use of javax.naming.ldap.PagedResultsResponseControl in project alfresco-repository by Alfresco.
the class LDAPInitialDirContextFactoryImpl method hasNextPage.
public boolean hasNextPage(DirContext ctx, int pageSize) {
if (pageSize > 0) {
try {
LdapContext ldapContext = (LdapContext) ctx;
Control[] controls = ldapContext.getResponseControls();
// Retrieve the paged result cookie if there is one
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
byte[] cookie = ((PagedResultsResponseControl) control).getCookie();
if (cookie != null) {
// Prepare for next page
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
return true;
}
}
}
}
} catch (NamingException nx) {
throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", nx);
} catch (IOException e) {
throw new AuthenticationException("Unable to encode LDAP v3 request controls; check LDAP configuration", e);
}
}
return false;
}
use of javax.naming.ldap.PagedResultsResponseControl in project cloudstack by apache.
the class OpenLdapUserManagerImpl method searchUsers.
@Override
public List<LdapUser> searchUsers(final String username, final LdapContext context) throws NamingException, IOException {
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(_ldapConfiguration.getScope());
searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
String basedn = _ldapConfiguration.getBaseDn();
if (StringUtils.isBlank(basedn)) {
throw new IllegalArgumentException("ldap basedn is not configured");
}
byte[] cookie = null;
int pageSize = _ldapConfiguration.getLdapPageSize();
context.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.NONCRITICAL) });
final List<LdapUser> users = new ArrayList<LdapUser>();
NamingEnumeration<SearchResult> results;
do {
results = context.search(basedn, generateSearchFilter(username), searchControls);
while (results.hasMoreElements()) {
final SearchResult result = results.nextElement();
if (!isUserDisabled(result)) {
users.add(createUser(result));
}
}
Control[] contextControls = context.getResponseControls();
if (contextControls != null) {
for (Control control : contextControls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
cookie = prrc.getCookie();
}
}
} else {
s_logger.info("No controls were sent from the ldap server");
}
context.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} while (cookie != null);
return users;
}
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class LdapDeltaUserGroupBuilder method getUsers.
private void getUsers(UserGroupSink sink) throws Throwable {
NamingEnumeration<SearchResult> userSearchResultEnum = null;
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
DateFormat dateFormat = new SimpleDateFormat("yyyyMMddhhmmss");
if (groupSearchFirstEnabled && groupUserTable.rowKeySet().size() != 0) {
// Fix RANGER-1957: Perform full sync when group search is enabled and when there are updates to the groups
deltaSyncUserTime = 0;
deltaSyncUserTimeStamp = dateFormat.format(new Date(0));
}
extendedUserSearchFilter = "(objectclass=" + userObjectClass + ")(|(uSNChanged>=" + deltaSyncUserTime + ")(modifyTimestamp>=" + deltaSyncUserTimeStamp + "Z))";
if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
String customFilter = userSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")";
} else {
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + ")";
}
LOG.info("extendedUserSearchFilter = " + extendedUserSearchFilter);
long highestdeltaSyncUserTime = deltaSyncUserTime;
// When multiple OUs are configured, go through each OU as the user search base to search for users.
for (int ou = 0; ou < userSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
userSearchResultEnum = ldapContext.search(userSearchBase[ou], extendedUserSearchFilter, userSearchControls);
while (userSearchResultEnum.hasMore()) {
// searchResults contains all the user entries
final SearchResult userEntry = userSearchResultEnum.next();
if (userEntry == null) {
if (LOG.isInfoEnabled()) {
LOG.info("userEntry null, skipping sync for the entry");
}
continue;
}
// System.out.println("userEntry = " + userEntry);
Attributes attributes = userEntry.getAttributes();
if (attributes == null) {
if (LOG.isInfoEnabled()) {
LOG.info("attributes missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
Attribute userNameAttr = attributes.get(userNameAttribute);
if (userNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String userFullName = (userEntry.getNameInNamespace()).toLowerCase();
String userName = (String) userNameAttr.get();
if (userName == null || userName.trim().isEmpty()) {
if (LOG.isInfoEnabled()) {
LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
Attribute timeStampAttr = attributes.get("uSNChanged");
if (timeStampAttr != null) {
String uSNChangedVal = (String) timeStampAttr.get();
long currentDeltaSyncTime = Long.parseLong(uSNChangedVal);
LOG.info("uSNChangedVal = " + uSNChangedVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
highestdeltaSyncUserTime = currentDeltaSyncTime;
}
} else {
timeStampAttr = attributes.get("modifytimestamp");
if (timeStampAttr != null) {
String timeStampVal = (String) timeStampAttr.get();
Date parseDate = dateFormat.parse(timeStampVal);
long currentDeltaSyncTime = parseDate.getTime();
LOG.info("timeStampVal = " + timeStampVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
highestdeltaSyncUserTime = currentDeltaSyncTime;
deltaSyncUserTimeStamp = timeStampVal;
}
}
}
if (!groupSearchFirstEnabled) {
String transformUserName = userNameTransform(userName);
try {
sink.addOrUpdateUser(transformUserName);
} catch (Throwable t) {
LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + transformUserName);
}
// System.out.println("Adding user fullname = " + userFullName + " username = " + transformUserName);
userNameMap.put(userFullName, transformUserName);
Set<String> groups = new HashSet<String>();
// Get all the groups from the group name attribute of the user only when group search is not enabled.
