Search in sources :

Example 11 with PagedResultsResponseControl

use of javax.naming.ldap.PagedResultsResponseControl in project alfresco-repository by Alfresco.

the class LDAPInitialDirContextFactoryImpl method hasNextPage.

public boolean hasNextPage(DirContext ctx, int pageSize) {
    if (pageSize > 0) {
        try {
            LdapContext ldapContext = (LdapContext) ctx;
            Control[] controls = ldapContext.getResponseControls();
            // Retrieve the paged result cookie if there is one
            if (controls != null) {
                for (Control control : controls) {
                    if (control instanceof PagedResultsResponseControl) {
                        byte[] cookie = ((PagedResultsResponseControl) control).getCookie();
                        if (cookie != null) {
                            // Prepare for next page
                            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
                            return true;
                        }
                    }
                }
            }
        } catch (NamingException nx) {
            throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", nx);
        } catch (IOException e) {
            throw new AuthenticationException("Unable to encode LDAP v3 request controls; check LDAP configuration", e);
        }
    }
    return false;
}
Also used : Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) NamingException(javax.naming.NamingException) IOException(java.io.IOException) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 12 with PagedResultsResponseControl

use of javax.naming.ldap.PagedResultsResponseControl in project cloudstack by apache.

the class OpenLdapUserManagerImpl method searchUsers.

@Override
public List<LdapUser> searchUsers(final String username, final LdapContext context) throws NamingException, IOException {
    final SearchControls searchControls = new SearchControls();
    searchControls.setSearchScope(_ldapConfiguration.getScope());
    searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
    String basedn = _ldapConfiguration.getBaseDn();
    if (StringUtils.isBlank(basedn)) {
        throw new IllegalArgumentException("ldap basedn is not configured");
    }
    byte[] cookie = null;
    int pageSize = _ldapConfiguration.getLdapPageSize();
    context.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.NONCRITICAL) });
    final List<LdapUser> users = new ArrayList<LdapUser>();
    NamingEnumeration<SearchResult> results;
    do {
        results = context.search(basedn, generateSearchFilter(username), searchControls);
        while (results.hasMoreElements()) {
            final SearchResult result = results.nextElement();
            if (!isUserDisabled(result)) {
                users.add(createUser(result));
            }
        }
        Control[] contextControls = context.getResponseControls();
        if (contextControls != null) {
            for (Control control : contextControls) {
                if (control instanceof PagedResultsResponseControl) {
                    PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
                    cookie = prrc.getCookie();
                }
            }
        } else {
            s_logger.info("No controls were sent from the ldap server");
        }
        context.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
    } while (cookie != null);
    return users;
}
Also used : PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchControls(javax.naming.directory.SearchControls) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 13 with PagedResultsResponseControl

use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.

the class LdapDeltaUserGroupBuilder method getUsers.

