Example 21 with LdapAttribute
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class DefaultLdapRegisteredServiceMapper method mapFromRegisteredService.
@Override
@SneakyThrows
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {
if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
svc.setId(System.currentTimeMillis());
}
final String newDn = getDnForRegisteredService(dn, svc);
LOGGER.debug("Creating entry DN [{}]", newDn);
final Collection<LdapAttribute> attrs = new ArrayList<>();
attrs.add(new LdapAttribute(ldap.getIdAttribute(), String.valueOf(svc.getId())));
try (StringWriter writer = new StringWriter()) {
this.jsonSerializer.to(writer, svc);
attrs.add(new LdapAttribute(ldap.getServiceDefinitionAttribute(), writer.toString()));
attrs.add(new LdapAttribute(LdapUtils.OBJECT_CLASS_ATTRIBUTE, "top", ldap.getObjectClass()));
}
LOGGER.debug("LDAP attributes assigned to the DN [{}] are [{}]", newDn, attrs);
final LdapEntry entry = new LdapEntry(newDn, attrs);
LOGGER.debug("Created LDAP entry [{}]", entry);
return entry;
}
Also used :
StringWriter(java.io.StringWriter)
LdapAttribute(org.ldaptive.LdapAttribute)
ArrayList(java.util.ArrayList)
LdapEntry(org.ldaptive.LdapEntry)
SneakyThrows(lombok.SneakyThrows)
Example 22 with LdapAttribute
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapAuthenticationHandler method getLdapPrincipalIdentifier.
/**
* Gets ldap principal identifier. If the principal id attribute is defined, it's retrieved.
* If no attribute value is found, a warning is generated and the provided username is used instead.
* If no attribute is defined, username is used instead.
*
* @param username the username
* @param ldapEntry the ldap entry
* @return the ldap principal identifier
* @throws LoginException in case the principal id cannot be determined.
*/
protected String getLdapPrincipalIdentifier(final String username, final LdapEntry ldapEntry) throws LoginException {
if (StringUtils.isNotBlank(this.principalIdAttribute)) {
final LdapAttribute principalAttr = ldapEntry.getAttribute(this.principalIdAttribute);
if (principalAttr == null || principalAttr.size() == 0) {
if (this.allowMissingPrincipalAttributeValue) {
LOGGER.warn("The principal id attribute [{}] is not found. CAS cannot construct the final authenticated principal " + "if it's unable to locate the attribute that is designated as the principal id. " + "Attributes available on the LDAP entry are [{}]. Since principal id attribute is not available, CAS will " + "fall back to construct the principal based on the provided user id: [{}]", this.principalIdAttribute, ldapEntry.getAttributes(), username);
return username;
}
LOGGER.error("The principal id attribute [{}] is not found. CAS is configured to disallow missing principal attributes", this.principalIdAttribute);
throw new LoginException("Principal id attribute is not found for " + principalAttr);
}
if (principalAttr.size() > 1) {
if (!this.allowMultiplePrincipalAttributeValues) {
throw new LoginException("Multiple principal values are not allowed: " + principalAttr);
}
LOGGER.warn("Found multiple values for principal id attribute: [{}]. Using first value=[{}].", principalAttr, principalAttr.getStringValue());
}
LOGGER.debug("Retrieved principal id attribute [{}]", principalAttr.getStringValue());
return principalAttr.getStringValue();
}
LOGGER.debug("Principal id attribute is not defined. Using the default provided user id [{}]", username);
return username;
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Example 23 with LdapAttribute
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapAuthenticationHandler method collectAttributesForLdapEntry.
/**
* Collect attributes for ldap entry.
