Example 6 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class MongoInsert method search.
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addCollection = false;
boolean oneEntry = false;
boolean listCollections = false;
boolean searchUsers = false;
Bson mongoFilter = null;
Filter filterToUser = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
String localBase = this.getLocalBase(base.getDN().toString());
String collectionName = this.getCollection(localBase);
Attribute rdn = null;
if (!localBase.isEmpty()) {
rdn = this.getRDN(localBase);
}
if (scope.getValue() == 0) {
if (localBase.isEmpty()) {
addBase = true;
} else if (rdn == null) {
addCollection = true;
} else {
oneEntry = true;
}
} else if (scope.getValue() == 1) {
addBase = false;
if (localBase.isEmpty()) {
listCollections = true;
} else {
searchUsers = true;
}
} else {
// scope == 2
addBase = true;
if (localBase.isEmpty()) {
listCollections = true;
}
searchUsers = true;
}
// create results
ArrayList<Entry> res = new ArrayList<Entry>();
StringBuffer b = new StringBuffer();
if (addBase) {
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(this.nameSpace.getBase().getDN().toString()))), filter, res);
}
if (listCollections) {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
}
}
if (addCollection) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
}
if (oneEntry) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
// first see if we get results with the filter
ArrayList<FilterNode> children = new ArrayList<FilterNode>();
children.add(new FilterNode(FilterType.EQUALS, rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
children.add(filterToUser.getRoot());
FilterNode and = new FilterNode(FilterType.AND, children);
mongoFilter = this.convertFilterToMongo(and);
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
if (searchRes == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
Document doc = searchRes.first();
if (doc == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes.first() == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
res.add(createEntry(doc, collectionName));
}
}
}
if (searchUsers) {
mongoFilter = this.convertFilterToMongo(filter.getRoot());
if (collectionName != null) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, collectionName));
}
} else {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(ou).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, ou));
}
}
}
}
chain.addResult(results, new IteratorEntrySet(res.iterator()), base, scope, filterToUser, attributes, typesOnly, constraints);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
DN(com.novell.ldap.util.DN)
Document(org.bson.Document)
Bson(org.bson.conversions.Bson)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
Example 7 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class OpenShiftInsert method loadUserFromOpenShift.
private void loadUserFromOpenShift(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
User user;
try {
HashSet<String> toFind = new HashSet<String>();
toFind.add("fullName");
user = k8s.findUser(name, toFind, new HashMap<String, Object>());
} catch (ProvisioningException e1) {
throw new LDAPException("Could not load user", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e1);
}
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
if (user == null) {
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", user.getUserID()));
if (user.getAttribs().get("fullName") != null) {
ldapUser.getAttributeSet().add(new LDAPAttribute("fullName", user.getAttribs().get("fullName").getValues().get(0)));
}
if (user.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : user.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HashSet(java.util.HashSet)
Example 8 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class OpenShiftInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OpenShiftTarget os = null;
try {
os = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.osTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, base.getDN().toString(), true);
return;
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
String name = userFromFilter(filter.getRoot());
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, new StringBuilder().append("uid=").append(name).append(",").append(base.getDN().toString()).toString(), false);
return;
}
} else {
// only subtree left
String name = userFromFilter(filter.getRoot());
loadUserFromOpenShift(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(), false);
return;
}
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
RDN(com.novell.ldap.util.RDN)
Example 9 with IteratorEntrySet
use of net.sourceforge.myvd.util.IteratorEntrySet in project OpenUnison by TremoloSecurity.
