Example 16 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project teiid by teiid.
the class LDAPQueryExecution method next.
/**
* Fetch the next batch of data from the LDAP searchEnumerationr result.
* @return the next Batch of results.
*/
// GHH 20080326 - set all batches as last batch after an exception
// is thrown calling a method on the enumeration. Per Javadoc for
// javax.naming.NamingEnumeration, enumeration is invalid after an
// exception is thrown - by setting last batch indicator we prevent
// it from being used again.
// GHH 20080326 - also added return of explanation for generic
// NamingException
public List<?> next() throws TranslatorException {
try {
if (unwrapIterator != null) {
if (unwrapIterator.hasNext()) {
return unwrapIterator.next();
}
unwrapIterator = null;
}
// The search has been executed, so process up to one batch of
// results.
List<?> result = null;
while (result == null && searchEnumeration != null && searchEnumeration.hasMore()) {
SearchResult searchResult = (SearchResult) searchEnumeration.next();
try {
result = getRow(searchResult);
} catch (InvalidNameException e) {
}
}
if (result == null && this.executionFactory.usePagination()) {
byte[] cookie = null;
Control[] controls = ldapCtx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
cookie = prrc.getCookie();
}
}
}
if (cookie == null) {
return null;
}
setRequestControls(cookie);
executeSearch();
return next();
}
if (result != null) {
resultCount++;
}
return result;
} catch (SizeLimitExceededException e) {
if (resultCount != searchDetails.getCountLimit()) {
String msg = LDAPPlugin.Util.gs(LDAPPlugin.Event.TEIID12008);
TranslatorException te = new TranslatorException(e, msg);
if (executionFactory.isExceptionOnSizeLimitExceeded()) {
throw te;
}
this.executionContext.addWarning(te);
LogManager.logWarning(LogConstants.CTX_CONNECTOR, e, msg);
}
// GHH 20080326 - if size limit exceeded don't try to read more results
return null;
} catch (NamingException ne) {
// $NON-NLS-1$
throw new TranslatorException(ne, LDAPPlugin.Util.gs("ldap_error"));
}
}
Also used :
Control(javax.naming.ldap.Control)
SortControl(javax.naming.ldap.SortControl)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SizeLimitExceededException(javax.naming.SizeLimitExceededException)
InvalidNameException(javax.naming.InvalidNameException)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchResult(javax.naming.directory.SearchResult)
TranslatorException(org.teiid.translator.TranslatorException)
NamingException(javax.naming.NamingException)
Example 17 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class LdapUserGroupBuilder method getUsers.
private long getUsers(boolean computeDeletes) throws Throwable {
NamingEnumeration<SearchResult> userSearchResultEnum = null;
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
long highestdeltaSyncUserTime;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
if (groupUserTable.rowKeySet().size() != 0 || !config.isDeltaSyncEnabled() || (computeDeletes)) {
// Fix RANGER-1957: Perform full sync when there are updates to the groups or when incremental sync is not enabled
deltaSyncUserTime = 0;
deltaSyncUserTimeStamp = dateFormat.format(new Date(0));
}
extendedUserSearchFilter = "(objectclass=" + userObjectClass + ")(|(uSNChanged>=" + deltaSyncUserTime + ")(modifyTimestamp>=" + deltaSyncUserTimeStamp + "Z))";
if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
String customFilter = userSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")";
} else {
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + ")";
}
LOG.info("extendedUserSearchFilter = " + extendedUserSearchFilter);
highestdeltaSyncUserTime = deltaSyncUserTime;
// When multiple OUs are configured, go through each OU as the user search base to search for users.
