use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class LDAPLoginManagerImpl method deletIdentities.
/**
* Delete all Identities in List and removes them from LDAPSecurityGroup
*
* @param identityList List of Identities to delete
*/
@Override
public void deletIdentities(List<Identity> identityList) {
SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
for (Identity identity : identityList) {
securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
userDeletionManager.deleteIdentity(identity);
dbInstance.intermediateCommit();
}
}
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class LDAPLoginManagerImpl method removeFallBackAuthentications.
/**
* remove all cached authentications for fallback-login. useful if users logged in first with a default pw and changed it outside in AD/LDAP, but OLAT doesn't know about.
* removing fallback-auths means login is only possible by AD/LDAP and if server is reachable!
* see FXOLAT-284
*/
@Override
public void removeFallBackAuthentications() {
if (ldapLoginModule.isCacheLDAPPwdAsOLATPwdOnLogin()) {
SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
if (ldapGroup == null) {
log.error("Cannot get user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
}
List<Identity> ldapIdents = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
log.info("found " + ldapIdents.size() + " identies in ldap security group");
int count = 0;
for (Identity identity : ldapIdents) {
Authentication auth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
if (auth != null) {
securityManager.deleteAuthentication(auth);
count++;
}
if (count % 20 == 0) {
dbInstance.intermediateCommit();
}
}
log.info("removed cached authentications (fallback login provider: " + BaseSecurityModule.getDefaultAuthProviderIdentifier() + ") for " + count + " users.");
}
}
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class LDAPLoginManagerImpl method getIdentitysDeletedInLdap.
/**
* Creates list of all OLAT Users which have been deleted out of the LDAP
* directory but still exits in OLAT
*
* Configuration: Required Attributes = ldapContext.xml (property=reqAttrs)
* LDAP Base = ldapContext.xml (property=ldapBase)
*
* @param syncTime The time to search in LDAP for changes since this time.
* SyncTime has to formatted: JJJJMMddHHmm
* @param ctx The LDAP system connection, if NULL or closed NamingExecpiton is
* thrown
*
* @return Returns list of Identity from the user which have been deleted in
* LDAP
*
* @throws NamingException
*/
public List<Identity> getIdentitysDeletedInLdap(LdapContext ctx) {
if (ctx == null)
return null;
// Find all LDAP Users
String userID = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
String userFilter = syncConfiguration.getLdapUserFilter();
final List<String> ldapList = new ArrayList<String>();
ldapDao.searchInLdap(new LDAPVisitor() {
@Override
public void visit(SearchResult result) throws NamingException {
Attributes attrs = result.getAttributes();
NamingEnumeration<? extends Attribute> aEnum = attrs.getAll();
while (aEnum.hasMore()) {
Attribute attr = aEnum.next();
// use lowercase username
ldapList.add(attr.get().toString().toLowerCase());
}
}
}, (userFilter == null ? "" : userFilter), new String[] { userID }, ctx);
if (ldapList.isEmpty()) {
log.warn("No users in LDAP found, can't create deletionList!!", null);
return null;
}
// Find all User in OLAT, members of LDAPSecurityGroup
SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
if (ldapGroup == null) {
log.error("Error getting users from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
return null;
}
List<Identity> identityListToDelete = new ArrayList<Identity>();
List<Identity> olatListIdentity = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
for (Identity ida : olatListIdentity) {
// compare usernames with lowercase
if (!ldapList.contains(ida.getName().toLowerCase())) {
identityListToDelete.add(ida);
}
}
return identityListToDelete;
}
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class OAuthRegistrationController method formOK.
@Override
protected void formOK(UserRequest ureq) {
String lang = langEl.getSelectedKey();
String username = usernameEl.getValue();
OAuthUser oauthUser = registration.getOauthUser();
User newUser = userManager.createUser(null, null, null);
for (UserPropertyHandler userPropertyHandler : userPropertyHandlers) {
FormItem propertyItem = this.flc.getFormComponent(userPropertyHandler.getName());
userPropertyHandler.updateUserFromFormItem(newUser, propertyItem);
}
// Init preferences
newUser.getPreferences().setLanguage(lang);
newUser.getPreferences().setInformSessionTimeout(true);
String id;
if (StringHelper.containsNonWhitespace(oauthUser.getId())) {
id = oauthUser.getId();
} else if (StringHelper.containsNonWhitespace(oauthUser.getEmail())) {
id = oauthUser.getEmail();
} else {
id = username;
}
authenticatedIdentity = securityManager.createAndPersistIdentityAndUser(username, null, newUser, registration.getAuthProvider(), id, null);
// Add user to system users group
SecurityGroup olatuserGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
securityManager.addIdentityToSecurityGroup(authenticatedIdentity, olatuserGroup);
// open disclaimer
removeAsListenerAndDispose(disclaimerController);
disclaimerController = new DisclaimerController(ureq, getWindowControl());
listenTo(disclaimerController);
cmc = new CloseableModalController(getWindowControl(), translate("close"), disclaimerController.getInitialComponent(), true, translate("disclaimer.title"));
cmc.activate();
listenTo(cmc);
}
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class ImportMemberOverviewIdentitiesController method loadModelByIdentities.
private void loadModelByIdentities(List<Identity> keys) {
notfounds = new ArrayList<>();
Set<Identity> okSet = new HashSet<>();
SecurityGroup anonymousSecGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
List<Identity> anonymousUsers = securityManager.getIdentitiesOfSecurityGroup(anonymousSecGroup);
for (Identity ident : keys) {
if (ident == null || anonymousUsers.contains(ident)) {
// ignore
} else if (!okSet.contains(ident)) {
okSet.add(ident);
}
}
oks = new ArrayList<>(okSet);
}
Aggregations