the class OktaInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OktaTarget os = null;
try {
os = (OktaTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.target).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
if (this.users) {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, base.getDN().toString(), true);
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
Client okta = os.getOkta();
GroupList groupList = null;
Group fromOkta = null;
try {
ArrayList<Entry> ret = new ArrayList<Entry>();
loadGroupFromOkta(base, filter, name, okta, ret);
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
throw new LDAPException("group not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
} else {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
} catch (IllegalStateException e) {
throw new LDAPException("group not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
}
return;
}
} else /*else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
if (this.users) {
String name = userFromFilter(filter.getRoot());
loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name,new StringBuilder().append("login=").append(name).append(",").append(base.getDN().toString()).toString(),false);
}
return;
}
}*/
{
// only subtree left
// String name = userFromFilter(filter.getRoot());
// loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name,new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(),false);
Client okta = os.getOkta();
Filter newFilter = new Filter(filter.getRoot().toString());
String finalOktaFilter = null;
if (this.cleanFilter(newFilter.getRoot())) {
StringBuffer filterForOkta = new StringBuffer();
this.stringFilter(newFilter.getRoot(), filterForOkta);
finalOktaFilter = filterForOkta.toString();
}
if (logger.isDebugEnabled()) {
logger.debug(newFilter.getRoot().toString());
}
if (this.users) {
UserList usersFromOkta = okta.listUsers(null, finalOktaFilter, null, null, null);
StringBuilder sb = new StringBuilder();
ArrayList<Entry> ret = new ArrayList<Entry>();
for (User user : usersFromOkta) {
if (logger.isDebugEnabled()) {
logger.debug(user);
}
sb.setLength(0);
sb.append("login=").append(user.getProfile().getLogin().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry ldapUser = createLdapUser(sb.toString(), user);
if (filter.getRoot().checkEntry(ldapUser)) {
ret.add(new Entry(ldapUser));
}
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} else {
HashSet<String> groupsToLookup = new HashSet<String>();
HashSet<String> usersToLookup = new HashSet<String>();
loadGroups(filter.getRoot(), groupsToLookup, usersToLookup);
StringBuilder sb = new StringBuilder();
HashSet<String> processedGroups = new HashSet<String>();
ArrayList<Entry> ret = new ArrayList<Entry>();
if (usersToLookup.size() > 0) {
sb.setLength(0);
for (String username : usersToLookup) {
sb.append("profile.login eq \"").append(username).append("\" or ");
}
String searchFilter = sb.toString();
searchFilter = searchFilter.substring(0, searchFilter.length() - 3);
UserList users = okta.listUsers(null, searchFilter, null, null, null);
for (User fromOkta : users) {
GroupList memberships = fromOkta.listGroups();
for (Group groupFromOkta : memberships) {
if (!processedGroups.contains(groupFromOkta.getProfile().getName())) {
try {
processedGroups.add(groupFromOkta.getProfile().getName());
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (IllegalStateException e) {
// no nothing
}
}
}
}
}
if (groupsToLookup.size() > 0) {
for (String group : groupsToLookup) {
if (!processedGroups.contains(group)) {
GroupList groups = okta.listGroups(group, null, null);
processedGroups.add(group);
try {
Group groupFromOkta = groups.single();
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (IllegalStateException e) {
// no nothing
}
}
}
}
if (usersToLookup.size() == 0 && groupsToLookup.size() == 0) {
GroupList groups = okta.listGroups();
try {
for (Group groupFromOkta : groups) {
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
} catch (IllegalStateException e) {
// no nothing
}
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
return;
}
}
Also used :
Group(com.okta.sdk.resource.group.Group)
User(com.okta.sdk.resource.user.User)
ArrayList(java.util.ArrayList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
GroupList(com.okta.sdk.resource.group.GroupList)
Filter(net.sourceforge.myvd.types.Filter)
OktaTarget(com.tremolosecurity.unison.okta.provisioning.OktaTarget)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ResourceException(com.okta.sdk.resource.ResourceException)
AuthenticationClient(com.okta.authn.sdk.client.AuthenticationClient)
Client(com.okta.sdk.client.Client)
RDN(com.novell.ldap.util.RDN)
UserList(com.okta.sdk.resource.user.UserList)
HashSet(java.util.HashSet)
Aggregations
ArrayList (java.util.ArrayList)9
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)9
LDAPEntry (com.novell.ldap.LDAPEntry)8
Entry (net.sourceforge.myvd.types.Entry)8
LDAPException (com.novell.ldap.LDAPException)7
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
RDN (com.novell.ldap.util.RDN)3
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3
DN (com.novell.ldap.util.DN)2
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)2
Client (com.okta.sdk.client.Client)2
ResourceException (com.okta.sdk.resource.ResourceException)2
User (com.okta.sdk.resource.user.User)2
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)2
HashSet (java.util.HashSet)2
Filter (net.sourceforge.myvd.types.Filter)2
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)1
Group (com.okta.sdk.resource.group.Group)1
GroupList (com.okta.sdk.resource.group.GroupList)1
