Example 6 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method syncBusinessGroup.
private void syncBusinessGroup(LdapContext ctx, BusinessGroup businessGroup, LDAPGroup ldapGroup, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) {
List<Identity> currentMembers = businessGroupRelationDao.getMembers(businessGroup, GroupRoles.coach.name(), GroupRoles.participant.name());
Set<Long> currentMemberKeys = new HashSet<>();
for (Identity currentMember : currentMembers) {
currentMemberKeys.add(currentMember.getKey());
}
List<LDAPUser> coaches = new ArrayList<>(ldapGroup.getCoaches());
List<LDAPUser> participants = new ArrayList<>(ldapGroup.getParticipants());
// transfer member cn's to the participants list
for (String member : ldapGroup.getMembers()) {
try {
LDAPUser ldapUser = getLDAPUser(ctx, member, dnToIdentityKeyMap, errors);
dnToIdentityKeyMap.get(member);
if (ldapUser != null && !participants.contains(ldapUser)) {
participants.add(ldapUser);
}
} catch (Exception e) {
log.error("Cannot retrieve this LDAP group member: " + member, e);
}
}
// transfer to ldap user flagged as coach to the coach list
for (Iterator<LDAPUser> participantIt = participants.iterator(); participantIt.hasNext(); ) {
LDAPUser participant = participantIt.next();
if (participant.isCoach()) {
if (!coaches.contains(participant)) {
coaches.add(participant);
}
participantIt.remove();
}
}
int count = 0;
for (LDAPUser participant : participants) {
IdentityRef memberIdentity = participant.getCachedIdentity();
if (memberIdentity != null && memberIdentity.getKey() != null) {
syncMembership(businessGroup, memberIdentity, false);
currentMemberKeys.remove(memberIdentity.getKey());
}
if (count % 20 == 0) {
dbInstance.commitAndCloseSession();
}
count++;
}
for (LDAPUser coach : coaches) {
IdentityRef memberIdentity = coach.getCachedIdentity();
if (memberIdentity != null && memberIdentity.getKey() != null) {
syncMembership(businessGroup, memberIdentity, true);
currentMemberKeys.remove(memberIdentity.getKey());
}
if (count % 20 == 0) {
dbInstance.commitAndCloseSession();
}
count++;
}
for (Long currentMemberKey : currentMemberKeys) {
Identity currentMember = securityManager.loadIdentityByKey(currentMemberKey);
List<String> roles = businessGroupRelationDao.getRoles(currentMember, businessGroup);
for (String role : roles) {
businessGroupRelationDao.removeRole(currentMember, businessGroup, role);
}
if (count % 20 == 0) {
dbInstance.commitAndCloseSession();
}
count++;
}
dbInstance.commitAndCloseSession();
}
Also used :
ArrayList(java.util.ArrayList)
LDAPUser(org.olat.ldap.model.LDAPUser)
NamingException(javax.naming.NamingException)
AuthenticationException(javax.naming.AuthenticationException)
IdentityRef(org.olat.basesecurity.IdentityRef)
Identity(org.olat.core.id.Identity)
HashSet(java.util.HashSet)
Example 7 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method getLDAPUser.
private LDAPUser getLDAPUser(LdapContext ctx, String member, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) {
LDAPUser ldapUser = dnToIdentityKeyMap.get(member);
IdentityRef identity = ldapUser == null ? null : ldapUser.getCachedIdentity();
if (identity == null) {
String userFilter = syncConfiguration.getLdapUserFilter();
String userDN = member;
LDAPUserVisitor visitor = new LDAPUserVisitor(syncConfiguration);
ldapDao.search(visitor, userDN, userFilter, syncConfiguration.getUserAttributes(), ctx);
List<LDAPUser> ldapUserList = visitor.getLdapUserList();
if (ldapUserList.size() == 1) {
ldapUser = ldapUserList.get(0);
Attributes userAttrs = ldapUser.getAttributes();
identity = findIdentityByLdapAuthentication(userAttrs, errors);
if (identity != null) {
dnToIdentityKeyMap.put(userDN, ldapUser);
}
}
}
return ldapUser;
}
Also used :
IdentityRef(org.olat.basesecurity.IdentityRef)
Attributes(javax.naming.directory.Attributes)
LDAPUser(org.olat.ldap.model.LDAPUser)
Example 8 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPLoginTest method testCronSync.