for (int ou = 0; ou < userSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
userSearchResultEnum = ldapContext.search(userSearchBase[ou], extendedUserSearchFilter, userSearchControls);
while (userSearchResultEnum.hasMore()) {
// searchResults contains all the user entries
final SearchResult userEntry = userSearchResultEnum.next();
if (userEntry == null) {
LOG.info("userEntry null, skipping sync for the entry");
continue;
}
Attributes attributes = userEntry.getAttributes();
if (attributes == null) {
LOG.info("attributes missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
continue;
}
Attribute userNameAttr = attributes.get(userNameAttribute);
if (userNameAttr == null) {
LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + ", skipping sync");
continue;
}
String userFullName = (userEntry.getNameInNamespace());
String userName = (String) userNameAttr.get();
if (userName == null || userName.trim().isEmpty()) {
LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + ", skipping sync");
continue;
}
Attribute timeStampAttr = attributes.get("uSNChanged");
if (timeStampAttr != null) {
String uSNChangedVal = (String) timeStampAttr.get();
long currentDeltaSyncTime = Long.parseLong(uSNChangedVal);
LOG.info("uSNChangedVal = " + uSNChangedVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
highestdeltaSyncUserTime = currentDeltaSyncTime;
}
} else {
timeStampAttr = attributes.get("modifytimestamp");
if (timeStampAttr != null) {
String timeStampVal = (String) timeStampAttr.get();
Date parseDate = dateFormat.parse(timeStampVal);
long currentDeltaSyncTime = parseDate.getTime();
LOG.info("timeStampVal = " + timeStampVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncUserTime) {
highestdeltaSyncUserTime = currentDeltaSyncTime;
deltaSyncUserTimeStamp = timeStampVal;
}
}
}
// Get all the groups from the group name attribute of the user only when group search is not enabled.
if (!groupSearchEnabled) {
for (String useGroupNameAttribute : userGroupNameAttributeSet) {
Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
if (userGroupfAttribute != null) {
NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
while (groupEnum.hasMore()) {
String groupDN = (String) groupEnum.next();
if (LOG.isDebugEnabled()) {
LOG.debug("Adding " + groupDN + " to " + userName);
}
Map<String, String> groupAttrMap = new HashMap<>();
String groupName = getShortName(groupDN);
groupAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, groupName);
groupAttrMap.put(UgsyncCommonConstants.FULL_NAME, groupDN);
groupAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
groupAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
sourceGroups.put(groupDN, groupAttrMap);
if (LOG.isDebugEnabled()) {
LOG.debug("As groupsearch is disabled, adding group " + groupName + " from user memberof attribute for user " + userName);
}
groupUserTable.put(groupDN, userFullName, userFullName);
}
}
}
}
Map<String, String> userAttrMap = new HashMap<>();
userAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, userName);
userAttrMap.put(UgsyncCommonConstants.FULL_NAME, userFullName);
userAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
userAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
Attribute userCloudIdAttr = attributes.get(userCloudIdAttribute);
if (userCloudIdAttr != null) {
addToAttrMap(userAttrMap, "cloud_id", userCloudIdAttr, config.getUserCloudIdAttributeDataType());
}
for (String otherUserAttribute : otherUserAttributes) {
if (attributes.get(otherUserAttribute) != null) {
String attrType = config.getOtherUserAttributeDataType(otherUserAttribute);
addToAttrMap(userAttrMap, otherUserAttribute, attributes.get(otherUserAttribute), attrType);
}
}
sourceUsers.put(userFullName, userAttrMap);
if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName))) {
// Update the username in the groupUserTable with the one from username attribute.
Map<String, String> userMap = groupUserTable.column(userFullName);
if (MapUtils.isEmpty(userMap)) {
userMap = groupUserTable.column(userName);
}
for (Map.Entry<String, String> entry : userMap.entrySet()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + userName + " for " + entry.getKey());
}
groupUserTable.put(entry.getKey(), userFullName, userFullName);
}
}
counter++;
if (counter <= 2000) {
LOG.info("Updating user count: " + counter + ", userName: " + userName);
if (counter == 2000) {
LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
}
} else {
if (LOG.isTraceEnabled()) {
LOG.trace("Updating user count: " + counter + ", userName: " + userName);
} else {
if (counter % 100 == 0) {
LOG.info("Synced " + counter + " users till now");
}
}
}
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : " + total);
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : unknown");
}
}
cookie = prrc.getCookie();
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No controls were sent from the server");
}
}
// Re-activate paged results
if (pagedResultsEnabled) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
}
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapUserGroupBuilder.getUsers() completed with user count: " + counter);
} catch (Exception t) {
LOG.error("LdapUserGroupBuilder.getUsers() failed with exception: ", t);
LOG.info("LdapUserGroupBuilder.getUsers() user count: " + counter);
}
}
} finally {
if (userSearchResultEnum != null) {
userSearchResultEnum.close();
}
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
if (LOG.isDebugEnabled()) {
LOG.debug("highestdeltaSyncUserTime = " + highestdeltaSyncUserTime);
}
return highestdeltaSyncUserTime;
}
Also used :
Attribute(javax.naming.directory.Attribute)
HashMap(java.util.HashMap)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
Date(java.util.Date)
NamingException(javax.naming.NamingException)
NoSuchElementException(java.util.NoSuchElementException)
InvalidNameException(javax.naming.InvalidNameException)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SimpleDateFormat(java.text.SimpleDateFormat)
DateFormat(java.text.DateFormat)
SimpleDateFormat(java.text.SimpleDateFormat)
HashMap(java.util.HashMap)
Map(java.util.Map)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 18 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class LdapUserGroupBuilder method goUpGroupHierarchyLdap.
