Search in sources :

Example 61 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class LDAPLoginManagerImpl method deletIdentities.

/**
 * Delete all Identities in List and removes them from LDAPSecurityGroup
 *
 * @param identityList List of Identities to delete
 */
@Override
public void deletIdentities(List<Identity> identityList) {
    SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    for (Identity identity : identityList) {
        securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
        userDeletionManager.deleteIdentity(identity);
        dbInstance.intermediateCommit();
    }
}
Also used : SecurityGroup(org.olat.basesecurity.SecurityGroup) Identity(org.olat.core.id.Identity)

Example 62 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class LDAPLoginManagerImpl method removeFallBackAuthentications.

/**
 * remove all cached authentications for fallback-login. useful if users logged in first with a default pw and changed it outside in AD/LDAP, but OLAT doesn't know about.
 * removing fallback-auths means login is only possible by AD/LDAP and if server is reachable!
 * see FXOLAT-284
 */
@Override
public void removeFallBackAuthentications() {
    if (ldapLoginModule.isCacheLDAPPwdAsOLATPwdOnLogin()) {
        SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
        if (ldapGroup == null) {
            log.error("Cannot get user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
        }
        List<Identity> ldapIdents = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
        log.info("found " + ldapIdents.size() + " identies in ldap security group");
        int count = 0;
        for (Identity identity : ldapIdents) {
            Authentication auth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
            if (auth != null) {
                securityManager.deleteAuthentication(auth);
                count++;
            }
            if (count % 20 == 0) {
                dbInstance.intermediateCommit();
            }
        }
        log.info("removed cached authentications (fallback login provider: " + BaseSecurityModule.getDefaultAuthProviderIdentifier() + ") for " + count + " users.");
    }
}
Also used : Authentication(org.olat.basesecurity.Authentication) SecurityGroup(org.olat.basesecurity.SecurityGroup) Identity(org.olat.core.id.Identity)

Example 63 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class LDAPLoginManagerImpl method getIdentitysDeletedInLdap.

/**
 * Creates list of all OLAT Users which have been deleted out of the LDAP
 * directory but still exits in OLAT
 *
 * Configuration: Required Attributes = ldapContext.xml (property=reqAttrs)
 * LDAP Base = ldapContext.xml (property=ldapBase)
 *
 * @param syncTime The time to search in LDAP for changes since this time.
 *          SyncTime has to formatted: JJJJMMddHHmm
 * @param ctx The LDAP system connection, if NULL or closed NamingExecpiton is
 *          thrown
 *
 * @return Returns list of Identity from the user which have been deleted in
 *         LDAP
 *
 * @throws NamingException
 */
public List<Identity> getIdentitysDeletedInLdap(LdapContext ctx) {
    if (ctx == null)
        return null;
    // Find all LDAP Users
    String userID = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
    String userFilter = syncConfiguration.getLdapUserFilter();
    final List<String> ldapList = new ArrayList<String>();
    ldapDao.searchInLdap(new LDAPVisitor() {

        @Override
        public void visit(SearchResult result) throws NamingException {
            Attributes attrs = result.getAttributes();
            NamingEnumeration<? extends Attribute> aEnum = attrs.getAll();
            while (aEnum.hasMore()) {
                Attribute attr = aEnum.next();
                // use lowercase username
                ldapList.add(attr.get().toString().toLowerCase());
            }
        }
    }, (userFilter == null ? "" : userFilter), new String[] { userID }, ctx);
    if (ldapList.isEmpty()) {
        log.warn("No users in LDAP found, can't create deletionList!!", null);
        return null;
    }
    // Find all User in OLAT, members of LDAPSecurityGroup
    SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    if (ldapGroup == null) {
        log.error("Error getting users from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
        return null;
    }
    List<Identity> identityListToDelete = new ArrayList<Identity>();
    List<Identity> olatListIdentity = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
    for (Identity ida : olatListIdentity) {
        // compare usernames with lowercase
        if (!ldapList.contains(ida.getName().toLowerCase())) {
            identityListToDelete.add(ida);
        }
    }
    return identityListToDelete;
}
Also used : Attribute(javax.naming.directory.Attribute) BasicAttribute(javax.naming.directory.BasicAttribute) ArrayList(java.util.ArrayList) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) NamingEnumeration(javax.naming.NamingEnumeration) SecurityGroup(org.olat.basesecurity.SecurityGroup) NamingException(javax.naming.NamingException) Identity(org.olat.core.id.Identity)

Example 64 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class OAuthRegistrationController method formOK.