private void getUsers(UserGroupSink sink) throws Throwable {
    NamingEnumeration<SearchResult> userSearchResultEnum = null;
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        DateFormat dateFormat = new SimpleDateFormat("yyyyMMddhhmmss");
        if (groupSearchFirstEnabled && groupUserTable.rowKeySet().size() != 0) {
            // Fix RANGER-1957: Perform full sync when group search is enabled and when there are updates to the groups
            deltaSyncUserTime = 0;
            deltaSyncUserTimeStamp = dateFormat.format(new Date(0));
        }
        extendedUserSearchFilter = "(objectclass=" + userObjectClass + ")(|(uSNChanged>=" + deltaSyncUserTime + ")(modifyTimestamp>=" + deltaSyncUserTimeStamp + "Z))";
        if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
            String customFilter = userSearchFilter.trim();
            if (!customFilter.startsWith("(")) {
                customFilter = "(" + customFilter + ")";
            }
            extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")";
        } else {
            extendedUserSearchFilter = "(&" + extendedUserSearchFilter + ")";
        }
        LOG.info("extendedUserSearchFilter = " + extendedUserSearchFilter);
        long highestdeltaSyncUserTime = deltaSyncUserTime;
        // When multiple OUs are configured, go through each OU as the user search base to search for users.
        for (int ou = 0; ou < userSearchBase.length; ou++) {
            byte[] cookie = null;
            int counter = 0;
            try {
                int paged = 0;
                do {
                    userSearchResultEnum = ldapContext.search(userSearchBase[ou], extendedUserSearchFilter, userSearchControls);
                    while (userSearchResultEnum.hasMore()) {
                        // searchResults contains all the user entries
                        final SearchResult userEntry = userSearchResultEnum.next();
                        if (userEntry == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            }
                            continue;
                        }
                        // System.out.println("userEntry = " + userEntry);
                        Attributes attributes = userEntry.getAttributes();
                        if (attributes == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("attributes  missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        Attribute userNameAttr = attributes.get(userNameAttribute);
                        if (userNameAttr == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        String userFullName = (userEntry.getNameInNamespace()).toLowerCase();
                        String userName = (String) userNameAttr.get();
                        if (userName == null || userName.trim().isEmpty()) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        Attribute timeStampAttr = attributes.get("uSNChanged");
                        if (timeStampAttr != null) {
                            String uSNChangedVal = (String) timeStampAttr.get();
                            long currentDeltaSyncTime = Long.parseLong(uSNChangedVal);
                            LOG.info("uSNChangedVal = " + uSNChangedVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
                            if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
                                highestdeltaSyncUserTime = currentDeltaSyncTime;
                            }
                        } else {
                            timeStampAttr = attributes.get("modifytimestamp");
                            if (timeStampAttr != null) {
                                String timeStampVal = (String) timeStampAttr.get();
                                Date parseDate = dateFormat.parse(timeStampVal);
                                long currentDeltaSyncTime = parseDate.getTime();
                                LOG.info("timeStampVal = " + timeStampVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
                                if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
                                    highestdeltaSyncUserTime = currentDeltaSyncTime;
                                    deltaSyncUserTimeStamp = timeStampVal;
                                }
                            }
                        }
                        if (!groupSearchFirstEnabled) {
                            String transformUserName = userNameTransform(userName);
                            try {
                                sink.addOrUpdateUser(transformUserName);
                            } catch (Throwable t) {
                                LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + transformUserName);
                            }
                            // System.out.println("Adding user fullname = " + userFullName + " username = " + transformUserName);
                            userNameMap.put(userFullName, transformUserName);
                            Set<String> groups = new HashSet<String>();
                            // Get all the groups from the group name attribute of the user only when group search is not enabled.
                            if (!groupSearchEnabled) {
                                for (String useGroupNameAttribute : userGroupNameAttributeSet) {
                                    Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
                                    if (userGroupfAttribute != null) {
                                        NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