private void goUpGroupHierarchyLdap(Set<String> groupDNs, int groupHierarchyLevels) throws Throwable {
if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
return;
}
Set<String> nextLevelGroups = new HashSet<String>();
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
String groupFilter = "(&(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
groupFilter += customFilter + "(|";
}
StringBuilder filter = new StringBuilder();
for (String groupDN : groupDNs) {
filter.append("(").append(groupMemberAttributeName).append("=").append(groupDN).append(")");
}
filter.append("))");
groupFilter += filter;
LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
for (int ou = 0; ou < groupSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
do {
groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], groupFilter, groupSearchControls);
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
LOG.info("groupEntry null, skipping sync for the entry");
continue;
}
counter++;
Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
if (groupNameAttr == null) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
continue;
}
String groupFullName = (groupEntry.getNameInNamespace());
nextLevelGroups.add(groupFullName);
String gName = (String) groupNameAttr.get();
Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
continue;
}
Map<String, String> groupAttrMap = new HashMap<>();
groupAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, gName);
groupAttrMap.put(UgsyncCommonConstants.FULL_NAME, groupFullName);
groupAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
groupAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
for (String otherGroupAttribute : otherGroupAttributes) {
Attribute otherGroupAttr = groupEntry.getAttributes().get(otherGroupAttribute);
if (otherGroupAttr != null) {
groupAttrMap.put(otherGroupAttribute, (String) otherGroupAttr.get());
}
}
sourceGroups.put(groupFullName, groupAttrMap);
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
continue;
}
userCount++;
if (!userSearchEnabled && !sourceGroups.containsKey(originalUserFullName)) {
Map<String, String> userAttrMap = new HashMap<>();
String userName = getShortName(originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, userName);
userAttrMap.put(UgsyncCommonConstants.FULL_NAME, originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
userAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
sourceUsers.put(originalUserFullName, userAttrMap);
}
groupUserTable.put(groupFullName, originalUserFullName, originalUserFullName);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : " + total);
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : unknown");
}
}
cookie = prrc.getCookie();
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No controls were sent from the server");
}
}
// Re-activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + counter);
} catch (RuntimeException re) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", re);
throw re;
} catch (Exception t) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", t);
LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + counter);
}
}
} catch (RuntimeException re) {
LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", re);
throw re;
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
goUpGroupHierarchyLdap(nextLevelGroups, groupHierarchyLevels - 1);
}
Also used :
Attribute(javax.naming.directory.Attribute)
HashMap(java.util.HashMap)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
NoSuchElementException(java.util.NoSuchElementException)
InvalidNameException(javax.naming.InvalidNameException)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
HashSet(java.util.HashSet)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 19 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project ranger by apache.
the class LdapUserGroupBuilder method getGroups.