*
* @param ldapEntry the ldap entry
* @param username the username
* @return the map
*/
protected Map<String, Object> collectAttributesForLdapEntry(final LdapEntry ldapEntry, final String username) {
final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
LOGGER.debug("The following attributes are requested to be retrieved and mapped: [{}]", attributeMap.keySet());
this.principalAttributeMap.forEach((key, attributeNames) -> {
final LdapAttribute attr = ldapEntry.getAttribute(key);
if (attr != null) {
LOGGER.debug("Found principal attribute: [{}]", attr);
final Collection<String> names = (Collection<String>) attributeNames;
if (names.isEmpty()) {
LOGGER.debug("Principal attribute [{}] is collected as [{}]", attr, key);
attributeMap.put(key, CollectionUtils.wrap(attr.getStringValues()));
} else {
names.forEach(s -> {
LOGGER.debug("Principal attribute [{}] is virtually remapped/renamed to [{}]", attr, s);
attributeMap.put(s, CollectionUtils.wrap(attr.getStringValues()));
});
}
} else {
LOGGER.warn("Requested LDAP attribute [{}] could not be found on the resolved LDAP entry for [{}]", key, ldapEntry.getDn());
}
});
if (this.collectDnAttribute) {
LOGGER.debug("Recording principal DN attribute as [{}]", this.principalDnAttributeName);
attributeMap.put(this.principalDnAttributeName, ldapEntry.getDn());
}
return attributeMap;
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
Collection(java.util.Collection)
LinkedHashMap(java.util.LinkedHashMap)
Example 24 with LdapAttribute
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUserGroupsToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.
@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
try {
LOGGER.debug("Attempting to get roles for user [{}].", userEntry.getDn());
final Response<SearchResult> response = this.groupSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(userEntry.getDn())));
LOGGER.debug("LDAP role search response: [{}]", response);
final SearchResult groupResult = response.getResult();
for (final LdapEntry entry : groupResult.getEntries()) {
final LdapAttribute groupAttribute = entry.getAttribute(this.groupAttributeName);
if (groupAttribute == null) {
LOGGER.warn("Role attribute not found on entry [{}]", entry);
continue;
}
addProfileRolesFromAttributes(profile, groupAttribute, this.groupPrefix);
}
} catch (final Exception e) {
throw new IllegalArgumentException("LDAP error fetching roles for user.", e);
}
return profile;
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
Example 25 with LdapAttribute
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUtils method newLdaptiveBlockingConnectionPool.
/**
* New blocking connection pool connection pool.
*
* @param l the l
* @return the connection pool
*/
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
final PoolConfig pc = newLdaptivePoolConfig(l);
final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
cp.setBlockWaitTime(Beans.newDuration(l.getBlockWaitTime()));
cp.setPoolConfig(pc);
final IdlePruneStrategy strategy = new IdlePruneStrategy();
strategy.setIdleTime(Beans.newDuration(l.getIdleTime()));
strategy.setPrunePeriod(Beans.newDuration(l.getPrunePeriod()));
cp.setPruneStrategy(strategy);
switch(l.getValidator().getType().trim().toLowerCase()) {
case "compare":
final CompareRequest compareRequest = new CompareRequest();
compareRequest.setDn(l.getValidator().getDn());
compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
compareRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new CompareValidator(compareRequest));
break;
case "none":
LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
break;
case "search":
default:
final SearchRequest searchRequest = new SearchRequest();
searchRequest.setBaseDn(l.getValidator().getBaseDn());
searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
searchRequest.setSearchScope(SearchScope.valueOf(l.getValidator().getScope()));
searchRequest.setSizeLimit(1L);
searchRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new SearchValidator(searchRequest));
break;
}
cp.setFailFastInitialize(l.isFailFast());
if (StringUtils.isNotBlank(l.getPoolPassivator())) {
final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
switch(pass) {
case CLOSE:
cp.setPassivator(new ClosePassivator());
LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
break;
case BIND:
if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNoneBlank(l.getBindCredential())) {
final BindRequest bindRequest = new BindRequest();
bindRequest.setDn(l.getBindDn());
bindRequest.setCredential(new Credential(l.getBindCredential()));
cp.setPassivator(new BindPassivator(bindRequest));
LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
} else {
final List values = Arrays.stream(AbstractLdapProperties.LdapConnectionPoolPassivator.values()).filter(v -> v != AbstractLdapProperties.LdapConnectionPoolPassivator.BIND).collect(Collectors.toList());
LOGGER.warn("[{}] pool passivator could not be created for [{}] given bind credentials are not specified. " + "If you are dealing with LDAP in such a way that does not require bind credentials, you may need to " + "set the pool passivator setting to one of [{}]", l.getPoolPassivator(), l.getLdapUrl(), values);
}
break;
default:
break;
}
}
LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
cp.initialize();
return cp;
}
Also used :
Arrays(java.util.Arrays)
ConnectionFactory(org.ldaptive.ConnectionFactory)
SearchOperation(org.ldaptive.SearchOperation)
AddRequest(org.ldaptive.AddRequest)
ExternalConfig(org.ldaptive.sasl.ExternalConfig)
StringUtils(org.apache.commons.lang3.StringUtils)
SearchEntryHandler(org.ldaptive.handler.SearchEntryHandler)
ClassUtils(org.apache.commons.lang3.ClassUtils)
ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy)
FormatDnResolver(org.ldaptive.auth.FormatDnResolver)
Map(java.util.Map)
AbstractLdapAuthenticationProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties)
PasswordPolicyControl(org.ldaptive.control.PasswordPolicyControl)
ConnectionConfig(org.ldaptive.ConnectionConfig)
BindPassivator(org.ldaptive.pool.BindPassivator)
SaslConfig(org.ldaptive.sasl.SaslConfig)
BindConnectionInitializer(org.ldaptive.BindConnectionInitializer)
ModifyRequest(org.ldaptive.ModifyRequest)
BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool)
Set(java.util.Set)
PasswordModifyOperation(org.ldaptive.extended.PasswordModifyOperation)
DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy)
SearchScope(org.ldaptive.SearchScope)
Response(org.ldaptive.Response)
StandardCharsets(java.nio.charset.StandardCharsets)
Slf4j(lombok.extern.slf4j.Slf4j)
AddOperation(org.ldaptive.AddOperation)
LdapAttribute(org.ldaptive.LdapAttribute)
LdapEntry(org.ldaptive.LdapEntry)
CramMd5Config(org.ldaptive.sasl.CramMd5Config)
ObjectGuidHandler(org.ldaptive.ad.handler.ObjectGuidHandler)
SearchFilter(org.ldaptive.SearchFilter)
RangeEntryHandler(org.ldaptive.ad.handler.RangeEntryHandler)
ArrayList(java.util.ArrayList)
UtilityClass(lombok.experimental.UtilityClass)
IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy)
ModifyOperation(org.ldaptive.ModifyOperation)
SearchResult(org.ldaptive.SearchResult)
SearchValidator(org.ldaptive.pool.SearchValidator)
CompareRequest(org.ldaptive.CompareRequest)
AttributeModification(org.ldaptive.AttributeModification)
SearchRequest(org.ldaptive.SearchRequest)
DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory)
RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy)
Mechanism(org.ldaptive.sasl.Mechanism)
CaseChangeEntryHandler(org.ldaptive.handler.CaseChangeEntryHandler)
KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig)
LdapException(org.ldaptive.LdapException)
SearchExecutor(org.ldaptive.SearchExecutor)
ClosePassivator(org.ldaptive.pool.ClosePassivator)
PooledSearchDnResolver(org.ldaptive.auth.PooledSearchDnResolver)
UnicodePwdAttribute(org.ldaptive.ad.UnicodePwdAttribute)
URL(java.net.URL)
