use of org.ldaptive.LdapAttribute in project cas by apereo.
the class DefaultLdapRegisteredServiceMapper method mapFromRegisteredService.
@Override
@SneakyThrows
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {
if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
svc.setId(System.currentTimeMillis());
}
final String newDn = getDnForRegisteredService(dn, svc);
LOGGER.debug("Creating entry DN [{}]", newDn);
final Collection<LdapAttribute> attrs = new ArrayList<>();
attrs.add(new LdapAttribute(ldap.getIdAttribute(), String.valueOf(svc.getId())));
try (StringWriter writer = new StringWriter()) {
this.jsonSerializer.to(writer, svc);
attrs.add(new LdapAttribute(ldap.getServiceDefinitionAttribute(), writer.toString()));
attrs.add(new LdapAttribute(LdapUtils.OBJECT_CLASS_ATTRIBUTE, "top", ldap.getObjectClass()));
}
LOGGER.debug("LDAP attributes assigned to the DN [{}] are [{}]", newDn, attrs);
final LdapEntry entry = new LdapEntry(newDn, attrs);
LOGGER.debug("Created LDAP entry [{}]", entry);
return entry;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapAuthenticationHandler method getLdapPrincipalIdentifier.
/**
* Gets ldap principal identifier. If the principal id attribute is defined, it's retrieved.
* If no attribute value is found, a warning is generated and the provided username is used instead.
* If no attribute is defined, username is used instead.
*
* @param username the username
* @param ldapEntry the ldap entry
* @return the ldap principal identifier
* @throws LoginException in case the principal id cannot be determined.
*/
protected String getLdapPrincipalIdentifier(final String username, final LdapEntry ldapEntry) throws LoginException {
if (StringUtils.isNotBlank(this.principalIdAttribute)) {
final LdapAttribute principalAttr = ldapEntry.getAttribute(this.principalIdAttribute);
if (principalAttr == null || principalAttr.size() == 0) {
if (this.allowMissingPrincipalAttributeValue) {
LOGGER.warn("The principal id attribute [{}] is not found. CAS cannot construct the final authenticated principal " + "if it's unable to locate the attribute that is designated as the principal id. " + "Attributes available on the LDAP entry are [{}]. Since principal id attribute is not available, CAS will " + "fall back to construct the principal based on the provided user id: [{}]", this.principalIdAttribute, ldapEntry.getAttributes(), username);
return username;
}
LOGGER.error("The principal id attribute [{}] is not found. CAS is configured to disallow missing principal attributes", this.principalIdAttribute);
throw new LoginException("Principal id attribute is not found for " + principalAttr);
}
if (principalAttr.size() > 1) {
if (!this.allowMultiplePrincipalAttributeValues) {
throw new LoginException("Multiple principal values are not allowed: " + principalAttr);
}
LOGGER.warn("Found multiple values for principal id attribute: [{}]. Using first value=[{}].", principalAttr, principalAttr.getStringValue());
}
LOGGER.debug("Retrieved principal id attribute [{}]", principalAttr.getStringValue());
return principalAttr.getStringValue();
}
LOGGER.debug("Principal id attribute is not defined. Using the default provided user id [{}]", username);
return username;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapAuthenticationHandler method collectAttributesForLdapEntry.
/**
* Collect attributes for ldap entry.