private long getGroups(boolean computeDeletes) throws Throwable {
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
long highestdeltaSyncGroupTime = deltaSyncGroupTime;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
extendedGroupSearchFilter = "(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedGroupSearchFilter = extendedGroupSearchFilter + customFilter;
}
if (!config.isDeltaSyncEnabled() || (computeDeletes)) {
// Perform full sync when incremental sync is not enabled
deltaSyncGroupTime = 0;
deltaSyncGroupTimeStamp = dateFormat.format(new Date(0));
}
extendedAllGroupsSearchFilter = "(&" + extendedGroupSearchFilter + "(|(uSNChanged>=" + deltaSyncGroupTime + ")(modifyTimestamp>=" + deltaSyncGroupTimeStamp + "Z)))";
LOG.info("extendedAllGroupsSearchFilter = " + extendedAllGroupsSearchFilter);
for (int ou = 0; ou < groupSearchBase.length; ou++) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
groupSearchResultEnum = ldapContext.search(groupSearchBase[ou], extendedAllGroupsSearchFilter, groupSearchControls);
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
LOG.info("groupEntry null, skipping sync for the entry");
continue;
}
counter++;
Attributes attributes = groupEntry.getAttributes();
Attribute groupNameAttr = attributes.get(groupNameAttribute);
if (groupNameAttr == null) {
LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + ", skipping sync");
continue;
}
String groupFullName = (groupEntry.getNameInNamespace());
String gName = (String) groupNameAttr.get();
Map<String, String> groupAttrMap = new HashMap<>();
groupAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, gName);
groupAttrMap.put(UgsyncCommonConstants.FULL_NAME, groupFullName);
groupAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
groupAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
Attribute groupCloudIdAttr = attributes.get(groupCloudIdAttribute);
if (groupCloudIdAttr != null) {
addToAttrMap(groupAttrMap, "cloud_id", groupCloudIdAttr, config.getGroupCloudIdAttributeDataType());
}
for (String otherGroupAttribute : otherGroupAttributes) {
if (attributes.get(otherGroupAttribute) != null) {
String attrType = config.getOtherGroupAttributeDataType(otherGroupAttribute);
addToAttrMap(groupAttrMap, otherGroupAttribute, attributes.get(otherGroupAttribute), attrType);
}
}
sourceGroups.put(groupFullName, groupAttrMap);
Attribute timeStampAttr = attributes.get("uSNChanged");
if (timeStampAttr != null) {
String uSNChangedVal = (String) timeStampAttr.get();
long currentDeltaSyncTime = Long.parseLong(uSNChangedVal);
if (currentDeltaSyncTime > highestdeltaSyncGroupTime) {
highestdeltaSyncGroupTime = currentDeltaSyncTime;
}
} else {
timeStampAttr = attributes.get("modifytimestamp");
if (timeStampAttr != null) {
String timeStampVal = (String) timeStampAttr.get();
Date parseDate = dateFormat.parse(timeStampVal);
long currentDeltaSyncTime = parseDate.getTime();
LOG.info("timeStampVal = " + timeStampVal + "and currentDeltaSyncTime = " + currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncGroupTime) {
highestdeltaSyncGroupTime = currentDeltaSyncTime;
deltaSyncGroupTimeStamp = timeStampVal;
}
}
}
Attribute groupMemberAttr = attributes.get(groupMemberAttributeName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
sourceGroupUsers.put(groupFullName, new HashSet<>());
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
sourceGroupUsers.put(groupFullName, new HashSet<>());
continue;
}
userCount++;
if (!userSearchEnabled) {
Map<String, String> userAttrMap = new HashMap<>();
String userName = getShortName(originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, userName);
userAttrMap.put(UgsyncCommonConstants.FULL_NAME, originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
userAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
sourceUsers.put(originalUserFullName, userAttrMap);
if (LOG.isDebugEnabled()) {
LOG.debug("As usersearch is disabled, adding user " + userName + " from group member attribute for group " + gName);
}
}
groupUserTable.put(groupFullName, originalUserFullName, originalUserFullName);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
total = prrc.getResultSize();
if (total != 0) {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : " + total);
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("END-OF-PAGE total : unknown");
}
}
cookie = prrc.getCookie();
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No controls were sent from the server");
}
}
// Re-activate paged results
if (pagedResultsEnabled) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
}
ldapContext.setRequestControls(new Control[] { new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
} while (cookie != null);
LOG.info("LdapUserGroupBuilder.getGroups() completed with group count: " + counter);
} catch (Exception t) {
LOG.error("LdapUserGroupBuilder.getGroups() failed with exception: " + t);
LOG.info("LdapUserGroupBuilder.getGroups() group count: " + counter);
}
}
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
if (groupHierarchyLevels > 0) {
if (LOG.isDebugEnabled()) {
LOG.debug("deltaSyncGroupTime = " + deltaSyncGroupTime);
}
if (deltaSyncGroupTime > 0) {
LOG.info("LdapUserGroupBuilder.getGroups(): Going through group hierarchy for nested group evaluation for deltasync");
goUpGroupHierarchyLdap(sourceGroups.keySet(), groupHierarchyLevels - 1);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("highestdeltaSyncGroupTime = " + highestdeltaSyncGroupTime);
}
return highestdeltaSyncGroupTime;
}
Also used :
Attribute(javax.naming.directory.Attribute)
HashMap(java.util.HashMap)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
Date(java.util.Date)
NamingException(javax.naming.NamingException)
NoSuchElementException(java.util.NoSuchElementException)
InvalidNameException(javax.naming.InvalidNameException)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SimpleDateFormat(java.text.SimpleDateFormat)
DateFormat(java.text.DateFormat)
SimpleDateFormat(java.text.SimpleDateFormat)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 20 with PagedResultsResponseControl
use of javax.naming.ldap.PagedResultsResponseControl in project keycloak by keycloak.
