Example 6 with LDAPGroup
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method syncUserGroups.
/**
* The method search in LDAP the user, search the groups
* of which it is member of, and sync the groups.
*
* @param identity The identity to sync
*/
@Override
public void syncUserGroups(Identity identity) {
LdapContext ctx = bindSystem();
if (ctx == null) {
log.error("could not bind to ldap", null);
}
String ldapUserIDAttribute = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
String filter = ldapDao.buildSearchUserFilter(ldapUserIDAttribute, identity.getName());
boolean withCoacheOfGroups = StringHelper.containsNonWhitespace(syncConfiguration.getCoachedGroupAttribute());
List<String> ldapBases = syncConfiguration.getLdapBases();
String[] searchAttr;
if (withCoacheOfGroups) {
searchAttr = new String[] { "dn", syncConfiguration.getCoachedGroupAttribute() };
} else {
searchAttr = new String[] { "dn" };
}
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(searchAttr);
String userDN = null;
List<String> groupList = null;
for (String ldapBase : ldapBases) {
try {
NamingEnumeration<SearchResult> enm = ctx.search(ldapBase, filter, ctls);
while (enm.hasMore()) {
SearchResult result = enm.next();
userDN = result.getNameInNamespace();
if (withCoacheOfGroups) {
Attributes resAttributes = result.getAttributes();
Attribute coachOfGroupsAttr = resAttributes.get(syncConfiguration.getCoachedGroupAttribute());
if (coachOfGroupsAttr != null && coachOfGroupsAttr.get() instanceof String) {
String groupString = (String) coachOfGroupsAttr.get();
if (!"-".equals(groupString)) {
String[] groupArr = groupString.split(syncConfiguration.getCoachedGroupAttributeSeparator());
groupList = new ArrayList<>(groupArr.length);
for (String group : groupArr) {
groupList.add(group);
}
}
}
}
}
if (userDN != null) {
break;
}
} catch (NamingException e) {
log.error("NamingException when trying to bind user with username::" + identity.getName() + " on ldapBase::" + ldapBase, e);
}
}
// get the potential groups
if (userDN != null) {
List<String> groupDNs = syncConfiguration.getLdapGroupBases();
String groupFilter = "(&(objectClass=groupOfNames)(member=" + userDN + "))";
List<LDAPGroup> groups = ldapDao.searchGroups(ctx, groupDNs, groupFilter);
for (LDAPGroup group : groups) {
BusinessGroup managedGroup = getManagerBusinessGroup(group.getCommonName());
if (managedGroup != null) {
List<String> roles = businessGroupRelationDao.getRoles(identity, managedGroup);
if (roles.isEmpty()) {
boolean coach = groupList != null && groupList.contains(group.getCommonName());
if (coach) {
businessGroupRelationDao.addRole(identity, managedGroup, GroupRoles.coach.name());
} else {
businessGroupRelationDao.addRole(identity, managedGroup, GroupRoles.participant.name());
}
}
}
}
}
}
Also used :
Attribute(javax.naming.directory.Attribute)
BasicAttribute(javax.naming.directory.BasicAttribute)
BusinessGroup(org.olat.group.BusinessGroup)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
LDAPGroup(org.olat.ldap.model.LDAPGroup)
SearchControls(javax.naming.directory.SearchControls)
NamingException(javax.naming.NamingException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
Example 7 with LDAPGroup
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method doSyncGroupByAttribute.