@Override
protected void formOK(UserRequest ureq) {
    String lang = langEl.getSelectedKey();
    String username = usernameEl.getValue();
    OAuthUser oauthUser = registration.getOauthUser();
    User newUser = userManager.createUser(null, null, null);
    for (UserPropertyHandler userPropertyHandler : userPropertyHandlers) {
        FormItem propertyItem = this.flc.getFormComponent(userPropertyHandler.getName());
        userPropertyHandler.updateUserFromFormItem(newUser, propertyItem);
    }
    // Init preferences
    newUser.getPreferences().setLanguage(lang);
    newUser.getPreferences().setInformSessionTimeout(true);
    String id;
    if (StringHelper.containsNonWhitespace(oauthUser.getId())) {
        id = oauthUser.getId();
    } else if (StringHelper.containsNonWhitespace(oauthUser.getEmail())) {
        id = oauthUser.getEmail();
    } else {
        id = username;
    }
    authenticatedIdentity = securityManager.createAndPersistIdentityAndUser(username, null, newUser, registration.getAuthProvider(), id, null);
    // Add user to system users group
    SecurityGroup olatuserGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
    securityManager.addIdentityToSecurityGroup(authenticatedIdentity, olatuserGroup);
    // open disclaimer
    removeAsListenerAndDispose(disclaimerController);
    disclaimerController = new DisclaimerController(ureq, getWindowControl());
    listenTo(disclaimerController);
    cmc = new CloseableModalController(getWindowControl(), translate("close"), disclaimerController.getInitialComponent(), true, translate("disclaimer.title"));
    cmc.activate();
    listenTo(cmc);
}
Also used : OAuthUser(org.olat.login.oauth.model.OAuthUser) User(org.olat.core.id.User) DisclaimerController(org.olat.registration.DisclaimerController) OAuthUser(org.olat.login.oauth.model.OAuthUser) FormItem(org.olat.core.gui.components.form.flexible.FormItem) CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController) SecurityGroup(org.olat.basesecurity.SecurityGroup) UserPropertyHandler(org.olat.user.propertyhandlers.UserPropertyHandler)

Example 65 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class ImportMemberOverviewIdentitiesController method loadModelByIdentities.

private void loadModelByIdentities(List<Identity> keys) {
    notfounds = new ArrayList<>();
    Set<Identity> okSet = new HashSet<>();
    SecurityGroup anonymousSecGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
    List<Identity> anonymousUsers = securityManager.getIdentitiesOfSecurityGroup(anonymousSecGroup);
    for (Identity ident : keys) {
        if (ident == null || anonymousUsers.contains(ident)) {
        // ignore
        } else if (!okSet.contains(ident)) {
            okSet.add(ident);
        }
    }
    oks = new ArrayList<>(okSet);
}
Also used : Identity(org.olat.core.id.Identity) SecurityGroup(org.olat.basesecurity.SecurityGroup) HashSet(java.util.HashSet)

Aggregations

SecurityGroup (org.olat.basesecurity.SecurityGroup)142 Identity (org.olat.core.id.Identity)104 ArrayList (java.util.ArrayList)36 Test (org.junit.Test)24 BaseSecurity (org.olat.basesecurity.BaseSecurity)20 User (org.olat.core.id.User)20 CatalogEntry (org.olat.repository.CatalogEntry)18 RepositoryEntry (org.olat.repository.RepositoryEntry)16 Path (javax.ws.rs.Path)14 Date (java.util.Date)12 UserVO (org.olat.user.restapi.UserVO)10 URI (java.net.URI)8 Calendar (java.util.Calendar)8 HashMap (java.util.HashMap)8 HttpResponse (org.apache.http.HttpResponse)8 IdentitiesAddEvent (org.olat.admin.securitygroup.gui.IdentitiesAddEvent)8 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)8 LDAPUser (org.olat.ldap.model.LDAPUser)7 HashSet (java.util.HashSet)6 NamingException (javax.naming.NamingException)6