Search in sources :

Example 1 with SearchRequestImpl

use of org.apache.directory.api.ldap.model.message.SearchRequestImpl in project jackrabbit-oak by apache.

the class LdapIdentityProvider method getDeclaredGroupRefs.

//-----------------------------------------------------------< internal >---
/**
     * Collects the declared (direct) groups of an identity
     * @param ref reference to the identity
     * @return map of identities where the key is the DN of the LDAP entity
     */
Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
    if (!isMyRef(ref)) {
        return Collections.emptyMap();
    }
    String searchFilter = config.getMemberOfSearchFilter(ref.getId());
    LdapConnection connection = null;
    SearchCursor searchCursor = null;
    try {
        // Create the SearchRequest object
        SearchRequest req = new SearchRequestImpl();
        req.setScope(SearchScope.SUBTREE);
        String idAttribute = config.getGroupConfig().getIdAttribute();
        req.addAttributes(idAttribute == null ? SchemaConstants.NO_ATTRIBUTE : idAttribute);
        req.setTimeLimit((int) config.getSearchTimeout());
        req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
        req.setFilter(searchFilter);
        if (log.isDebugEnabled()) {
            log.debug("getDeclaredGroupRefs: using SearchRequest {}.", req);
        }
        Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>();
        DebugTimer timer = new DebugTimer();
        connection = connect();
        timer.mark("connect");
        searchCursor = connection.search(req);
        timer.mark("search");
        while (searchCursor.next()) {
            Response response = searchCursor.get();
            if (response instanceof SearchResultEntry) {
                Entry resultEntry = ((SearchResultEntry) response).getEntry();
                ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
                groups.put(groupRef.getId(), groupRef);
            }
        }
        timer.mark("iterate");
        if (log.isDebugEnabled()) {
            log.debug("getDeclaredGroupRefs: search below {} with {} found {} entries. {}", config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString());
        }
        return groups;
    } catch (Exception e) {
        log.error("Error during ldap membership search.", e);
        throw new ExternalIdentityException("Error during ldap membership search.", e);
    } finally {
        if (searchCursor != null) {
            try {
                searchCursor.close();
            } catch (IOException e) {
                log.warn("Failed to close search cursor.", e);
            }
        }
        disconnect(connection);
    }
}
Also used : SearchRequest(org.apache.directory.api.ldap.model.message.SearchRequest) HashMap(java.util.HashMap) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) SearchRequestImpl(org.apache.directory.api.ldap.model.message.SearchRequestImpl) Dn(org.apache.directory.api.ldap.model.name.Dn) IOException(java.io.IOException) LoginException(javax.security.auth.login.LoginException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NoSuchElementException(java.util.NoSuchElementException) IOException(java.io.IOException) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer) Response(org.apache.directory.api.ldap.model.message.Response) Entry(org.apache.directory.api.ldap.model.entry.Entry) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry)

Example 2 with SearchRequestImpl

use of org.apache.directory.api.ldap.model.message.SearchRequestImpl in project midpoint by Evolveum.

the class AbstractLdapTest method ldapSearch.

protected List<Entry> ldapSearch(LdapNetworkConnection connection, String baseDn, String filter, SearchScope scope, String... attributes) throws LdapException, CursorException {
    LOGGER.trace("LDAP search base={}, filter={}, scope={}, attributes={}", new Object[] { baseDn, filter, scope, attributes });
    SearchRequest searchRequest = new SearchRequestImpl();
    searchRequest.setBase(new Dn(baseDn));
    searchRequest.setFilter(filter);
    searchRequest.setScope(scope);
    searchRequest.addAttributes(attributes);
    searchRequest.ignoreReferrals();
    List<Entry> entries = new ArrayList<Entry>();
    try {
        SearchCursor searchCursor = connection.search(searchRequest);
        while (searchCursor.next()) {
            Response response = searchCursor.get();
            if (response instanceof SearchResultEntry) {
                Entry entry = ((SearchResultEntry) response).getEntry();
                entries.add(entry);
            }
        }
        searchCursor.close();
    } catch (IOException e) {
        throw new IllegalStateException("IO Error: " + e.getMessage(), e);
    } catch (CursorLdapReferralException e) {
        throw new IllegalStateException("Got referral to: " + e.getReferralInfo(), e);
    }
    return entries;
}
Also used : Response(org.apache.directory.api.ldap.model.message.Response) BindResponse(org.apache.directory.api.ldap.model.message.BindResponse) SearchRequest(org.apache.directory.api.ldap.model.message.SearchRequest) Entry(org.apache.directory.api.ldap.model.entry.Entry) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry) ArrayList(java.util.ArrayList) CursorLdapReferralException(org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException) SearchRequestImpl(org.apache.directory.api.ldap.model.message.SearchRequestImpl) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) Dn(org.apache.directory.api.ldap.model.name.Dn) IOException(java.io.IOException) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry)

