Examples with SearchResult org.ldaptive.SearchResult used on opensource projects

Example 6 with SearchResult

use of org.ldaptive.SearchResult in project cas by apereo.

the class LdapSpnegoKnownClientSystemsFilterAction method processSpnegoAttribute.

/**
     * Verify spnego attribute value.
     *
     * @param searchResult the search result
     * @return true if attribute value exists and has a value
     */
protected boolean processSpnegoAttribute(final Response<SearchResult> searchResult) {
    final SearchResult result = searchResult.getResult();
    if (result == null || result.getEntries().isEmpty()) {
        LOGGER.debug("Spnego attribute is not found in the search results");
        return false;
    }
    final LdapEntry entry = result.getEntry();
    final LdapAttribute attribute = entry.getAttribute(this.spnegoAttributeName);
    LOGGER.debug("Spnego attribute [{}] found as [{}] for [{}]", attribute.getName(), attribute.getStringValue(), entry.getDn());
    return verifySpnegoAttributeValue(attribute);
}

Example 7 with SearchResult

use of org.ldaptive.SearchResult in project cas by apereo.

the class LdapPasswordManagementService method change.

@Audit(action = "CHANGE_PASSWORD", actionResolverName = "CHANGE_PASSWORD_ACTION_RESOLVER", resourceResolverName = "CHANGE_PASSWORD_RESOURCE_RESOLVER")
@Override
public boolean change(final Credential credential, final PasswordChangeBean bean) {
    Assert.notNull(credential, "Credential cannot be null");
    Assert.notNull(bean, "PasswordChangeBean cannot be null");
    try {
        final PasswordManagementProperties.Ldap ldap = passwordManagementProperties.getLdap();
        final UsernamePasswordCredential c = (UsernamePasswordCredential) credential;
        final SearchFilter filter = Beans.newLdaptiveSearchFilter(ldap.getUserFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(c.getId()));
        LOGGER.debug("Constructed LDAP filter [{}] to update account password", filter);
        final ConnectionFactory factory = Beans.newLdaptivePooledConnectionFactory(ldap);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
        LOGGER.debug("LDAP response to update password is [{}]", response);
        if (LdapUtils.containsResultEntry(response)) {
            final String dn = response.getResult().getEntry().getDn();
            LOGGER.debug("Updating account password for [{}]", dn);
            if (LdapUtils.executePasswordModifyOperation(dn, factory, c.getPassword(), bean.getPassword(), passwordManagementProperties.getLdap().getType())) {
                LOGGER.debug("Successfully updated the account password for [{}]", dn);
                return true;
            }
            LOGGER.error("Could not update the LDAP entry's password for [{}] and base DN [{}]", filter.format(), ldap.getBaseDn());
        } else {
            LOGGER.error("Could not locate an LDAP entry for [{}] and base DN [{}]", filter.format(), ldap.getBaseDn());
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return false;
}

Example 8 with SearchResult

use of org.ldaptive.SearchResult in project cas by apereo.

the class LdapServiceRegistryDao method update.

/**
     * Update the ldap entry with the given registered service.
     *
     * @param rs the rs
     * @return the registered service
     */
private RegisteredService update(final RegisteredService rs) {
    String currentDn = null;
    try {
        final Response<SearchResult> response = searchForServiceById(rs.getId());
        if (LdapUtils.containsResultEntry(response)) {
            currentDn = response.getResult().getEntry().getDn();
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    if (StringUtils.isNotBlank(currentDn)) {
        LOGGER.debug("Updating registered service at [{}]", currentDn);
        final LdapEntry entry = this.ldapServiceMapper.mapFromRegisteredService(this.baseDn, rs);
        LdapUtils.executeModifyOperation(currentDn, this.connectionFactory, entry);
    }
    return rs;
}

Example 9 with SearchResult

use of org.ldaptive.SearchResult in project cas by apereo.

the class BaseUseAttributesAuthorizationGenerator method generate.

@Override
public CommonProfile generate(final WebContext context, final CommonProfile profile) {
    Assert.notNull(this.connectionFactory, "connectionFactory must not be null");
    Assert.notNull(this.userSearchExecutor, "userSearchExecutor must not be null");
    final String username = profile.getId();
    final SearchResult userResult;
    try {
        LOGGER.debug("Attempting to get details for user [{}].", username);
        final Response<SearchResult> response = this.userSearchExecutor.search(this.connectionFactory, Beans.newLdaptiveSearchFilter(this.userSearchExecutor.getSearchFilter().getFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(username)));
        LOGGER.debug("LDAP user search response: [{}]", response);
        userResult = response.getResult();
        if (userResult.size() == 0) {
            throw new RuntimeException(new AccountNotFoundException(username + " not found."));
        }
        if (userResult.size() > 1 && !this.allowMultipleResults) {
            throw new IllegalStateException("Found multiple results for user which is not allowed (allowMultipleResults=false).");
        }
        final LdapEntry userEntry = userResult.getEntry();
        return generateAuthorizationForLdapEntry(profile, userEntry);
    } catch (final LdapException e) {
        throw new RuntimeException("LDAP error fetching details for user.", e);
    }
}

Example 10 with SearchResult

use of org.ldaptive.SearchResult in project cas by apereo.

the class LdapUserGroupsToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.

@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
    try {
        LOGGER.debug("Attempting to get roles for user [{}].", userEntry.getDn());
        final Response<SearchResult> response = this.groupSearchExecutor.search(this.connectionFactory, Beans.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(userEntry.getDn())));
        LOGGER.debug("LDAP role search response: [{}]", response);
        final SearchResult groupResult = response.getResult();
        for (final LdapEntry entry : groupResult.getEntries()) {
            final LdapAttribute groupAttribute = entry.getAttribute(this.groupAttributeName);
            if (groupAttribute == null) {
                LOGGER.warn("Role attribute not found on entry [{}]", entry);
                continue;
            }
            addProfileRolesFromAttributes(profile, groupAttribute, this.groupPrefix);
        }
    } catch (final LdapException e) {
        throw new RuntimeException("LDAP error fetching roles for user.", e);
    }
    return profile;
}