Example 41 with LdapName
use of javax.naming.ldap.LdapName in project Openfire by igniterealtime.
the class LdapGroupProvider method processGroup.
private Group processGroup(LdapContext ctx, Attributes a) throws NamingException {
XMPPServer server = XMPPServer.getInstance();
String serverName = server.getServerInfo().getXMPPDomain();
// Build `3 groups.
// group 1: uid=
// group 2: rest of the text until first comma
// group 3: rest of the text
Pattern pattern = Pattern.compile("(?i)(^" + manager.getUsernameField() + "=)([^,]+)(.+)");
// We have to process Active Directory differently.
boolean isAD = manager.getUsernameField().equals("sAMAccountName");
String[] returningAttributes = isAD ? new String[] { "distinguishedName", manager.getUsernameField() } : new String[] { manager.getUsernameField() };
SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(returningAttributes);
// See if recursive searching is enabled. Otherwise, only search one level.
if (manager.isSubTreeSearch()) {
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
} else {
searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
}
String name;
String description;
try {
name = ((String) ((a.get(manager.getGroupNameField())).get()));
} catch (Exception e) {
name = "";
}
try {
description = ((String) ((a.get(manager.getGroupDescriptionField())).get()));
} catch (Exception e) {
description = "";
}
Set<JID> members = new TreeSet<>();
Attribute memberField = a.get(manager.getGroupMemberField());
if (memberField != null) {
NamingEnumeration ne = memberField.getAll();
while (ne.hasMore()) {
String username = (String) ne.next();
// If not posix mode, each group member is stored as a full DN.
if (!manager.isPosixMode()) {
try {
// Try to find the username with a regex pattern match.
Matcher matcher = pattern.matcher(username);
if (matcher.matches() && matcher.groupCount() == 3) {
// The username is in the DN, no additional search needed
username = matcher.group(2);
} else // The regex pattern match failed. This will happen if the
// the member DN's don't use the standard username field. For
// example, Active Directory has a username field of
// sAMAccountName, but stores group members as "CN=...".
{
// Create an LDAP name with the full DN.
LdapName ldapName = new LdapName(username);
// Turn the LDAP name into something we can use in a
// search by stripping off the comma.
StringBuilder userFilter = new StringBuilder();
userFilter.append("(&(");
userFilter.append(ldapName.get(ldapName.size() - 1));
userFilter.append(')');
userFilter.append(MessageFormat.format(manager.getSearchFilter(), "*"));
userFilter.append(')');
NamingEnumeration usrAnswer = ctx.search("", userFilter.toString(), searchControls);
if (usrAnswer != null && usrAnswer.hasMoreElements()) {
SearchResult searchResult = null;
// Iterate through the entire set to find a matching distinguished name.
while (usrAnswer.hasMoreElements()) {
searchResult = (SearchResult) usrAnswer.nextElement();
Attributes attrs = searchResult.getAttributes();
if (isAD) {
Attribute userdnAttr = attrs.get("distinguishedName");
if (username.equals((String) userdnAttr.get())) {
// Exact match found, use it.
username = (String) attrs.get(manager.getUsernameField()).get();
break;
}
} else {
// No iteration occurs here, which is probably a bug.
username = (String) attrs.get(manager.getUsernameField()).get();
break;
}
}
}
// Close the enumeration.
usrAnswer.close();
}
} catch (Exception e) {
// TODO: A NPE is occuring here
Log.error(e.getMessage(), e);
}
}
// it passes the filter.
try {
JID userJID;
int position = username.indexOf("@" + serverName);
// Create JID of local user if JID does not match a component's JID
if (position == -1) {
// In order to lookup a username from the manager, the username
// must be a properly escaped JID node.
String escapedUsername = JID.escapeNode(username);
if (!escapedUsername.equals(username)) {
// Check if escaped username is valid
userManager.getUser(escapedUsername);
}
// No exception, so the user must exist. Add the user as a group
// member using the escaped username.
userJID = server.createJID(escapedUsername, null);
} else {
// This is a JID of a component or node of a server's component
String node = username.substring(0, position);
String escapedUsername = JID.escapeNode(node);
userJID = new JID(escapedUsername + "@" + serverName);
}
members.add(userJID);
} catch (UserNotFoundException e) {
// So, we want to simply ignore the user as a group member.
if (manager.isDebugEnabled()) {
Log.debug("LdapGroupProvider: User not found: " + username);
}
}
}
// Close the enumeration.
ne.close();
}
if (manager.isDebugEnabled()) {
Log.debug("LdapGroupProvider: Adding group \"" + name + "\" with " + members.size() + " members.");
}
Collection<JID> admins = Collections.emptyList();
return new Group(name, description, members, admins);
}
Also used :
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
Pattern(java.util.regex.Pattern)
Group(org.jivesoftware.openfire.group.Group)
JID(org.xmpp.packet.JID)
Attribute(javax.naming.directory.Attribute)
Matcher(java.util.regex.Matcher)
Attributes(javax.naming.directory.Attributes)
NamingEnumeration(javax.naming.NamingEnumeration)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
GroupNotFoundException(org.jivesoftware.openfire.group.GroupNotFoundException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
LdapName(javax.naming.ldap.LdapName)
XMPPServer(org.jivesoftware.openfire.XMPPServer)
TreeSet(java.util.TreeSet)
SearchControls(javax.naming.directory.SearchControls)
Example 42 with LdapName
use of javax.naming.ldap.LdapName in project midpoint by Evolveum.
the class TestExchangeConnectorLow method distributionGroupOU.