if (!groupSearchEnabled) {
for (String useGroupNameAttribute : userGroupNameAttributeSet) {
Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
if (userGroupfAttribute != null) {
NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
while (groupEnum.hasMore()) {
String gName = getShortGroupName((String) groupEnum.next());
String transformGroupName = groupNameTransform(gName);
groups.add(transformGroupName);
}
}
}
}
List<String> groupList = new ArrayList<String>(groups);
try {
sink.addOrUpdateUser(transformUserName, groupList);
} catch (Throwable t) {
LOG.error("sink.addOrUpdateUserGroups failed with exception: " + t.getMessage() + ", for user: " + transformUserName + " and groups: " + groupList);
}
counter++;
noOfUsers++;
} else {
// If the user from the search result is present in the group user table,
// then addorupdate user to ranger admin.
LOG.debug("Chekcing if the user " + userFullName + " is part of the retrieved groups");
if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName)) && !userNameMap.containsKey(userFullName)) {
String transformUserName = userNameTransform(userName);
try {
sink.addOrUpdateUser(transformUserName);
} catch (Throwable t) {
LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + transformUserName);
}
userNameMap.put(userFullName, transformUserName);
// Also update the username in the groupUserTable with the one from username attribute.
Map<String, String> userMap = groupUserTable.column(userFullName);
for (Map.Entry<String, String> entry : userMap.entrySet()) {
LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + transformUserName + " for " + entry.getKey());
groupUserTable.put(entry.getKey(), userFullName, transformUserName);
}
counter++;
noOfUsers++;
}
}
if (counter <= 2000) {
if (LOG.isInfoEnabled()) {
LOG.info("Updating user count: " + counter + ", userName: " + userName);
}
if (counter == 2000) {
LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
}
} else {
if (LOG.isTraceEnabled()) {
LOG.trace("Updating user count: " + counter + ", userName: " + userName);
} else {
if (counter % 100 == 0) {
LOG.info("Synced " + counter + " users till now");
}
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapDeltaUserGroupBuilder.getUsers() completed with user count: " + counter);
} catch (Exception t) {
LOG.error("LdapDeltaUserGroupBuilder.getUsers() failed with exception: " + t);
LOG.info("LdapDeltaUserGroupBuilder.getUsers() user count: " + counter);
}
}
if (deltaSyncUserTime < highestdeltaSyncUserTime) {
// Incrementing highestdeltaSyncUserTime (for AD) in order to avoid search record repetition for next sync cycle.
deltaSyncUserTime = highestdeltaSyncUserTime + 1;
// Incrementing the highest timestamp value (for Openldap) with 1sec in order to avoid search record repetition for next sync cycle.
deltaSyncUserTimeStamp = dateFormat.format(new Date(highestdeltaSyncUserTime + 60l));
}
} finally {
if (userSearchResultEnum != null) {
userSearchResultEnum.close();
}
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
}
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class UserInfo method goUpGroupHierarchyLdap.
private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels, UserInfo userInfo) throws Throwable {
LOG.debug("goUpGroupHierarchyLdap(): Incoming groups " + groupDNs);
if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
return;
}
Set<String> nextLevelGroups = new HashSet<String>();
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
groupFilter += customFilter + "(|";
}
StringBuilder filter = new StringBuilder();
for (String groupDN : groupDNs) {
filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
}
filter.append("))");
groupFilter += filter;
LOG.debug("extendedAllGroupsSearchFilter = " + groupFilter);
for (String ou : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
do {
groupSearchResultEnum = ldapContext.search(ou, groupFilter, groupSearchControls);
// System.out.println("goUpGroupHierarchyLdap(): Going through the sub groups");
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
if (LOG.isInfoEnabled()) {
LOG.info("groupEntry null, skipping sync for the entry");
}
continue;
}
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
if (groupNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String groupDN = groupEntry.getNameInNamespace();
// System.out.println("goUpGroupHierarchyLdap(): next Level Group DN = " + groupDN);
nextLevelGroups.add(groupDN);
String gName = (String) groupNameAttr.get();
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
} else {
gName = gName.toUpperCase();
}
}
if (groupNameRegExInst != null) {
gName = groupNameRegExInst.transform(gName);
}
userInfo.addGroup(gName);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
} catch (RuntimeException re) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
throw re;
} catch (Exception t) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
}
}
} catch (RuntimeException re) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
throw re;
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1, userInfo);
}
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class UserInfo method getUsers.
