
Map<String, String> info = new HashMap<String, String>();
info.put("email", emailInfoMap.get("email"));
info.put("name", emailInfoMap.get("name"));
info.put("groupId", groupIdStr);
info.put("emailList", emailListStr);
result.add(info);
}
return result;
}
use of javax.naming.directory.SearchResult in project uavstack by uavorg.
the class GUISSOLdapClient method getEmailListByQuery.
// ======================================get user end========================================
// ======================================get eamil begin========================================
@Override
public Map<String, Object> getEmailListByQuery(String email) {
Map<String, Object> result = new LinkedHashMap<String, Object>();
String action = "query";
String filter = "";
String suffix = ldapConfig.get("suffix");
try {
String groupCNField = "cn";
String groupQueryField = ldapConfig.get("groupQueryField");
String email1 = email + suffix;
filter = "(|(" + groupCNField + "=" + email + ")(" + groupQueryField + "=" + email + ")(" + groupQueryField + "=" + email1 + "))";
List<SearchResult> sResultList = ldapApiQuery(action, "", filter);
// filter 只能查询到一个结果
SearchResult sResult = sResultList.get(0);
if (null == sResult) {
result.put("msg", "emailList query,result is empty.");
return result;
}
Map<String, String> emailInfoMap = formatEmailInfo(sResult, groupQueryField);
List<String> userEnNameList = formatUserEnName(sResult);
/**
* 获取用户信息,排除不是当前查询邮箱组的用户
*/
String emailEnName = emailInfoMap.get("name");
List<Map<String, String>> userInfoList = filterUserByQuery(userEnNameList, emailEnName);
result.putAll(emailInfoMap);
if (!userInfoList.isEmpty()) {
result.put("groupIdFiltered", formatGroupDuplicateRemoval(userInfoList));
result.put("emailList_Filtered", formatEmailDuplicateRemoval(userInfoList));
result.put("userInfo", userInfoList);
}
} catch (Exception e) {
clearLdapContext(action);
logger.err(this, e.getMessage(), e);
}
return result;
}
Aggregations