the class LDAPOperationManager method searchPaginated.
public List<SearchResult> searchPaginated(final String baseDN, final String filter, final LDAPQuery identityQuery) throws NamingException {
final List<SearchResult> result = new ArrayList<SearchResult>();
final SearchControls cons = getSearchControls(identityQuery.getReturningLdapAttributes(), identityQuery.getSearchScope());
// Very 1st page. Pagination context is not yet present
if (identityQuery.getPaginationContext() == null) {
identityQuery.initPagination();
}
try {
return execute(new LdapOperation<List<SearchResult>>() {
@Override
public List<SearchResult> execute(LdapContext context) throws NamingException {
try {
byte[] cookie = identityQuery.getPaginationContext().getCookie();
PagedResultsControl pagedControls = new PagedResultsControl(identityQuery.getLimit(), cookie, Control.CRITICAL);
context.setRequestControls(new Control[] { pagedControls });
NamingEnumeration<SearchResult> search = context.search(new LdapName(baseDN), filter, cons);
while (search.hasMoreElements()) {
result.add(search.nextElement());
}
search.close();
Control[] responseControls = context.getResponseControls();
if (responseControls != null) {
for (Control respControl : responseControls) {
if (respControl instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) respControl;
cookie = prrc.getCookie();
identityQuery.getPaginationContext().setCookie(cookie);
}
}
} else {
/*
* This ensures that PaginationContext#hasNextPage() will return false if we don't get ResponseControls back
* from the LDAP query response. This helps to avoid an infinite loop in org.keycloak.storage.ldap.LDAPUtils.loadAllLDAPObjects
* See KEYCLOAK-19036
*/
identityQuery.getPaginationContext().setCookie(null);
logger.warnf("Did not receive response controls for paginated query using DN [%s], filter [%s]. Did you hit a query result size limit?", baseDN, filter);
}
return result;
} catch (IOException ioe) {
logger.errorf(ioe, "Could not query server with paginated query using DN [%s], filter [%s]", baseDN, filter);
throw new NamingException(ioe.getMessage());
}
}
@Override
public String toString() {
return new StringBuilder("LdapOperation: searchPaginated\n").append(" baseDn: ").append(baseDN).append("\n").append(" filter: ").append(filter).append("\n").append(" searchScope: ").append(identityQuery.getSearchScope()).append("\n").append(" returningAttrs: ").append(identityQuery.getReturningLdapAttributes()).append("\n").append(" limit: ").append(identityQuery.getLimit()).append("\n").append(" resultSize: ").append(result.size()).toString();
}
}, identityQuery.getPaginationContext().getLdapContext(), null);
} catch (NamingException e) {
logger.errorf(e, "Could not query server using DN [%s] and filter [%s]", baseDN, filter);
throw e;
}
}
Also used :
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
ArrayList(java.util.ArrayList)
SearchResult(javax.naming.directory.SearchResult)
NamingEnumeration(javax.naming.NamingEnumeration)
IOException(java.io.IOException)
LdapName(javax.naming.ldap.LdapName)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchControls(javax.naming.directory.SearchControls)
ArrayList(java.util.ArrayList)
List(java.util.List)
NamingException(javax.naming.NamingException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Aggregations
Control (javax.naming.ldap.Control)23
PagedResultsControl (javax.naming.ldap.PagedResultsControl)23
PagedResultsResponseControl (javax.naming.ldap.PagedResultsResponseControl)23
SearchResult (javax.naming.directory.SearchResult)19
Attribute (javax.naming.directory.Attribute)10
NamingException (javax.naming.NamingException)9
InvalidNameException (javax.naming.InvalidNameException)8
ArrayList (java.util.ArrayList)7
HashSet (java.util.HashSet)7
SearchControls (javax.naming.directory.SearchControls)7
Attributes (javax.naming.directory.Attributes)6
DateFormat (java.text.DateFormat)4
SimpleDateFormat (java.text.SimpleDateFormat)4
Date (java.util.Date)4
HashMap (java.util.HashMap)4
LdapContext (javax.naming.ldap.LdapContext)4
SortControl (javax.naming.ldap.SortControl)4
IOException (java.io.IOException)3
NoSuchElementException (java.util.NoSuchElementException)3
Map (java.util.Map)2