                                        while (groupEnum.hasMore()) {
                                            String gName = getShortGroupName((String) groupEnum.next());
                                            String transformGroupName = groupNameTransform(gName);
                                            groups.add(transformGroupName);
                                        }
                                    }
                                }
                            }
                            List<String> groupList = new ArrayList<String>(groups);
                            try {
                                sink.addOrUpdateUser(transformUserName, groupList);
                            } catch (Throwable t) {
                                LOG.error("sink.addOrUpdateUserGroups failed with exception: " + t.getMessage() + ", for user: " + transformUserName + " and groups: " + groupList);
                            }
                            counter++;
                            noOfUsers++;
                        } else {
                            // If the user from the search result is present in the group user table,
                            // then addorupdate user to ranger admin.
                            LOG.debug("Chekcing if the user " + userFullName + " is part of the retrieved groups");
                            if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName)) && !userNameMap.containsKey(userFullName)) {
                                String transformUserName = userNameTransform(userName);
                                try {
                                    sink.addOrUpdateUser(transformUserName);
                                } catch (Throwable t) {
                                    LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + transformUserName);
                                }
                                userNameMap.put(userFullName, transformUserName);
                                // Also update the username in the groupUserTable with the one from username attribute.
                                Map<String, String> userMap = groupUserTable.column(userFullName);
                                for (Map.Entry<String, String> entry : userMap.entrySet()) {
                                    LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + transformUserName + " for " + entry.getKey());
                                    groupUserTable.put(entry.getKey(), userFullName, transformUserName);
                                }
                                counter++;
                                noOfUsers++;
                            }
                        }
                        if (counter <= 2000) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("Updating user count: " + counter + ", userName: " + userName);
                            }
                            if (counter == 2000) {
                                LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                            }
                        } else {
                            if (LOG.isTraceEnabled()) {
                                LOG.trace("Updating user count: " + counter + ", userName: " + userName);
                            } else {
                                if (counter % 100 == 0) {
                                    LOG.info("Synced " + counter + " users till now");
                                }
                            }
                        }
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (int i = 0; i < controls.length; i++) {
                            if (controls[i] instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        LOG.debug(String.format("Fetched paged results round: %s", ++paged));
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LdapDeltaUserGroupBuilder.getUsers() completed with user count: " + counter);
            } catch (Exception t) {
                LOG.error("LdapDeltaUserGroupBuilder.getUsers() failed with exception: " + t);
                LOG.info("LdapDeltaUserGroupBuilder.getUsers() user count: " + counter);
            }
        }
        if (deltaSyncUserTime < highestdeltaSyncUserTime) {
            // Incrementing highestdeltaSyncUserTime (for AD) in order to avoid search record repetition for next sync cycle.
            deltaSyncUserTime = highestdeltaSyncUserTime + 1;
            // Incrementing the highest timestamp value (for Openldap) with 1sec in order to avoid search record repetition for next sync cycle.
            deltaSyncUserTimeStamp = dateFormat.format(new Date(highestdeltaSyncUserTime + 60l));
        }
    } finally {
        if (userSearchResultEnum != null) {
            userSearchResultEnum.close();
        }
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) Attributes(javax.naming.directory.Attributes) ArrayList(java.util.ArrayList) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) HashSet(java.util.HashSet) SearchResult(javax.naming.directory.SearchResult) Date(java.util.Date) InvalidNameException(javax.naming.InvalidNameException) SimpleDateFormat(java.text.SimpleDateFormat) DateFormat(java.text.DateFormat) SimpleDateFormat(java.text.SimpleDateFormat) HashMap(java.util.HashMap) Map(java.util.Map) DualHashBidiMap(org.apache.commons.collections.bidimap.DualHashBidiMap) BidiMap(org.apache.commons.collections.BidiMap) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 14 with PagedResultsResponseControl

