Example 6 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class UserInfo method getGroups.
private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable {
// LOG.debug("getGroups(): for user " + userInfo.getUserName());
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
for (String ou : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
if (!groupSearchFirstEnabled) {
if (userInfo == null) {
// Should never reach this.
LOG.error("No user information provided for group search!");
return;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
}
groupSearchResultEnum = ldapContext.search(ou, extendedGroupSearchFilter, new Object[] { userInfo.getUserFullName(), userInfo.getUserName() }, groupSearchControls);
} else {
// If group based search is enabled, then first retrieve all the groups based on the group configuration.
groupSearchResultEnum = ldapContext.search(ou, extendedAllGroupsSearchFilter, groupSearchControls);
}
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry != null) {
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
// System.out.println("getGroups(): Going through all groups");
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String groupDN = groupEntry.getNameInNamespace();
// System.out.println("getGroups(): groupDN = " + groupDN);
String gName = (String) groupNameAttr.get();
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
} else {
gName = gName.toUpperCase();
}
}
if (groupNameRegExInst != null) {
gName = groupNameRegExInst.transform(gName);
}
if (!groupSearchFirstEnabled) {
// computedGroups.add(gName);
if (LOG.isInfoEnabled()) {
LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + gName);
}
userInfo.addGroupDN(groupDN);
userInfo.addGroup(gName);
} else {
// If group based search is enabled, then
// update the group name to ranger admin
// check for group members and populate userInfo object with user's full name and group mapping
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
LOG.debug("Update Ranger admin with " + gName);
sink.addOrUpdateGroup(gName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
String userFullName = originalUserFullName.toLowerCase();
userCount++;
if (!userGroupMap.containsKey(userFullName)) {
// Preserving the original full name for later
userInfo = new UserInfo(userFullName, originalUserFullName);
userGroupMap.put(userFullName, userInfo);
} else {
userInfo = userGroupMap.get(userFullName);
}
LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
userInfo.addGroup(gName);
userInfo.addGroupDN(groupDN);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + counter);
} catch (Throwable t) {
LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + counter);
}
}
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
}
Also used :
Attribute(javax.naming.directory.Attribute)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchResult(javax.naming.directory.SearchResult)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 7 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project OpenOLAT by OpenOLAT.
the class LDAPDAO method getCookie.
private byte[] getCookie(LdapContext ctx) throws NamingException, IOException {
byte[] cookie = null;
// Examine the paged results control response
Control[] controls = ctx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
cookie = prrc.getCookie();
}
}
}
// Re-activate paged results
ctx.setRequestControls(new Control[] { new PagedResultsControl(PAGE_SIZE, cookie, Control.NONCRITICAL) });
return cookie;
}
Also used :
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 8 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project openolat by klemens.
the class LDAPDAO method getCookie.
private byte[] getCookie(LdapContext ctx) throws NamingException, IOException {
byte[] cookie = null;
// Examine the paged results control response
Control[] controls = ctx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
cookie = prrc.getCookie();
}
}
}
// Re-activate paged results
ctx.setRequestControls(new Control[] { new PagedResultsControl(PAGE_SIZE, cookie, Control.NONCRITICAL) });
return cookie;
}
Also used :
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 9 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project pentaho-kettle by pentaho.
the class LDAPConnection method getAttributes.
public Attributes getAttributes() throws KettleException {
byte[] cookie = null;
while (!getSearchResult().hasMoreElements()) {
if (isPagingUsed()) {
// and pass back cookie to next page
try {
// examine response controls
Control[] rc = getInitialContext().getResponseControls();
if (rc != null) {
for (int i = 0; i < rc.length; i++) {
if (rc[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prc = (PagedResultsResponseControl) rc[i];
cookie = prc.getCookie();
}
}
}
// pass the cookie back for the next page
if (isSortingAttributes()) {
getInitialContext().setRequestControls(new Control[] { new SortControl(getSortingAttributesKeys(), Control.NONCRITICAL), new PagedResultsControl(GetPagingSize(), cookie, Control.CRITICAL) });
} else {
getInitialContext().setRequestControls(new Control[] { new PagedResultsControl(GetPagingSize(), cookie, Control.CRITICAL) });
}
if ((cookie != null) && (cookie.length != 0)) {
// get search result for the page
this.results = getInitialContext().search(getSearchBase(), getFilter(), getSearchControls());
} else {
return null;
}
} catch (Exception e) {
throw new KettleException(BaseMessages.getString(PKG, "LDAPInput.Exception.ErrorPaging"), e);
}
while (!getSearchResult().hasMoreElements()) {
return null;
}
} else {
// we have already returned all the result
return null;
}
}
try {
SearchResult searchResult = getSearchResult().next();
Attributes results = searchResult.getAttributes();
results.put("dn", searchResult.getNameInNamespace());
return results;
} catch (Exception e) {
throw new KettleException(BaseMessages.getString(PKG, "LDAPConnection.Exception.GettingAttributes"), e);
}
}
Also used :
SortControl(javax.naming.ldap.SortControl)
KettleException(org.pentaho.di.core.exception.KettleException)
Control(javax.naming.ldap.Control)
SortControl(javax.naming.ldap.SortControl)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
KettleException(org.pentaho.di.core.exception.KettleException)
NameNotFoundException(javax.naming.NameNotFoundException)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 10 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class UserSync method getAllUsers.
