Example 1 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class OktaInsert method oktaGroup2Ldap.
private void oktaGroup2Ldap(Filter filter, ArrayList<Entry> ret, Group fromOkta, LDAPEntry entry) throws UnsupportedEncodingException {
entry.getAttributeSet().add(new LDAPAttribute("name", fromOkta.getProfile().getName()));
String description = fromOkta.getProfile().getDescription();
if (description != null) {
entry.getAttributeSet().add(new LDAPAttribute("description", description));
}
entry.getAttributeSet().add(new LDAPAttribute("objectClass", this.objectClass));
LDAPAttribute members = new LDAPAttribute("member");
UserList users = fromOkta.listUsers();
for (User user : users) {
members.addValue(user.getProfile().getLogin().getBytes("UTF-8"));
}
if (members.size() > 0) {
entry.getAttributeSet().add(members);
}
if (filter.getRoot().checkEntry(entry)) {
ret.add(new Entry(entry));
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
User(com.okta.sdk.resource.user.User)
UserList(com.okta.sdk.resource.user.UserList)
Example 2 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class OktaInsert method loadUserFromOkta.
private void loadUserFromOkta(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OktaTarget os, String name, String entryDN, boolean b) throws LDAPException {
Client okta = os.getOkta();
User fromOkta = null;
try {
fromOkta = okta.getUser(name);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
} else {
throw new LDAPException("Could not load user", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
LDAPEntry ldapUser = createLdapUser(entryDN, fromOkta);
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(ldapUser));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
LDAPEntry(com.novell.ldap.LDAPEntry)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
User(com.okta.sdk.resource.user.User)
LDAPException(com.novell.ldap.LDAPException)
ArrayList(java.util.ArrayList)
ResourceException(com.okta.sdk.resource.ResourceException)
AuthenticationClient(com.okta.authn.sdk.client.AuthenticationClient)
Client(com.okta.sdk.client.Client)
Example 3 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, base.getDN().toString(), true);
return;
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
String name = userFromFilter(filter.getRoot());
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, new StringBuilder().append("uid=").append(name).append(",").append(base.getDN().toString()).toString(), false);
return;
}
} else {
// only subtree left
if (logger.isDebugEnabled()) {
logger.debug("orirignal filter : '" + filter.getRoot().toString() + "'");
}
String name = userFromFilter(filter.getRoot());
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(), false);
return;
}
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
RDN(com.novell.ldap.util.RDN)
Example 4 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method loadUserFromK8sCrd.
private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
if (logger.isDebugEnabled()) {
logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
if (logger.isDebugEnabled()) {
logger.debug("Can't find '" + name + "'");
}
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
if (k8sUser.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : k8sUser.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
UserData(com.tremolosecurity.myvd.dataObj.UserData)
ArrayList(java.util.ArrayList)
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LDAPException(com.novell.ldap.LDAPException)
Example 5 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AmazonDynamoDB method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addUser = false;
boolean addGroups = false;
boolean searchUsers = false;
boolean searchGroups = false;
Filter filterToUser = null;
Iterator<Item> userResults = null;
Iterator<Item> groupResults = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
if (scope.getValue() == 0) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
} else if (base.getDN().equals(this.userDN)) {
addUser = true;
} else if (base.getDN().equals(this.groupDN)) {
addGroups = true;
} else if (base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else {
throw new LDAPException("Object not found", LDAPException.NO_SUCH_OBJECT, base.getDN().toString());
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
addUser = true;
addGroups = true;
} else if (base.getDN().equals(userDN)) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN)) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
} else if (scope.getValue() == 2) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
addUser = true;
addGroups = true;
searchUsers = true;
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(userDN) || base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN) || base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
}
ArrayList<Entry> baseEntries = new ArrayList<Entry>();
if (addBase) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
}
if (addUser) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.userDN)));
}
if (addGroups) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.groupDN)));
}
}
Also used :
Item(com.amazonaws.services.simpledb.model.Item)
Entry(net.sourceforge.myvd.types.Entry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
Aggregations
Entry (net.sourceforge.myvd.types.Entry)16
LDAPEntry (com.novell.ldap.LDAPEntry)14
ArrayList (java.util.ArrayList)12
LDAPException (com.novell.ldap.LDAPException)11
LDAPAttribute (com.novell.ldap.LDAPAttribute)8
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)8
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)6
Filter (net.sourceforge.myvd.types.Filter)5
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)3
RDN (com.novell.ldap.util.RDN)3
User (com.okta.sdk.resource.user.User)3
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)3
FilterNode (net.sourceforge.myvd.types.FilterNode)3
Item (com.amazonaws.services.simpledb.model.Item)2
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)2
Client (com.okta.sdk.client.Client)2
ResourceException (com.okta.sdk.resource.ResourceException)2
UserList (com.okta.sdk.resource.user.UserList)2
K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)2