use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.

the class UserInfo method goUpGroupHierarchyLdap.

private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels, UserInfo userInfo) throws Throwable {
    LOG.debug("goUpGroupHierarchyLdap(): Incoming groups " + groupDNs);
    if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
        return;
    }
    Set<String> nextLevelGroups = new HashSet<String>();
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
        if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
            String customFilter = groupSearchFilter.trim();
            if (!customFilter.startsWith("(")) {
                customFilter = "(" + customFilter + ")";
            }
            groupFilter += customFilter + "(|";
        }
        StringBuilder filter = new StringBuilder();
        for (String groupDN : groupDNs) {
            filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
        }
        filter.append("))");
        groupFilter += filter;
        LOG.debug("extendedAllGroupsSearchFilter = " + groupFilter);
        for (String ou : groupSearchBase) {
            byte[] cookie = null;
            int counter = 0;
            try {
                do {
                    groupSearchResultEnum = ldapContext.search(ou, groupFilter, groupSearchControls);
                    // System.out.println("goUpGroupHierarchyLdap(): Going through the sub groups");
                    while (groupSearchResultEnum.hasMore()) {
                        final SearchResult groupEntry = groupSearchResultEnum.next();
                        if (groupEntry == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("groupEntry null, skipping sync for the entry");
                            }
                            continue;
                        }
                        counter++;
                        Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
                        if (groupNameAttr == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        String groupDN = groupEntry.getNameInNamespace();
                        // System.out.println("goUpGroupHierarchyLdap(): next Level Group DN = " + groupDN);
                        nextLevelGroups.add(groupDN);
                        String gName = (String) groupNameAttr.get();
                        if (groupNameCaseConversionFlag) {
                            if (groupNameLowerCaseFlag) {
                                gName = gName.toLowerCase();
                            } else {
                                gName = gName.toUpperCase();
                            }
                        }
                        if (groupNameRegExInst != null) {
                            gName = groupNameRegExInst.transform(gName);
                        }
                        userInfo.addGroup(gName);
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (Control control : controls) {
                            if (control instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
            } catch (RuntimeException re) {
                LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
                throw re;
            } catch (Exception t) {
                LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
                LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
            }
        }
    } catch (RuntimeException re) {
        LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
        throw re;
    } finally {
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
    goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1, userInfo);
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) SearchResult(javax.naming.directory.SearchResult) InvalidNameException(javax.naming.InvalidNameException) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) HashSet(java.util.HashSet) PagedResultsControl(javax.naming.ldap.PagedResultsControl)