AttributeModificationType(org.ldaptive.AttributeModificationType)
Beans(org.apereo.cas.configuration.support.Beans)
PooledBindAuthenticationHandler(org.ldaptive.auth.PooledBindAuthenticationHandler)
ConnectionPool(org.ldaptive.pool.ConnectionPool)
DerefAliases(org.ldaptive.DerefAliases)
SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)
PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest)
DigestMd5Config(org.ldaptive.sasl.DigestMd5Config)
URI(java.net.URI)
DeleteRequest(org.ldaptive.DeleteRequest)
PooledCompareAuthenticationHandler(org.ldaptive.auth.PooledCompareAuthenticationHandler)
SslConfig(org.ldaptive.ssl.SslConfig)
PoolConfig(org.ldaptive.pool.PoolConfig)
PrimaryGroupIdHandler(org.ldaptive.ad.handler.PrimaryGroupIdHandler)
X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig)
AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)
Collectors(java.util.stream.Collectors)
DnAttributeEntryHandler(org.ldaptive.handler.DnAttributeEntryHandler)
List(java.util.List)
DeleteOperation(org.ldaptive.DeleteOperation)
CompareValidator(org.ldaptive.pool.CompareValidator)
BindRequest(org.ldaptive.BindRequest)
IntStream(java.util.stream.IntStream)
Provider(org.ldaptive.provider.Provider)
ReturnAttributes(org.ldaptive.ReturnAttributes)
DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy)
HashSet(java.util.HashSet)
EntryResolver(org.ldaptive.auth.EntryResolver)
QualityOfProtection(org.ldaptive.sasl.QualityOfProtection)
ModifyReferralHandler(org.ldaptive.referral.ModifyReferralHandler)
RecursiveEntryHandler(org.ldaptive.handler.RecursiveEntryHandler)
PooledSearchEntryResolver(org.ldaptive.auth.PooledSearchEntryResolver)
RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy)
ObjectSidHandler(org.ldaptive.ad.handler.ObjectSidHandler)
ResultCode(org.ldaptive.ResultCode)
FastBindOperation(org.ldaptive.ad.extended.FastBindOperation)
GssApiConfig(org.ldaptive.sasl.GssApiConfig)
Connection(org.ldaptive.Connection)
Authenticator(org.ldaptive.auth.Authenticator)
DeleteReferralHandler(org.ldaptive.referral.DeleteReferralHandler)
Credential(org.ldaptive.Credential)
MergeAttributeEntryHandler(org.ldaptive.handler.MergeAttributeEntryHandler)
NumberUtils(org.apache.commons.lang3.math.NumberUtils)
PooledConnectionFactory(org.ldaptive.pool.PooledConnectionFactory)
SecurityStrength(org.ldaptive.sasl.SecurityStrength)
DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory)
IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy)
SearchRequest(org.ldaptive.SearchRequest)
Credential(org.ldaptive.Credential)
ClosePassivator(org.ldaptive.pool.ClosePassivator)
BindRequest(org.ldaptive.BindRequest)
BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool)
SearchFilter(org.ldaptive.SearchFilter)
AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)
CompareRequest(org.ldaptive.CompareRequest)
SearchValidator(org.ldaptive.pool.SearchValidator)
CompareValidator(org.ldaptive.pool.CompareValidator)
BindPassivator(org.ldaptive.pool.BindPassivator)
LdapAttribute(org.ldaptive.LdapAttribute)
PoolConfig(org.ldaptive.pool.PoolConfig)
ArrayList(java.util.ArrayList)
List(java.util.List)
SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)
Aggregations
LdapAttribute (org.ldaptive.LdapAttribute)27
LdapEntry (org.ldaptive.LdapEntry)18
SearchResult (org.ldaptive.SearchResult)11
SearchFilter (org.ldaptive.SearchFilter)7
ArrayList (java.util.ArrayList)6
ConnectionFactory (org.ldaptive.ConnectionFactory)5
LinkedHashMap (java.util.LinkedHashMap)4
PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4
MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3
AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)3
Test (org.junit.Test)3
BindRequest (org.ldaptive.BindRequest)3
CompareRequest (org.ldaptive.CompareRequest)3
LdapException (org.ldaptive.LdapException)3
URI (java.net.URI)2
URL (java.net.URL)2
StandardCharsets (java.nio.charset.StandardCharsets)2
Arrays (java.util.Arrays)2
HashSet (java.util.HashSet)2
List (java.util.List)2