private void doSyncGroupByAttribute(List<LDAPUser> ldapUsers, Map<String, LDAPGroup> cnToGroupMap) {
for (LDAPUser ldapUser : ldapUsers) {
List<String> groupIds = ldapUser.getGroupIds();
List<String> coachedGroupIds = ldapUser.getCoachedGroupIds();
if ((groupIds != null && groupIds.size() > 0) || (coachedGroupIds != null && coachedGroupIds.size() > 0)) {
IdentityRef identity = ldapUser.getCachedIdentity();
if (identity == null) {
log.error("Identity with dn=" + ldapUser.getDn() + " not found");
} else {
if (groupIds != null && groupIds.size() > 0) {
for (String groupId : groupIds) {
if (!cnToGroupMap.containsKey(groupId)) {
cnToGroupMap.put(groupId, new LDAPGroup(groupId));
}
cnToGroupMap.get(groupId).getParticipants().add(ldapUser);
}
}
if (coachedGroupIds != null && coachedGroupIds.size() > 0) {
for (String coachedGroupId : coachedGroupIds) {
if (!cnToGroupMap.containsKey(coachedGroupId)) {
cnToGroupMap.put(coachedGroupId, new LDAPGroup(coachedGroupId));
}
cnToGroupMap.get(coachedGroupId).getCoaches().add(ldapUser);
}
}
}
}
}
}
Also used :
IdentityRef(org.olat.basesecurity.IdentityRef)
LDAPUser(org.olat.ldap.model.LDAPUser)
LDAPGroup(org.olat.ldap.model.LDAPGroup)
Example 8 with LDAPGroup
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method doBatchSyncGroups.
private void doBatchSyncGroups(LdapContext ctx, List<LDAPUser> ldapUsers, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) throws NamingException {
ctx.close();
log.info("LDAP batch sync LDAP user to OO groups");
ctx = bindSystem();
// sync groups by LDAP groups or attributes
Map<String, LDAPGroup> cnToGroupMap = new HashMap<>();
// retrieve all ldap group's with their list of members
if (syncConfiguration.syncGroupWithLDAPGroup()) {
List<String> groupDNs = syncConfiguration.getLdapGroupBases();
List<LDAPGroup> ldapGroups = ldapDao.searchGroups(ctx, groupDNs);
for (LDAPGroup ldapGroup : ldapGroups) {
cnToGroupMap.put(ldapGroup.getCommonName(), ldapGroup);
}
}
if (syncConfiguration.syncGroupWithAttribute()) {
doSyncGroupByAttribute(ldapUsers, cnToGroupMap);
}
int syncGroupCount = 0;
for (LDAPGroup group : cnToGroupMap.values()) {
BusinessGroup managedGroup = getManagerBusinessGroup(group.getCommonName());
if (managedGroup != null) {
syncBusinessGroup(ctx, managedGroup, group, dnToIdentityKeyMap, errors);
}
dbInstance.commitAndCloseSession();
if (syncGroupCount % 100 == 0) {
log.info("Synched " + syncGroupCount + "/" + cnToGroupMap.size() + " LDAP groups");
}
syncGroupCount++;
}
}
Also used :
HashMap(java.util.HashMap)
BusinessGroup(org.olat.group.BusinessGroup)
LDAPGroup(org.olat.ldap.model.LDAPGroup)
Example 9 with LDAPGroup
use of org.olat.ldap.model.LDAPGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method doBatchSyncRoles.
