Example 1 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class OktaInsert method loadUserFromOkta.
private void loadUserFromOkta(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OktaTarget os, String name, String entryDN, boolean b) throws LDAPException {
Client okta = os.getOkta();
User fromOkta = null;
try {
fromOkta = okta.getUser(name);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
} else {
throw new LDAPException("Could not load user", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
LDAPEntry ldapUser = createLdapUser(entryDN, fromOkta);
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(ldapUser));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
LDAPEntry(com.novell.ldap.LDAPEntry)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
User(com.okta.sdk.resource.user.User)
LDAPException(com.novell.ldap.LDAPException)
ArrayList(java.util.ArrayList)
ResourceException(com.okta.sdk.resource.ResourceException)
AuthenticationClient(com.okta.authn.sdk.client.AuthenticationClient)
Client(com.okta.sdk.client.Client)
Example 2 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, base.getDN().toString(), true);
return;
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
String name = userFromFilter(filter.getRoot());
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, new StringBuilder().append("uid=").append(name).append(",").append(base.getDN().toString()).toString(), false);
return;
}
} else {
// only subtree left
if (logger.isDebugEnabled()) {
logger.debug("orirignal filter : '" + filter.getRoot().toString() + "'");
}
String name = userFromFilter(filter.getRoot());
loadUserFromK8sCrd(chain, base, scope, filter, attributes, typesOnly, results, constraints, k8s, name, new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(), false);
return;
}
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
RDN(com.novell.ldap.util.RDN)
Example 3 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method loadUserFromK8sCrd.
private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
if (logger.isDebugEnabled()) {
logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
if (logger.isDebugEnabled()) {
logger.debug("Can't find '" + name + "'");
}
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
if (k8sUser.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : k8sUser.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
UserData(com.tremolosecurity.myvd.dataObj.UserData)
ArrayList(java.util.ArrayList)
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LDAPException(com.novell.ldap.LDAPException)
Example 4 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class AdminInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
Entry luserEntry = new Entry(new LDAPEntry(userEntry.getDN(), (LDAPAttributeSet) userEntry.getAttributeSet().clone()));
Entry lrootEntry = new Entry(new LDAPEntry(userEntry.getDN(), (LDAPAttributeSet) userEntry.getAttributeSet().clone()));
ArrayList<Entry> res = new ArrayList<Entry>();
if (scope.getValue() == 0) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(rootEntry)) {
res.add(lrootEntry);
}
if (base.getDN().toString().equalsIgnoreCase(userEntry.getDN()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
} else if (scope.getValue() == 1) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
} else if (scope.getValue() == 2) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(rootEntry)) {
res.add(lrootEntry);
}
if (userEntry.getDN().toLowerCase().endsWith(base.getDN().toString().toLowerCase()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
}
chain.addResult(results, new IteratorEntrySet(res.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
Example 5 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class OpenUnisonRestful method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
String localBindDN = this.getRemoteMappedDN(base.getDN()).toString();
HttpCon con;
try {
con = this.createClient();
} catch (Exception e) {
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Could not create connection", e);
}
try {
String searchScope;
switch(scope.getValue()) {
case 0:
searchScope = "base";
break;
case 1:
searchScope = "one";
break;
case 2:
searchScope = "sub";
break;
default:
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Unknown search scope : " + scope.getValue());
}
StringBuffer b = new StringBuffer();
b.append(this.uriPath).append('/').append(URLEncoder.encode(localBindDN, "UTF-8")).append('/').append(URLEncoder.encode(searchScope, "UTF-8"));
StringBuffer urlBuffer = new StringBuffer();
urlBuffer.append(this.urlBase).append(b);
urlBuffer.append("?filter=").append(URLEncoder.encode(filter.getRoot().toString(), "UTF-8"));
for (Attribute attribute : attributes) {
urlBuffer.append("&attributes=").append(URLEncoder.encode(attribute.getAttribute().getName(), "UTF-8"));
}
HttpGet get = new HttpGet(urlBuffer.toString());
this.addAuthorizationHeader(b.toString(), get);
HttpResponse resp = con.getHttp().execute(get);
String json = EntityUtils.toString(resp.getEntity());
if (resp.getStatusLine().getStatusCode() == 200) {
ArrayList<Entry> toReturn = new ArrayList<Entry>();
Type listType = new TypeToken<List<LdapJsonEntry>>() {
}.getType();
List<LdapJsonEntry> returned = gson.fromJson(json, listType);
for (LdapJsonEntry fromServer : returned) {
LDAPAttributeSet attrs = new LDAPAttributeSet();
for (String attrName : fromServer.getAttrs().keySet()) {
LDAPAttribute attr = new LDAPAttribute(attrName);
for (String value : fromServer.getAttrs().get(attrName)) {
attr.addValue(value);
}
attrs.add(attr);
}
LDAPEntry ldapEntry = new LDAPEntry(this.getLocalMappedDN(new DN(fromServer.getDn())).toString(), attrs);
toReturn.add(new Entry(ldapEntry));
}
chain.addResult(results, new IteratorEntrySet(toReturn.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} else {
LdapJsonError ldapResponse = gson.fromJson(json, LdapJsonError.class);
throw new LDAPException(LDAPException.resultCodeToString(ldapResponse.getResponseCode()), ldapResponse.getResponseCode(), ldapResponse.getErrorMessage());
}
} catch (LDAPException e) {
throw e;
} catch (Exception e) {
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Could not create connection", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
// no point
}
con.getBcm().close();
}
}
}
Also used :
HttpGet(org.apache.http.client.methods.HttpGet)
ArrayList(java.util.ArrayList)
LdapJsonEntry(com.tremolosecurity.ldapJson.LdapJsonEntry)
HttpResponse(org.apache.http.HttpResponse)
DN(com.novell.ldap.util.DN)
IOException(java.io.IOException)
IOException(java.io.IOException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
LdapJsonEntry(com.tremolosecurity.ldapJson.LdapJsonEntry)
ContentType(org.apache.http.entity.ContentType)
Type(java.lang.reflect.Type)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LdapJsonError(com.tremolosecurity.ldapJson.LdapJsonError)
ArrayList(java.util.ArrayList)
List(java.util.List)
Aggregations
ArrayList (java.util.ArrayList)9
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)9
LDAPEntry (com.novell.ldap.LDAPEntry)8
Entry (net.sourceforge.myvd.types.Entry)8
LDAPException (com.novell.ldap.LDAPException)7
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
RDN (com.novell.ldap.util.RDN)3
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3
DN (com.novell.ldap.util.DN)2
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)2
Client (com.okta.sdk.client.Client)2
ResourceException (com.okta.sdk.resource.ResourceException)2
User (com.okta.sdk.resource.user.User)2
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)2
HashSet (java.util.HashSet)2
Filter (net.sourceforge.myvd.types.Filter)2
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)1
Group (com.okta.sdk.resource.group.Group)1
GroupList (com.okta.sdk.resource.group.GroupList)1