private void getUsers(UserGroupSink sink) throws Throwable {
UserInfo userInfo;
NamingEnumeration<SearchResult> userSearchResultEnum = null;
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
// When multiple OUs are configured, go through each OU as the user search base to search for users.
for (String ou : userSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
userSearchResultEnum = ldapContext.search(ou, extendedUserSearchFilter, userSearchControls);
while (userSearchResultEnum.hasMore()) {
// searchResults contains all the user entries
final SearchResult userEntry = userSearchResultEnum.next();
if (userEntry == null) {
if (LOG.isInfoEnabled()) {
LOG.info("userEntry null, skipping sync for the entry");
}
continue;
}
Attributes attributes = userEntry.getAttributes();
if (attributes == null) {
if (LOG.isInfoEnabled()) {
LOG.info("attributes missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
Attribute userNameAttr = attributes.get(userNameAttribute);
if (userNameAttr == null) {
if (LOG.isInfoEnabled()) {
LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
String userName = (String) userNameAttr.get();
if (userName == null || userName.trim().isEmpty()) {
if (LOG.isInfoEnabled()) {
LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + ", skipping sync");
}
continue;
}
if (!groupSearchFirstEnabled) {
userInfo = new UserInfo(userName, userEntry.getNameInNamespace());
Set<String> groups = new HashSet<String>();
// Get all the groups from the group name attribute of the user only when group search is not enabled.
if (!groupSearchEnabled) {
for (String useGroupNameAttribute : userGroupNameAttributeSet) {
Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
if (userGroupfAttribute != null) {
NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
while (groupEnum.hasMore()) {
String groupDN = (String) groupEnum.next();
LOG.debug("Adding " + groupDN + " to " + userName);
userInfo.addGroupDN(groupDN);
String gName = getShortGroupName(groupDN);
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
} else {
gName = gName.toUpperCase();
}
}
if (groupNameRegExInst != null) {
gName = groupNameRegExInst.transform(gName);
}
groups.add(gName);
}
}
}
}
userInfo.addGroups(groups);
// group search to compute group membership as well as to call sink.addOrUpdateUser()
if (userGroupMap.containsKey(userName)) {
LOG.warn("user object with username " + userName + " already exists and is replaced with the latest user object.");
}
userGroupMap.put(userName, userInfo);
// List<String> groupList = new ArrayList<String>(groups);
List<String> groupList = userInfo.getGroups();
counter++;
if (counter <= 2000) {
if (LOG.isInfoEnabled()) {
LOG.info("Updating user count: " + counter + ", userName: " + userName + ", groupList: " + groupList);
}
if (counter == 2000) {
LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
}
} else {
if (LOG.isTraceEnabled()) {
LOG.trace("Updating user count: " + counter + ", userName: " + userName + ", groupList: " + groupList);
} else {
if (counter % 100 == 0) {
LOG.info("Synced " + counter + " users till now");
}
}
}
} else {
// If the user from the search result is present in the usersList,
// then update user name in the userInfo map with the value from the search result
// and update ranger admin.
String userFullName = (userEntry.getNameInNamespace()).toLowerCase();
LOG.debug("Checking if the user " + userFullName + " is part of the retrieved groups");
userInfo = userGroupMap.get(userFullName);
if (userInfo == null) {
userInfo = userGroupMap.get(userName.toLowerCase());
}
if (userInfo != null) {
counter++;
LOG.info("Updating username for " + userFullName + " with " + userName);
userInfo.updateUserName(userName);
List<String> groupList = userInfo.getGroups();
if (userNameCaseConversionFlag) {
if (userNameLowerCaseFlag) {
userName = userName.toLowerCase();
} else {
userName = userName.toUpperCase();
}
}
if (userNameRegExInst != null) {
userName = userNameRegExInst.transform(userName);
}
try {
sink.addOrUpdateUser(userName, groupList);
} catch (Throwable t) {
LOG.error("sink.addOrUpdateUser failed with exception: " + t.getMessage() + ", for user: " + userName + ", groups: " + groupList);
}
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total : " + total);
} else {
LOG.debug("END-OF-PAGE total : unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LDAPUserGroupBuilder.getUsers() completed with user count: " + counter);
} catch (Throwable t) {
LOG.error("LDAPUserGroupBuilder.getUsers() failed with exception: " + t);
LOG.info("LDAPUserGroupBuilder.getUsers() user count: " + counter);
}
}
} finally {
if (userSearchResultEnum != null) {
userSearchResultEnum.close();
}
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
}
Aggregations