// =============== DistributionGroup ===============
private String distributionGroupOU() throws InvalidNameException {
LdapName container = new LdapName(getContainer());
List<String> ous = new ArrayList<>();
List<String> dcs = new ArrayList<>();
String retval = "";
for (Rdn rdn : container.getRdns()) {
if (rdn.getType().equalsIgnoreCase("OU")) {
ous.add(rdn.getValue().toString());
} else if (rdn.getType().equalsIgnoreCase("DC")) {
dcs.add(rdn.getValue().toString());
}
}
for (int i = dcs.size() - 1; i >= 0; i--) {
if (!retval.isEmpty()) {
retval += ".";
}
retval += dcs.get(i);
}
for (int i = 0; i < ous.size(); i++) {
retval += "/" + ous.get(i);
}
return retval;
}Example 43 with LdapName
use of javax.naming.ldap.LdapName in project OpenAM by OpenRock.
the class CertUtils method getAttributeValue.
/**
* Retrieves a given attribute value from the provided {@link X500Principal} even if the attribute was enclosed in
* a multi-valued RDN.
*
* @param principal The principal to retrieve the value from.
* @param attributeName The non-null name of the attribute to retrieve.
* @return The attribute value from the principal.
*/
public static String getAttributeValue(X500Principal principal, String attributeName) {
try {
LdapName ldapName = new LdapName(principal.getName(X500Principal.RFC2253, OID_MAP));
for (Rdn rdn : ldapName.getRdns()) {
Attributes attrs = rdn.toAttributes();
NamingEnumeration<? extends Attribute> values = attrs.getAll();
while (values.hasMoreElements()) {
Attribute attr = values.next();
if (attributeName.equalsIgnoreCase(attr.getID())) {
return attr.get() == null ? null : attr.get().toString();
}
}
}
} catch (NamingException ne) {
DEBUG.warning("A naming error occurred while trying to retrieve " + attributeName + " from principal: " + principal, ne);
}
return null;
}
Also used :
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
NamingException(javax.naming.NamingException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 44 with LdapName
use of javax.naming.ldap.LdapName in project gerrit by GerritCodeReview.
the class LdapGroupBackend method cnFor.
private static String cnFor(String dn) {
try {
LdapName name = new LdapName(dn);
if (!name.isEmpty()) {
String cn = name.get(name.size() - 1);
int index = cn.indexOf('=');
if (index >= 0) {
cn = cn.substring(index + 1);
}
return cn;
}
} catch (InvalidNameException e) {
log.warn("Cannot parse LDAP dn for cn", e);
}
return dn;
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
ParameterizedString(com.google.gerrit.common.data.ParameterizedString)
LdapName(javax.naming.ldap.LdapName)
Example 45 with LdapName
use of javax.naming.ldap.LdapName in project midpoint by Evolveum.
the class TestExpressionFunctions method testComposeDn.
@Test
public void testComposeDn() throws Exception {
final String TEST_NAME = "testComposeDn";
TestUtil.displayTestTile(TEST_NAME);
BasicExpressionFunctions basic = createBasicFunctions();
assertEquals("cn=foo,o=bar", basic.composeDn("cn", "foo", "o", "bar"));
assertEquals("cn=foo,o=bar", basic.composeDn("cn", PrismTestUtil.createPolyString("foo"), "o", "bar"));
assertEquals("cn=foo,o=bar", basic.composeDn("cn", PrismTestUtil.createPolyStringType("foo"), "o", "bar"));
assertEquals("cn=foo,o=bar", basic.composeDn("cn", "foo", new Rdn("o", "bar")));
assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn", "foo"), "ou", "baz", new Rdn("o", "bar")));
assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn", "foo"), "ou", "baz", "o", "bar"));
assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn", "foo"), new LdapName("ou=baz,o=bar")));
assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn("cn", "foo", new LdapName("ou=baz,o=bar")));
assertEquals("cn=foo\\,foo,ou=baz,o=bar", basic.composeDn("cn", "foo,foo", new LdapName("ou=baz,o=bar")));
assertEquals("cn=foo\\=foo,ou=baz,o=bar", basic.composeDn("cn", "foo=foo", new LdapName("ou=baz,o=bar")));
assertEquals(null, basic.composeDn(null));
assertEquals(null, basic.composeDn());
assertEquals(null, basic.composeDn(""));
assertEquals(null, basic.composeDn(" "));
}
Also used :
BasicExpressionFunctions(com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Test(org.testng.annotations.Test)
Aggregations
LdapName (javax.naming.ldap.LdapName)86
Rdn (javax.naming.ldap.Rdn)43
InvalidNameException (javax.naming.InvalidNameException)27
Attribute (javax.naming.directory.Attribute)18
NamingException (javax.naming.NamingException)16
Attributes (javax.naming.directory.Attributes)12
SearchResult (javax.naming.directory.SearchResult)10
Test (org.junit.Test)10
IOException (java.io.IOException)6
X509Certificate (java.security.cert.X509Certificate)6
ArrayList (java.util.ArrayList)6
HashMap (java.util.HashMap)6
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5
Test (org.junit.jupiter.api.Test)5
HashSet (java.util.HashSet)4
List (java.util.List)4
NoSuchElementException (java.util.NoSuchElementException)4
TreeSet (java.util.TreeSet)4
SearchControls (javax.naming.directory.SearchControls)4
SSLException (javax.net.ssl.SSLException)4