Example 3 with SearchRequestImpl

use of org.apache.directory.api.ldap.model.message.SearchRequestImpl in project jackrabbit-oak by apache.

the class LdapIdentityProvider method getEntry.

@CheckForNull
private Entry getEntry(@Nonnull LdapConnection connection, @Nonnull LdapProviderConfig.Identity idConfig, @Nonnull String id, @Nonnull String[] customAttributes) throws CursorException, LdapException {
    String searchFilter = idConfig.getSearchFilter(id);
    // Create the SearchRequest object
    SearchRequest req = new SearchRequestImpl();
    req.setScope(SearchScope.SUBTREE);
    if (customAttributes.length == 0) {
        req.addAttributes(SchemaConstants.ALL_USER_ATTRIBUTES);
    } else {
        req.addAttributes(customAttributes);
    }
    req.setTimeLimit((int) config.getSearchTimeout());
    req.setBase(new Dn(idConfig.getBaseDN()));
    req.setFilter(searchFilter);
    if (log.isDebugEnabled()) {
        log.debug("getEntry: using SearchRequest {}.", req);
    }
    // Process the request
    SearchCursor searchCursor = null;
    Entry resultEntry = null;
    try {
        searchCursor = connection.search(req);
        while (searchCursor.next()) {
            if (resultEntry != null) {
                log.warn("search for {} returned more than one entry. discarding additional ones.", searchFilter);
            } else {
                // process the SearchResultEntry
                Response response = searchCursor.get();
                if (response instanceof SearchResultEntry) {
                    resultEntry = ((SearchResultEntry) response).getEntry();
                }
            }
        }
    } finally {
        if (searchCursor != null) {
            try {
                searchCursor.close();
            } catch (IOException e) {
                log.warn("Failed to close search cursor.", e);
            }
        }
    }
    if (log.isDebugEnabled()) {
        if (resultEntry == null) {
            log.debug("getEntry: search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter);
        } else {
            log.debug("getEntry: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
        }
    }
    return resultEntry;
}
Also used : Response(org.apache.directory.api.ldap.model.message.Response) SearchRequest(org.apache.directory.api.ldap.model.message.SearchRequest) Entry(org.apache.directory.api.ldap.model.entry.Entry) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) SearchRequestImpl(org.apache.directory.api.ldap.model.message.SearchRequestImpl) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) Dn(org.apache.directory.api.ldap.model.name.Dn) IOException(java.io.IOException) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) CheckForNull(javax.annotation.CheckForNull)

Aggregations

IOException (java.io.IOException)3 SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)3 Entry (org.apache.directory.api.ldap.model.entry.Entry)3 Response (org.apache.directory.api.ldap.model.message.Response)3 SearchRequest (org.apache.directory.api.ldap.model.message.SearchRequest)3 SearchRequestImpl (org.apache.directory.api.ldap.model.message.SearchRequestImpl)3 SearchResultEntry (org.apache.directory.api.ldap.model.message.SearchResultEntry)3 Dn (org.apache.directory.api.ldap.model.name.Dn)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 NoSuchElementException (java.util.NoSuchElementException)1 CheckForNull (javax.annotation.CheckForNull)1 LoginException (javax.security.auth.login.LoginException)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1 CursorLdapReferralException (org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException)1 DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)1 LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)1 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)1