public void getAllUsers(LdapContext ldapContext) throws Throwable {
int noOfUsers = 0;
Attribute userNameAttr = null;
// String groupName = null;
Attribute groupMemberAttr = null;
NamingEnumeration<SearchResult> userSearchResultEnum = null;
SearchControls userSearchControls = new SearchControls();
userSearchControls.setSearchScope(config.getUserSearchScope());
Set<String> userSearchAttributes = new HashSet<>();
if (userNameAttribute != null) {
userSearchAttributes.add(userNameAttribute);
}
if (userGroupMemberName != null) {
userSearchAttributes.add(userGroupMemberName);
}
if (userSearchAttributes.size() > 0) {
userSearchControls.setReturningAttributes(userSearchAttributes.toArray(new String[userSearchAttributes.size()]));
} else {
userSearchControls.setReturningAttributes(new java.lang.String[] { "*", "+" });
}
String extendedUserSearchFilter = "(objectclass=" + userObjClassName + ")";
if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
String customFilter = userSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")";
}
byte[] cookie = null;
logFile.println();
logFile.println("INFO: First 20 Users and associated groups are:");
try {
do {
userSearchResultEnum = ldapContext.search(userSearchBase, extendedUserSearchFilter, userSearchControls);
while (userSearchResultEnum.hasMore()) {
final SearchResult userEntry = userSearchResultEnum.next();
if (userEntry == null) {
logFile.println("WARN: userEntry null");
continue;
}
Attributes attributes = userEntry.getAttributes();
if (attributes == null) {
logFile.println("WARN: Attributes missing for entry " + userEntry.getNameInNamespace());
continue;
}
if (userNameAttribute == null || userNameAttribute.isEmpty()) {
for (int i = 0; i < userNameAttrValues.length; i++) {
userNameAttr = attributes.get(userNameAttrValues[i]);
if (userNameAttr != null) {
userNameAttribute = userNameAttrValues[i];
break;
}
}
if (userNameAttr == null) {
logFile.print("WARN: Failed to find any of ( ");
for (int i = 0; i < userNameAttrValues.length; i++) {
logFile.print(userNameAttrValues[i] + " ");
}
logFile.println(") for entry " + userEntry.getNameInNamespace());
continue;
}
} else {
userNameAttr = attributes.get(userNameAttribute);
if (userNameAttr == null) {
logFile.println("WARN: Failed to find " + userNameAttribute + " for entry " + userEntry.getNameInNamespace());
continue;
}
}
String userName = userNameAttr.get().toString();
if (userName == null || userName.trim().isEmpty()) {
logFile.println("WARN: " + userNameAttribute + " empty for entry " + userEntry.getNameInNamespace());
continue;
}
userName = userName.toLowerCase();
Set<String> groups = new HashSet<>();
groupMemberAttr = attributes.get(userGroupMemberName);
if (groupMemberAttr != null) {
NamingEnumeration<?> groupEnum = groupMemberAttr.getAll();
while (groupEnum.hasMore()) {
String groupRes = groupEnum.next().toString();
groups.add(groupRes);
if (groupName == null || groupName.isEmpty()) {
groupName = groupRes;
}
}
}
if (noOfUsers < 20) {
logFile.println("Username: " + userName + ", Groups: " + groups);
}
noOfUsers++;
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
cookie = prrc.getCookie();
}
}
} else {
logFile.println("WARN: No controls were sent from the server");
}
// Re-activate paged results
if (config.isPagedResultsEnabled()) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(config.getPagedResultsSize(), cookie, Control.CRITICAL) });
}
} while (cookie != null);
logFile.println("\nINFO: Total no. of users = " + noOfUsers);
} catch (NamingException ne) {
String msg = "Exception occured while retreiving users\n";
if ((config.getUserNameAttribute() != null && !config.getUserNameAttribute().isEmpty()) || (config.getUserObjectClass() != null && !config.getUserObjectClass().isEmpty()) || (config.getGroupNameAttribute() != null && !config.getGroupNameAttribute().isEmpty()) || (config.getUserSearchBase() != null && !config.getUserSearchBase().isEmpty()) || (config.getUserSearchFilter() != null && !config.getUserSearchFilter().isEmpty())) {
throw new Exception("Please verify values for:\n ranger.usersync.ldap.user.nameattribute\n " + "ranger.usersync.ldap.user.objectclass\n" + "ranger.usersync.ldap.user.groupnameattribute\n" + "ranger.usersync.ldap.user.searchbase\n" + "ranger.usersync.ldap.user.searchfilter\n");
} else {
throw new Exception(msg + ne);
}
} finally {
if (userSearchResultEnum != null) {
userSearchResultEnum.close();
}
}
}
Also used :
Attribute(javax.naming.directory.Attribute)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchControls(javax.naming.directory.SearchControls)
NamingException(javax.naming.NamingException)
HashSet(java.util.HashSet)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Aggregations
Control (javax.naming.ldap.Control)23
PagedResultsControl (javax.naming.ldap.PagedResultsControl)23
PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)23
SearchResult (javax.naming.directory.SearchResult)19
Attribute (javax.naming.directory.Attribute)10
NamingException (javax.naming.NamingException)9
InvalidNameException (javax.naming.InvalidNameException)8
ArrayList (java.util.ArrayList)7
HashSet (java.util.HashSet)7
SearchControls (javax.naming.directory.SearchControls)7
Attributes (javax.naming.directory.Attributes)6
DateFormat (java.text.DateFormat)4
SimpleDateFormat (java.text.SimpleDateFormat)4
Date (java.util.Date)4
HashMap (java.util.HashMap)4
LdapContext (javax.naming.ldap.LdapContext)4
SortControl (javax.naming.ldap.SortControl)4
IOException (java.io.IOException)3
NoSuchElementException (java.util.NoSuchElementException)3
Map (java.util.Map)2
