Example 11 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class MongoInsert method search.
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addCollection = false;
boolean oneEntry = false;
boolean listCollections = false;
boolean searchUsers = false;
Bson mongoFilter = null;
Filter filterToUser = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
String localBase = this.getLocalBase(base.getDN().toString());
String collectionName = this.getCollection(localBase);
Attribute rdn = null;
if (!localBase.isEmpty()) {
rdn = this.getRDN(localBase);
}
if (scope.getValue() == 0) {
if (localBase.isEmpty()) {
addBase = true;
} else if (rdn == null) {
addCollection = true;
} else {
oneEntry = true;
}
} else if (scope.getValue() == 1) {
addBase = false;
if (localBase.isEmpty()) {
listCollections = true;
} else {
searchUsers = true;
}
} else {
// scope == 2
addBase = true;
if (localBase.isEmpty()) {
listCollections = true;
}
searchUsers = true;
}
// create results
ArrayList<Entry> res = new ArrayList<Entry>();
StringBuffer b = new StringBuffer();
if (addBase) {
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(this.nameSpace.getBase().getDN().toString()))), filter, res);
}
if (listCollections) {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
}
}
if (addCollection) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
}
if (oneEntry) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
// first see if we get results with the filter
ArrayList<FilterNode> children = new ArrayList<FilterNode>();
children.add(new FilterNode(FilterType.EQUALS, rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
children.add(filterToUser.getRoot());
FilterNode and = new FilterNode(FilterType.AND, children);
mongoFilter = this.convertFilterToMongo(and);
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
if (searchRes == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
Document doc = searchRes.first();
if (doc == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes.first() == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
res.add(createEntry(doc, collectionName));
}
}
}
if (searchUsers) {
mongoFilter = this.convertFilterToMongo(filter.getRoot());
if (collectionName != null) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, collectionName));
}
} else {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(ou).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, ou));
}
}
}
}
chain.addResult(results, new IteratorEntrySet(res.iterator()), base, scope, filterToUser, attributes, typesOnly, constraints);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
DN(com.novell.ldap.util.DN)
Document(org.bson.Document)
Bson(org.bson.conversions.Bson)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
Example 12 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class MongoInsert method createEntry.
private Entry createEntry(Document doc, String collectionName) {
LDAPAttributeSet attrs = new LDAPAttributeSet();
for (String key : doc.keySet()) {
if (!key.equalsIgnoreCase(UNISON_RDN_ATTRIBUTE_NAME)) {
Object o = doc.get(key);
if (o instanceof List) {
List l = (List) o;
LDAPAttribute attr = new LDAPAttribute(key);
for (Object ox : l) {
attr.addValue(ox.toString());
}
attrs.add(attr);
} else {
attrs.add(new LDAPAttribute(key, o.toString()));
}
}
}
StringBuffer b = new StringBuffer();
b.append(doc.getString(UNISON_RDN_ATTRIBUTE_NAME)).append('=').append(doc.getString(doc.getString(UNISON_RDN_ATTRIBUTE_NAME))).append(",ou=").append(collectionName).append(',').append(this.nameSpace.getBase().getDN().toString());
return new Entry(new LDAPEntry(b.toString(), attrs));
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 13 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(userID);
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
return null;
} else {
User user = new User(userID);
if (attributes.contains("sub")) {
user.getAttribs().put("sub", new Attribute("sub", k8sUser.getSub()));
}
if (attributes.contains("first_name")) {
user.getAttribs().put("first_name", new Attribute("first_name", k8sUser.getFirstName()));
}
if (attributes.contains("last_name")) {
user.getAttribs().put("last_name", new Attribute("last_name", k8sUser.getLastName()));
}
if (attributes.contains("email")) {
user.getAttribs().put("email", new Attribute("email", k8sUser.getEmail()));
}
if (attributes.contains("uid")) {
user.getAttribs().put("uid", new Attribute("uid", k8sUser.getUid()));
}
if (k8sUser.getGroups().size() > 0) {
for (String group : k8sUser.getGroups()) {
user.getGroups().add(group);
}
}
return user;
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
Also used :
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
User(com.tremolosecurity.provisioning.core.User)
UserData(com.tremolosecurity.myvd.dataObj.UserData)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 14 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class OpenShiftInsert method loadUserFromOpenShift.
private void loadUserFromOpenShift(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
User user;
try {
HashSet<String> toFind = new HashSet<String>();
toFind.add("fullName");
user = k8s.findUser(name, toFind, new HashMap<String, Object>());
} catch (ProvisioningException e1) {
throw new LDAPException("Could not load user", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e1);
}
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
if (user == null) {
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", user.getUserID()));
if (user.getAttribs().get("fullName") != null) {
ldapUser.getAttributeSet().add(new LDAPAttribute("fullName", user.getAttribs().get("fullName").getValues().get(0)));
}
if (user.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : user.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HashSet(java.util.HashSet)
Example 15 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class OpenShiftInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OpenShiftTarget os = null;
try {
os = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.osTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, base.getDN().toString(), true);
return;
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
String name = userFromFilter(filter.getRoot());
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, new StringBuilder().append("uid=").append(name).append(",").append(base.getDN().toString()).toString(), false);
return;
}
} else {
// only subtree left
String name = userFromFilter(filter.getRoot());
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(), false);
return;
}
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
RDN(com.novell.ldap.util.RDN)
Aggregations
Entry (net.sourceforge.myvd.types.Entry)16
LDAPEntry (com.novell.ldap.LDAPEntry)14
ArrayList (java.util.ArrayList)12
LDAPException (com.novell.ldap.LDAPException)11
LDAPAttribute (com.novell.ldap.LDAPAttribute)8
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)8
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)6
Filter (net.sourceforge.myvd.types.Filter)5
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)3
RDN (com.novell.ldap.util.RDN)3
User (com.okta.sdk.resource.user.User)3
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)3
FilterNode (net.sourceforge.myvd.types.FilterNode)3
Item (com.amazonaws.services.simpledb.model.Item)2
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)2
Client (com.okta.sdk.client.Client)2
ResourceException (com.okta.sdk.resource.ResourceException)2
UserList (com.okta.sdk.resource.user.UserList)2
K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)2
