use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method syncRole.
private void syncRole(LdapContext ctx, List<LDAPGroup> groups, String role, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) {
if (groups == null || groups.isEmpty())
return;
for (LDAPGroup group : groups) {
List<String> members = group.getMembers();
if (members != null && members.size() > 0) {
for (String member : members) {
LDAPUser ldapUser = getLDAPUser(ctx, member, dnToIdentityKeyMap, errors);
if (ldapUser != null && ldapUser.getCachedIdentity() != null) {
syncRole(ldapUser, role);
}
}
}
dbInstance.commitAndCloseSession();
}
}
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPGroupVisitor method visit.
@Override
public void visit(SearchResult searchResult) throws NamingException {
Attributes resAttributes = searchResult.getAttributes();
Attribute memberAttr = resAttributes.get("member");
Attribute cnAttr = resAttributes.get("cn");
if (memberAttr != null) {
LDAPGroup group = new LDAPGroup();
Object cn = cnAttr.get();
if (cn instanceof String) {
group.setCommonName((String) cn);
}
List<String> members = new ArrayList<String>();
try {
for (NamingEnumeration<?> memberEn = memberAttr.getAll(); memberEn.hasMoreElements(); ) {
Object member = memberEn.next();
if (member instanceof String) {
members.add((String) member);
}
}
} catch (NamingException e) {
log.error("", e);
}
group.setMembers(members);
groups.add(group);
}
}
use of org.olat.ldap.model.LDAPGroup in project openolat by klemens.
the class LDAPLoginManagerImpl method doBatchSyncRoles.
private void doBatchSyncRoles(LdapContext ctx, List<LDAPUser> ldapUsers, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) throws NamingException {
ctx.close();
ctx = bindSystem();
// authors
if (syncConfiguration.getAuthorsGroupBase() != null && syncConfiguration.getAuthorsGroupBase().size() > 0) {
List<LDAPGroup> authorGroups = ldapDao.searchGroups(ctx, syncConfiguration.getAuthorsGroupBase());
syncRole(ctx, authorGroups, Constants.GROUP_AUTHORS, dnToIdentityKeyMap, errors);
}
// user managers
if (syncConfiguration.getUserManagersGroupBase() != null && syncConfiguration.getUserManagersGroupBase().size() > 0) {
List<LDAPGroup> userManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getUserManagersGroupBase());
syncRole(ctx, userManagerGroups, Constants.GROUP_USERMANAGERS, dnToIdentityKeyMap, errors);
}
// group managers
if (syncConfiguration.getGroupManagersGroupBase() != null && syncConfiguration.getGroupManagersGroupBase().size() > 0) {
List<LDAPGroup> groupManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getGroupManagersGroupBase());
syncRole(ctx, groupManagerGroups, Constants.GROUP_GROUPMANAGERS, dnToIdentityKeyMap, errors);
}
// question pool managers
if (syncConfiguration.getQpoolManagersGroupBase() != null && syncConfiguration.getQpoolManagersGroupBase().size() > 0) {
List<LDAPGroup> qpoolManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getQpoolManagersGroupBase());
syncRole(ctx, qpoolManagerGroups, Constants.GROUP_POOL_MANAGER, dnToIdentityKeyMap, errors);
}
// learning resource manager
if (syncConfiguration.getLearningResourceManagersGroupBase() != null && syncConfiguration.getLearningResourceManagersGroupBase().size() > 0) {
List<LDAPGroup> resourceManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getLearningResourceManagersGroupBase());
syncRole(ctx, resourceManagerGroups, Constants.GROUP_INST_ORES_MANAGER, dnToIdentityKeyMap, errors);
}
int count = 0;
boolean syncAuthor = StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleValue());
boolean syncUserManager = StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleValue());
boolean syncGroupManager = StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleValue());
boolean syncQpoolManager = StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleValue());
boolean syncLearningResourceManager = StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleValue());
for (LDAPUser ldapUser : ldapUsers) {
if (syncAuthor && ldapUser.isAuthor()) {
syncRole(ldapUser, Constants.GROUP_AUTHORS);
count++;
}
if (syncUserManager && ldapUser.isUserManager()) {
syncRole(ldapUser, Constants.GROUP_USERMANAGERS);
count++;
}
if (syncGroupManager && ldapUser.isGroupManager()) {
syncRole(ldapUser, Constants.GROUP_GROUPMANAGERS);
count++;
}
if (syncQpoolManager && ldapUser.isQpoolManager()) {
syncRole(ldapUser, Constants.GROUP_POOL_MANAGER);
count++;
}
if (syncLearningResourceManager && ldapUser.isLearningResourceManager()) {
syncRole(ldapUser, Constants.GROUP_INST_ORES_MANAGER);
count++;
}
if (count > 20) {
dbInstance.commitAndCloseSession();
count = 0;
}
}
dbInstance.commitAndCloseSession();
}
use of org.olat.ldap.model.LDAPGroup in project openolat by klemens.
the class LDAPLoginManagerImpl method syncUserGroups.
