Example 21 with LdapEntry
use of org.ldaptive.LdapEntry in project cas by apereo.
the class DefaultLdapRegisteredServiceMapper method mapFromRegisteredService.
@Override
@SneakyThrows
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {
if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
svc.setId(System.currentTimeMillis());
}
final String newDn = getDnForRegisteredService(dn, svc);
LOGGER.debug("Creating entry DN [{}]", newDn);
final Collection<LdapAttribute> attrs = new ArrayList<>();
attrs.add(new LdapAttribute(ldap.getIdAttribute(), String.valueOf(svc.getId())));
try (StringWriter writer = new StringWriter()) {
this.jsonSerializer.to(writer, svc);
attrs.add(new LdapAttribute(ldap.getServiceDefinitionAttribute(), writer.toString()));
attrs.add(new LdapAttribute(LdapUtils.OBJECT_CLASS_ATTRIBUTE, "top", ldap.getObjectClass()));
}
LOGGER.debug("LDAP attributes assigned to the DN [{}] are [{}]", newDn, attrs);
final LdapEntry entry = new LdapEntry(newDn, attrs);
LOGGER.debug("Created LDAP entry [{}]", entry);
return entry;
}
Also used :
StringWriter(java.io.StringWriter)
LdapAttribute(org.ldaptive.LdapAttribute)
ArrayList(java.util.ArrayList)
LdapEntry(org.ldaptive.LdapEntry)
SneakyThrows(lombok.SneakyThrows)
Example 22 with LdapEntry
use of org.ldaptive.LdapEntry in project cas by apereo.
the class BaseUseAttributesAuthorizationGenerator method generate.
@Override
public CommonProfile generate(final WebContext context, final CommonProfile profile) {
final String username = profile.getId();
final SearchResult userResult;
try {
LOGGER.debug("Attempting to get details for user [{}].", username);
final Response<SearchResult> response = this.userSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.userSearchExecutor.getSearchFilter().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(username)));
LOGGER.debug("LDAP user search response: [{}]", response);
userResult = response.getResult();
if (userResult.size() == 0) {
throw new IllegalArgumentException(new AccountNotFoundException(username + " not found."));
}
if (userResult.size() > 1 && !this.allowMultipleResults) {
throw new IllegalStateException("Found multiple results for user which is not allowed (allowMultipleResults=false).");
}
final LdapEntry userEntry = userResult.getEntry();
return generateAuthorizationForLdapEntry(profile, userEntry);
} catch (final LdapException e) {
throw new IllegalArgumentException("LDAP error fetching details for user.", e);
}
}
Also used :
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
AccountNotFoundException(org.pac4j.core.exception.AccountNotFoundException)
LdapException(org.ldaptive.LdapException)
Example 23 with LdapEntry
use of org.ldaptive.LdapEntry in project cas by apereo.
the class LdapUserGroupsToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.
@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
try {
LOGGER.debug("Attempting to get roles for user [{}].", userEntry.getDn());
final Response<SearchResult> response = this.groupSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(userEntry.getDn())));
LOGGER.debug("LDAP role search response: [{}]", response);
final SearchResult groupResult = response.getResult();
for (final LdapEntry entry : groupResult.getEntries()) {
final LdapAttribute groupAttribute = entry.getAttribute(this.groupAttributeName);
if (groupAttribute == null) {
LOGGER.warn("Role attribute not found on entry [{}]", entry);
continue;
}
addProfileRolesFromAttributes(profile, groupAttribute, this.groupPrefix);
}
} catch (final Exception e) {
throw new IllegalArgumentException("LDAP error fetching roles for user.", e);
}
return profile;
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
Example 24 with LdapEntry
use of org.ldaptive.LdapEntry in project cas by apereo.
the class LdapSpnegoKnownClientSystemsFilterAction method processSpnegoAttribute.
/**
* Verify spnego attribute value.
*
* @param searchResult the search result
* @return true if attribute value exists and has a value
*/
protected boolean processSpnegoAttribute(final Response<SearchResult> searchResult) {
final SearchResult result = searchResult.getResult();
if (result == null || result.getEntries().isEmpty()) {
LOGGER.debug("Spnego attribute is not found in the search results");
return false;
}
final LdapEntry entry = result.getEntry();
final LdapAttribute attribute = entry.getAttribute(this.spnegoAttributeName);
LOGGER.debug("Spnego attribute [{}] found as [{}] for [{}]", attribute.getName(), attribute.getStringValue(), entry.getDn());
return verifySpnegoAttributeValue(attribute);
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
Example 25 with LdapEntry
use of org.ldaptive.LdapEntry in project cas by apereo.
the class AbstractX509LdapTests method populateCertificateRevocationListAttribute.
/**
* Populate certificate revocation list attribute.
* Dynamically set the attribute value to the crl content.
* Encode it as base64 first. Doing this in the code rather
* than in the ldif file to ensure the attribute can be populated
* without dependencies on the classpath and or filesystem.
*
* @throws Exception the exception
*/
private static void populateCertificateRevocationListAttribute(final int port) throws Exception {
final Collection<LdapEntry> col = getLdapDirectory(port).getLdapEntries();
for (final LdapEntry ldapEntry : col) {
if (ldapEntry.getDn().equals(DN)) {
final LdapAttribute attr = new LdapAttribute(true);
byte[] value = new byte[1024];
IOUtils.read(new ClassPathResource("userCA-valid.crl").getInputStream(), value);
value = EncodingUtils.encodeBase64ToByteArray(value);
attr.setName("certificateRevocationList");
attr.addBinaryValue(value);
LdapTestUtils.modifyLdapEntry(getLdapDirectory(port).getConnection(), ldapEntry, attr);
}
}
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
LdapEntry(org.ldaptive.LdapEntry)
ClassPathResource(org.springframework.core.io.ClassPathResource)
Aggregations
LdapEntry (org.ldaptive.LdapEntry)26
LdapAttribute (org.ldaptive.LdapAttribute)17
SearchResult (org.ldaptive.SearchResult)14
LdapException (org.ldaptive.LdapException)9
SearchFilter (org.ldaptive.SearchFilter)7
ArrayList (java.util.ArrayList)6
PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4
ConnectionFactory (org.ldaptive.ConnectionFactory)4
AuthenticationResponse (org.ldaptive.auth.AuthenticationResponse)4
MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3
Test (org.junit.Test)3
AccountState (org.ldaptive.auth.AccountState)3
LinkedHashMap (java.util.LinkedHashMap)2
ClassPathResource (org.springframework.core.io.ClassPathResource)2
AddRequest (com.unboundid.ldap.sdk.AddRequest)1
Attribute (com.unboundid.ldap.sdk.Attribute)1
IOException (java.io.IOException)1
StringWriter (java.io.StringWriter)1
CertificateException (java.security.cert.CertificateException)1
HashSet (java.util.HashSet)1