Example 15 with PagedResultsResponseControl

use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.

the class UserInfo method getUsers.

private void getUsers(UserGroupSink sink) throws Throwable {
    UserInfo userInfo;
    NamingEnumeration<SearchResult> userSearchResultEnum = null;
    NamingEnumeration<SearchResult> groupSearchResultEnum = null;
    try {
        createLdapContext();
        int total;
        // Activate paged results
        if (pagedResultsEnabled) {
            ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
        }
        // When multiple OUs are configured, go through each OU as the user search base to search for users.
        for (String ou : userSearchBase) {
            byte[] cookie = null;
            int counter = 0;
            try {
                int paged = 0;
                do {
                    userSearchResultEnum = ldapContext.search(ou, extendedUserSearchFilter, userSearchControls);
                    while (userSearchResultEnum.hasMore()) {
                        // searchResults contains all the user entries
                        final SearchResult userEntry = userSearchResultEnum.next();
                        if (userEntry == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            }
                            continue;
                        }
                        Attributes attributes = userEntry.getAttributes();
                        if (attributes == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info("attributes  missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        Attribute userNameAttr = attributes.get(userNameAttribute);
                        if (userNameAttr == null) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        String userName = (String) userNameAttr.get();
                        if (userName == null || userName.trim().isEmpty()) {
                            if (LOG.isInfoEnabled()) {
                                LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + ", skipping sync");
                            }
                            continue;
                        }
                        if (!groupSearchFirstEnabled) {
                            userInfo = new UserInfo(userName, userEntry.getNameInNamespace());
                            Set<String> groups = new HashSet<String>();
                            // Get all the groups from the group name attribute of the user only when group search is not enabled.
                            if (!groupSearchEnabled) {
                                for (String useGroupNameAttribute : userGroupNameAttributeSet) {
                                    Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
                                    if (userGroupfAttribute != null) {
                                        NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
                                        while (groupEnum.hasMore()) {
                                            String groupDN = (String) groupEnum.next();
                                            LOG.debug("Adding " + groupDN + " to " + userName);
                                            userInfo.addGroupDN(groupDN);
                                            String gName = getShortGroupName(groupDN);
                                            if (groupNameCaseConversionFlag) {
                                                if (groupNameLowerCaseFlag) {
                                                    gName = gName.toLowerCase();
                                                } else {
                                                    gName = gName.toUpperCase();
                                                }
                                            }
                                            if (groupNameRegExInst != null) {
                                                gName = groupNameRegExInst.transform(gName);
                                            }
                                            groups.add(gName);
                                        }
                                    }
                                }
                            }
                            userInfo.addGroups(groups);
                            // group search to compute group membership as well as to call sink.addOrUpdateUser()
                            if (userGroupMap.containsKey(userName)) {
                                LOG.warn("user object with username " + userName + " already exists and is replaced with the latest user object.");
                            }
                            userGroupMap.put(userName, userInfo);
                            // List<String> groupList = new ArrayList<String>(groups);
                            List<String> groupList = userInfo.getGroups();
                            counter++;
                            if (counter <= 2000) {
                                if (LOG.isInfoEnabled()) {
                                    LOG.info("Updating user count: " + counter + ", userName: " + userName + ", groupList: " + groupList);
                                }
                                if (counter == 2000) {
                                    LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                                }
                            } else {
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Updating user count: " + counter + ", userName: " + userName + ", groupList: " + groupList);
                                } else {
                                    if (counter % 100 == 0) {
                                        LOG.info("Synced " + counter + " users till now");
                                    }
                                }
                            }
                        } else {
                            // If the user from the search result is present in the usersList,
                            // then update user name in the userInfo map with the value from the search result
                            // and update ranger admin.
                            String userFullName = (userEntry.getNameInNamespace()).toLowerCase();
                            LOG.debug("Checking if the user " + userFullName + " is part of the retrieved groups");
                            userInfo = userGroupMap.get(userFullName);
                            if (userInfo == null) {
                                userInfo = userGroupMap.get(userName.toLowerCase());
                            }
                            if (userInfo != null) {
                                counter++;
                                LOG.info("Updating username for " + userFullName + " with " + userName);
                                userInfo.updateUserName(userName);
                                List<String> groupList = userInfo.getGroups();
                                if (userNameCaseConversionFlag) {
                                    if (userNameLowerCaseFlag) {
                                        userName = userName.toLowerCase();
                                    } else {
                                        userName = userName.toUpperCase();
                                    }
                                }
                                if (userNameRegExInst != null) {
                                    userName = userNameRegExInst.transform(userName);
                                }
                                try {
                                    sink.addOrUpdateUser(userName, groupList);
                                } catch (Throwable t) {
                                    LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + userName + ", groups: " + groupList);
                                }
                            }
                        }
                    }
                    // Examine the paged results control response
                    Control[] controls = ldapContext.getResponseControls();
                    if (controls != null) {
                        for (Control control : controls) {
                            if (control instanceof PagedResultsResponseControl) {
                                PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
                                total = prrc.getResultSize();
                                if (total != 0) {
                                    LOG.debug("END-OF-PAGE total : " + total);
                                } else {
                                    LOG.debug("END-OF-PAGE total : unknown");
                                }
                                cookie = prrc.getCookie();
                            }
                        }
                    } else {
                        LOG.debug("No controls were sent from the server");
                    }
                    // Re-activate paged results
                    if (pagedResultsEnabled) {
                        LOG.debug(String.format("Fetched paged results round: %s", ++paged));
                        ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
                    }
                } while (cookie != null);
                LOG.info("LDAPUserGroupBuilder.getUsers() completed with user count: " + counter);
            } catch (Throwable t) {
                LOG.error("LDAPUserGroupBuilder.getUsers() failed with exception: " + t);
                LOG.info("LDAPUserGroupBuilder.getUsers() user count: " + counter);
            }
        }
    } finally {
        if (userSearchResultEnum != null) {
            userSearchResultEnum.close();
        }
        if (groupSearchResultEnum != null) {
            groupSearchResultEnum.close();
        }
        closeLdapContext();
    }
}
Also used : Attribute(javax.naming.directory.Attribute) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) Control(javax.naming.ldap.Control) PagedResultsControl(javax.naming.ldap.PagedResultsControl) PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl) PagedResultsControl(javax.naming.ldap.PagedResultsControl) HashSet(java.util.HashSet)

Aggregations

Control (javax.naming.ldap.Control)23 PagedResultsControl (javax.naming.ldap.PagedResultsControl)23 PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)23 SearchResult (javax.naming.directory.SearchResult)19 Attribute (javax.naming.directory.Attribute)10 NamingException (javax.naming.NamingException)9 InvalidNameException (javax.naming.InvalidNameException)8 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 SearchControls (javax.naming.directory.SearchControls)7 Attributes (javax.naming.directory.Attributes)6 DateFormat (java.text.DateFormat)4 SimpleDateFormat (java.text.SimpleDateFormat)4 Date (java.util.Date)4 HashMap (java.util.HashMap)4 LdapContext (javax.naming.ldap.LdapContext)4 SortControl (javax.naming.ldap.SortControl)4 IOException (java.io.IOException)3 NoSuchElementException (java.util.NoSuchElementException)3 Map (java.util.Map)2