*
* @param ldapEntry the ldap entry
* @param username the username
* @return the map
*/
protected Map<String, Object> collectAttributesForLdapEntry(final LdapEntry ldapEntry, final String username) {
final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
LOGGER.debug("The following attributes are requested to be retrieved and mapped: [{}]", attributeMap.keySet());
this.principalAttributeMap.forEach((key, attributeNames) -> {
final LdapAttribute attr = ldapEntry.getAttribute(key);
if (attr != null) {
LOGGER.debug("Found principal attribute: [{}]", attr);
final Collection<String> names = (Collection<String>) attributeNames;
if (names.isEmpty()) {
LOGGER.debug("Principal attribute [{}] is collected as [{}]", attr, key);
attributeMap.put(key, CollectionUtils.wrap(attr.getStringValues()));
} else {
names.forEach(s -> {
LOGGER.debug("Principal attribute [{}] is virtually remapped/renamed to [{}]", attr, s);
attributeMap.put(s, CollectionUtils.wrap(attr.getStringValues()));
});
}
} else {
LOGGER.warn("Requested LDAP attribute [{}] could not be found on the resolved LDAP entry for [{}]", key, ldapEntry.getDn());
}
});
if (this.collectDnAttribute) {
LOGGER.debug("Recording principal DN attribute as [{}]", this.principalDnAttributeName);
attributeMap.put(this.principalDnAttributeName, ldapEntry.getDn());
}
return attributeMap;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUserGroupsToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.
@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
try {
LOGGER.debug("Attempting to get roles for user [{}].", userEntry.getDn());
final Response<SearchResult> response = this.groupSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(userEntry.getDn())));
LOGGER.debug("LDAP role search response: [{}]", response);
final SearchResult groupResult = response.getResult();
for (final LdapEntry entry : groupResult.getEntries()) {
final LdapAttribute groupAttribute = entry.getAttribute(this.groupAttributeName);
if (groupAttribute == null) {
LOGGER.warn("Role attribute not found on entry [{}]", entry);
continue;
}
addProfileRolesFromAttributes(profile, groupAttribute, this.groupPrefix);
}
} catch (final Exception e) {
throw new IllegalArgumentException("LDAP error fetching roles for user.", e);
}
return profile;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUtils method newLdaptiveBlockingConnectionPool.
/**
* New blocking connection pool connection pool.
*
* @param l the l
* @return the connection pool
*/
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
final PoolConfig pc = newLdaptivePoolConfig(l);
final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
cp.setBlockWaitTime(Beans.newDuration(l.getBlockWaitTime()));
cp.setPoolConfig(pc);
final IdlePruneStrategy strategy = new IdlePruneStrategy();
strategy.setIdleTime(Beans.newDuration(l.getIdleTime()));
strategy.setPrunePeriod(Beans.newDuration(l.getPrunePeriod()));
cp.setPruneStrategy(strategy);
switch(l.getValidator().getType().trim().toLowerCase()) {
case "compare":
final CompareRequest compareRequest = new CompareRequest();
compareRequest.setDn(l.getValidator().getDn());
compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
compareRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new CompareValidator(compareRequest));
break;
case "none":
LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
break;
case "search":
default:
final SearchRequest searchRequest = new SearchRequest();
searchRequest.setBaseDn(l.getValidator().getBaseDn());
searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
searchRequest.setSearchScope(SearchScope.valueOf(l.getValidator().getScope()));
searchRequest.setSizeLimit(1L);
searchRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new SearchValidator(searchRequest));
break;
}
cp.setFailFastInitialize(l.isFailFast());
if (StringUtils.isNotBlank(l.getPoolPassivator())) {
final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
switch(pass) {
case CLOSE:
cp.setPassivator(new ClosePassivator());
LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
break;
case BIND:
if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNoneBlank(l.getBindCredential())) {
final BindRequest bindRequest = new BindRequest();
bindRequest.setDn(l.getBindDn());
bindRequest.setCredential(new Credential(l.getBindCredential()));
cp.setPassivator(new BindPassivator(bindRequest));
LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
} else {
final List values = Arrays.stream(AbstractLdapProperties.LdapConnectionPoolPassivator.values()).filter(v -> v != AbstractLdapProperties.LdapConnectionPoolPassivator.BIND).collect(Collectors.toList());
LOGGER.warn("[{}] pool passivator could not be created for [{}] given bind credentials are not specified. " + "If you are dealing with LDAP in such a way that does not require bind credentials, you may need to " + "set the pool passivator setting to one of [{}]", l.getPoolPassivator(), l.getLdapUrl(), values);
}
break;
default:
break;
}
}
LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
cp.initialize();
return cp;
}
Aggregations