@Test
@Ignore
public void testCronSync() throws Exception {
Assume.assumeTrue(ldapLoginModule.isLDAPEnabled());
LdapContext ctx;
List<LDAPUser> ldapUserList;
List<Attributes> newLdapUserList;
Map<Identity, Map<String, String>> changedMapIdenityMap;
List<Identity> deletedUserList;
LDAPError errors = new LDAPError();
// find user changed after 2010,01,09,00,00
ctx = ldapManager.bindSystem();
Calendar cal = Calendar.getInstance();
cal.set(2010, 0, 10, 0, 0, 0);
Date syncDate = cal.getTime();
ldapUserList = ldapDao.getUserAttributesModifiedSince(syncDate, ctx);
assertEquals(1, ldapUserList.size());
// find all users
syncDate = null;
ldapUserList = ldapDao.getUserAttributesModifiedSince(syncDate, ctx);
assertEquals(6, ldapUserList.size());
// prepare create- and sync-Lists for each user from defined syncTime
Identity idenity;
Map<String, String> changedAttrMap;
newLdapUserList = new LinkedList<Attributes>();
changedMapIdenityMap = new HashMap<Identity, Map<String, String>>();
for (int i = 0; i < ldapUserList.size(); i++) {
Attributes userAttrs = ldapUserList.get(i).getAttributes();
String user = getAttributeValue(userAttrs.get(syncConfiguration.getOlatPropertyToLdapAttribute("userID")));
idenity = ldapManager.findIdentityByLdapAuthentication(userAttrs, errors);
if (idenity != null) {
changedAttrMap = ldapManager.prepareUserPropertyForSync(userAttrs, idenity);
if (changedAttrMap != null)
changedMapIdenityMap.put(idenity, changedAttrMap);
} else {
if (errors.isEmpty()) {
String[] reqAttrs = syncConfiguration.checkRequestAttributes(userAttrs);
if (reqAttrs == null)
newLdapUserList.add(userAttrs);
else
System.out.println("Cannot create User " + user + " required Attributes are missing");
} else
System.out.println(errors.get());
}
}
// create Users in LDAP Group only existing in OLAT
User user1 = UserManager.getInstance().createUser("hansi", "hürlima", "hansi@hansli.com");
Identity identity1 = securityManager.createAndPersistIdentityAndUser("hansi", null, user1, "LDAP", "hansi");
SecurityGroup secGroup1 = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
securityManager.addIdentityToSecurityGroup(identity1, secGroup1);
user1 = UserManager.getInstance().createUser("chaspi", "meier", "chaspi@hansli.com");
identity1 = securityManager.createAndPersistIdentityAndUser("chaspi", null, user1, "LDAP", "chaspi");
securityManager.addIdentityToSecurityGroup(identity1, secGroup1);
// create User to Delete List
deletedUserList = ldapManager.getIdentitysDeletedInLdap(ctx);
assertEquals(4, (deletedUserList.size()));
// sync users
Iterator<Identity> itrIdent = changedMapIdenityMap.keySet().iterator();
while (itrIdent.hasNext()) {
Identity ident = itrIdent.next();
ldapManager.syncUser(changedMapIdenityMap.get(ident), ident);
}
// create all users
for (int i = 0; i < newLdapUserList.size(); i++) {
ldapManager.createAndPersistUser(newLdapUserList.get(i));
}
// delete all users
ldapManager.deletIdentities(deletedUserList);
// check if users are deleted
deletedUserList = ldapManager.getIdentitysDeletedInLdap(ctx);
assertEquals(0, (deletedUserList.size()));
}
Also used :
LDAPUser(org.olat.ldap.model.LDAPUser)
User(org.olat.core.id.User)
Calendar(java.util.Calendar)
Attributes(javax.naming.directory.Attributes)
LDAPUser(org.olat.ldap.model.LDAPUser)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Date(java.util.Date)
Identity(org.olat.core.id.Identity)
HashMap(java.util.HashMap)
Map(java.util.Map)
LdapContext(javax.naming.ldap.LdapContext)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 9 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPLoginManagerImpl method doBatchSync.
/**
* Execute Batch Sync. Will update all Attributes of LDAP users in OLAt, create new users and delete users in OLAT.
* Can be configured in ldapContext.xml
*
* @param LDAPError
*/
@Override
public boolean doBatchSync(LDAPError errors) {
// property read.
synchronized (LDAPLoginManagerImpl.class) {
if (batchSyncIsRunning) {
// don't run twice, skip this execution
log.info("LDAP user doBatchSync started, but another job is still running - skipping this sync");
errors.insert("BatchSync already running by concurrent process");
return false;
}
}
WorkThreadInformations.setLongRunningTask("ldapSync");
coordinator.getEventBus().fireEventToListenersOf(new LDAPEvent(LDAPEvent.SYNCHING), ldapSyncLockOres);
lastSyncDate = null;
LdapContext ctx = null;
boolean success = false;
try {
acquireSyncLock();
long startTime = System.currentTimeMillis();
ctx = bindSystem();
if (ctx == null) {
errors.insert("LDAP connection ERROR");
log.error("LDAP batch sync: LDAP connection empty", null);
freeSyncLock();
success = false;
return success;
}
Date timeBeforeSync = new Date();
// check server capabilities
// Get time before sync to have a save sync time when sync is successful
String sinceSentence = (lastSyncDate == null ? "" : " since last sync from " + lastSyncDate);
doBatchSyncDeletedUsers(ctx, sinceSentence);
// bind again to use an initial unmodified context. lookup of server-properties might fail otherwise!