/**
* The method search in LDAP the user, search the groups
* of which it is member of, and sync the groups.
*
* @param identity The identity to sync
*/
@Override
public void syncUserGroups(Identity identity) {
LdapContext ctx = bindSystem();
if (ctx == null) {
log.error("could not bind to ldap", null);
}
String ldapUserIDAttribute = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
String filter = ldapDao.buildSearchUserFilter(ldapUserIDAttribute, identity.getName());
boolean withCoacheOfGroups = StringHelper.containsNonWhitespace(syncConfiguration.getCoachedGroupAttribute());
List<String> ldapBases = syncConfiguration.getLdapBases();
String[] searchAttr;
if (withCoacheOfGroups) {
searchAttr = new String[] { "dn", syncConfiguration.getCoachedGroupAttribute() };
} else {
searchAttr = new String[] { "dn" };
}
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(searchAttr);
String userDN = null;
List<String> groupList = null;
for (String ldapBase : ldapBases) {
try {
NamingEnumeration<SearchResult> enm = ctx.search(ldapBase, filter, ctls);
while (enm.hasMore()) {
SearchResult result = enm.next();
userDN = result.getNameInNamespace();
if (withCoacheOfGroups) {
Attributes resAttributes = result.getAttributes();
Attribute coachOfGroupsAttr = resAttributes.get(syncConfiguration.getCoachedGroupAttribute());
if (coachOfGroupsAttr != null && coachOfGroupsAttr.get() instanceof String) {
String groupString = (String) coachOfGroupsAttr.get();
if (!"-".equals(groupString)) {
String[] groupArr = groupString.split(syncConfiguration.getCoachedGroupAttributeSeparator());
groupList = new ArrayList<>(groupArr.length);
for (String group : groupArr) {
groupList.add(group);
}
}
}
}
}
if (userDN != null) {
break;
}
} catch (NamingException e) {
log.error("NamingException when trying to bind user with username::" + identity.getName() + " on ldapBase::" + ldapBase, e);
}
}
// get the potential groups
if (userDN != null) {
List<String> groupDNs = syncConfiguration.getLdapGroupBases();
String groupFilter = "(&(objectClass=groupOfNames)(member=" + userDN + "))";
List<LDAPGroup> groups = ldapDao.searchGroups(ctx, groupDNs, groupFilter);
for (LDAPGroup group : groups) {
BusinessGroup managedGroup = getManagerBusinessGroup(group.getCommonName());
if (managedGroup != null) {
List<String> roles = businessGroupRelationDao.getRoles(identity, managedGroup);
if (roles.isEmpty()) {
boolean coach = groupList != null && groupList.contains(group.getCommonName());
if (coach) {
businessGroupRelationDao.addRole(identity, managedGroup, GroupRoles.coach.name());
} else {
businessGroupRelationDao.addRole(identity, managedGroup, GroupRoles.participant.name());
}
}
}
}
}
}
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPDAO method searchGroups.
public List<LDAPGroup> searchGroups(LdapContext ctx, List<String> groupDNs, String filter) {
final List<LDAPGroup> ldapGroups = new ArrayList<>();
String[] groupAttributes = new String[] { "cn" };
for (String groupDN : groupDNs) {
LDAPVisitor visitor = new LDAPVisitor() {
@Override
public void visit(SearchResult searchResult) throws NamingException {
Attributes resAttributes = searchResult.getAttributes();
Attribute cnAttr = resAttributes.get("cn");
Object cn = cnAttr.get();
if (cn instanceof String) {
LDAPGroup group = new LDAPGroup();
group.setCommonName((String) cn);
ldapGroups.add(group);
}
}
};
search(visitor, groupDN, filter, groupAttributes, ctx);
}
return ldapGroups;
}
Aggregations