private void doBatchSyncRoles(LdapContext ctx, List<LDAPUser> ldapUsers, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) throws NamingException {
ctx.close();
ctx = bindSystem();
// authors
if (syncConfiguration.getAuthorsGroupBase() != null && syncConfiguration.getAuthorsGroupBase().size() > 0) {
List<LDAPGroup> authorGroups = ldapDao.searchGroups(ctx, syncConfiguration.getAuthorsGroupBase());
syncRole(ctx, authorGroups, Constants.GROUP_AUTHORS, dnToIdentityKeyMap, errors);
}
// user managers
if (syncConfiguration.getUserManagersGroupBase() != null && syncConfiguration.getUserManagersGroupBase().size() > 0) {
List<LDAPGroup> userManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getUserManagersGroupBase());
syncRole(ctx, userManagerGroups, Constants.GROUP_USERMANAGERS, dnToIdentityKeyMap, errors);
}
// group managers
if (syncConfiguration.getGroupManagersGroupBase() != null && syncConfiguration.getGroupManagersGroupBase().size() > 0) {
List<LDAPGroup> groupManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getGroupManagersGroupBase());
syncRole(ctx, groupManagerGroups, Constants.GROUP_GROUPMANAGERS, dnToIdentityKeyMap, errors);
}
// question pool managers
if (syncConfiguration.getQpoolManagersGroupBase() != null && syncConfiguration.getQpoolManagersGroupBase().size() > 0) {
List<LDAPGroup> qpoolManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getQpoolManagersGroupBase());
syncRole(ctx, qpoolManagerGroups, Constants.GROUP_POOL_MANAGER, dnToIdentityKeyMap, errors);
}
// learning resource manager
if (syncConfiguration.getLearningResourceManagersGroupBase() != null && syncConfiguration.getLearningResourceManagersGroupBase().size() > 0) {
List<LDAPGroup> resourceManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getLearningResourceManagersGroupBase());
syncRole(ctx, resourceManagerGroups, Constants.GROUP_INST_ORES_MANAGER, dnToIdentityKeyMap, errors);
}
int count = 0;
boolean syncAuthor = StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleValue());
boolean syncUserManager = StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleValue());
boolean syncGroupManager = StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleValue());
boolean syncQpoolManager = StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleValue());
boolean syncLearningResourceManager = StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleValue());
for (LDAPUser ldapUser : ldapUsers) {
if (syncAuthor && ldapUser.isAuthor()) {
syncRole(ldapUser, Constants.GROUP_AUTHORS);
count++;
}
if (syncUserManager && ldapUser.isUserManager()) {
syncRole(ldapUser, Constants.GROUP_USERMANAGERS);
count++;
}
if (syncGroupManager && ldapUser.isGroupManager()) {
syncRole(ldapUser, Constants.GROUP_GROUPMANAGERS);
count++;
}
if (syncQpoolManager && ldapUser.isQpoolManager()) {
syncRole(ldapUser, Constants.GROUP_POOL_MANAGER);
count++;
}
if (syncLearningResourceManager && ldapUser.isLearningResourceManager()) {
syncRole(ldapUser, Constants.GROUP_INST_ORES_MANAGER);
count++;
}
if (count > 20) {
dbInstance.commitAndCloseSession();
count = 0;
}
}
dbInstance.commitAndCloseSession();
}Example 10 with LDAPGroup
use of org.olat.ldap.model.LDAPGroup in project openolat by klemens.
the class LDAPDAO method searchGroups.
public List<LDAPGroup> searchGroups(LdapContext ctx, List<String> groupDNs, String filter) {
final List<LDAPGroup> ldapGroups = new ArrayList<>();
String[] groupAttributes = new String[] { "cn" };
for (String groupDN : groupDNs) {
LDAPVisitor visitor = new LDAPVisitor() {
@Override
public void visit(SearchResult searchResult) throws NamingException {
Attributes resAttributes = searchResult.getAttributes();
Attribute cnAttr = resAttributes.get("cn");
Object cn = cnAttr.get();
if (cn instanceof String) {
LDAPGroup group = new LDAPGroup();
group.setCommonName((String) cn);
ldapGroups.add(group);
}
}
};
search(visitor, groupDN, filter, groupAttributes, ctx);
}
return ldapGroups;
}
Also used :
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
LDAPGroup(org.olat.ldap.model.LDAPGroup)
Aggregations
LDAPGroup (org.olat.ldap.model.LDAPGroup)14
Attribute (javax.naming.directory.Attribute)6
Attributes (javax.naming.directory.Attributes)6
LDAPUser (org.olat.ldap.model.LDAPUser)6
ArrayList (java.util.ArrayList)4
NamingException (javax.naming.NamingException)4
SearchResult (javax.naming.directory.SearchResult)4
BusinessGroup (org.olat.group.BusinessGroup)4
HashMap (java.util.HashMap)2
BasicAttribute (javax.naming.directory.BasicAttribute)2
SearchControls (javax.naming.directory.SearchControls)2
InitialLdapContext (javax.naming.ldap.InitialLdapContext)2
LdapContext (javax.naming.ldap.LdapContext)2
IdentityRef (org.olat.basesecurity.IdentityRef)2