ctx.close();
ctx = bindSystem();
Map<String, LDAPUser> dnToIdentityKeyMap = new HashMap<>();
List<LDAPUser> ldapUsers = doBatchSyncNewAndModifiedUsers(ctx, sinceSentence, dnToIdentityKeyMap, errors);
ctx.close();
ctx = bindSystem();
// sync groups by LDAP groups or attributes
doBatchSyncGroups(ctx, ldapUsers, dnToIdentityKeyMap, errors);
// sync roles
doBatchSyncRoles(ctx, ldapUsers, dnToIdentityKeyMap, errors);
// update sync time and set running flag
lastSyncDate = timeBeforeSync;
ctx.close();
success = true;
log.audit("LDAP batch sync done: " + success + " in " + ((System.currentTimeMillis() - startTime) / 1000) + "s");
return success;
} catch (Exception e) {
errors.insert("Unknown error");
log.error("LDAP batch sync, unknown reason", e);
success = false;
return success;
} finally {
WorkThreadInformations.unsetLongRunningTask("ldapSync");
freeSyncLock();
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// try but failed silently
}
}
LDAPEvent endEvent = new LDAPEvent(LDAPEvent.SYNCHING_ENDED);
endEvent.setTimestamp(new Date());
endEvent.setSuccess(success);
endEvent.setErrors(errors);
coordinator.getEventBus().fireEventToListenersOf(endEvent, ldapSyncLockOres);
}
}
Also used :
HashMap(java.util.HashMap)
LDAPUser(org.olat.ldap.model.LDAPUser)
LDAPEvent(org.olat.ldap.LDAPEvent)
Date(java.util.Date)
NamingException(javax.naming.NamingException)
AuthenticationException(javax.naming.AuthenticationException)
NamingException(javax.naming.NamingException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
Example 10 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPLoginManagerImpl method doBatchSyncRoles.
private void doBatchSyncRoles(LdapContext ctx, List<LDAPUser> ldapUsers, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) throws NamingException {
ctx.close();
ctx = bindSystem();
// authors
if (syncConfiguration.getAuthorsGroupBase() != null && syncConfiguration.getAuthorsGroupBase().size() > 0) {
List<LDAPGroup> authorGroups = ldapDao.searchGroups(ctx, syncConfiguration.getAuthorsGroupBase());
syncRole(ctx, authorGroups, Constants.GROUP_AUTHORS, dnToIdentityKeyMap, errors);
}
// user managers
if (syncConfiguration.getUserManagersGroupBase() != null && syncConfiguration.getUserManagersGroupBase().size() > 0) {
List<LDAPGroup> userManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getUserManagersGroupBase());
syncRole(ctx, userManagerGroups, Constants.GROUP_USERMANAGERS, dnToIdentityKeyMap, errors);
}
// group managers
if (syncConfiguration.getGroupManagersGroupBase() != null && syncConfiguration.getGroupManagersGroupBase().size() > 0) {
List<LDAPGroup> groupManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getGroupManagersGroupBase());
syncRole(ctx, groupManagerGroups, Constants.GROUP_GROUPMANAGERS, dnToIdentityKeyMap, errors);
}
// question pool managers
if (syncConfiguration.getQpoolManagersGroupBase() != null && syncConfiguration.getQpoolManagersGroupBase().size() > 0) {
List<LDAPGroup> qpoolManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getQpoolManagersGroupBase());
syncRole(ctx, qpoolManagerGroups, Constants.GROUP_POOL_MANAGER, dnToIdentityKeyMap, errors);
}
// learning resource manager
if (syncConfiguration.getLearningResourceManagersGroupBase() != null && syncConfiguration.getLearningResourceManagersGroupBase().size() > 0) {
List<LDAPGroup> resourceManagerGroups = ldapDao.searchGroups(ctx, syncConfiguration.getLearningResourceManagersGroupBase());
syncRole(ctx, resourceManagerGroups, Constants.GROUP_INST_ORES_MANAGER, dnToIdentityKeyMap, errors);
}
int count = 0;
boolean syncAuthor = StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getAuthorRoleValue());
boolean syncUserManager = StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getUserManagerRoleValue());
boolean syncGroupManager = StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getGroupManagerRoleValue());
boolean syncQpoolManager = StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getQpoolManagerRoleValue());
boolean syncLearningResourceManager = StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleAttribute()) && StringHelper.containsNonWhitespace(syncConfiguration.getLearningResourceManagerRoleValue());
for (LDAPUser ldapUser : ldapUsers) {
if (syncAuthor && ldapUser.isAuthor()) {
syncRole(ldapUser, Constants.GROUP_AUTHORS);
count++;
}
if (syncUserManager && ldapUser.isUserManager()) {
syncRole(ldapUser, Constants.GROUP_USERMANAGERS);
count++;
}
if (syncGroupManager && ldapUser.isGroupManager()) {
syncRole(ldapUser, Constants.GROUP_GROUPMANAGERS);
count++;
}
if (syncQpoolManager && ldapUser.isQpoolManager()) {
syncRole(ldapUser, Constants.GROUP_POOL_MANAGER);
count++;
}
if (syncLearningResourceManager && ldapUser.isLearningResourceManager()) {
syncRole(ldapUser, Constants.GROUP_INST_ORES_MANAGER);
count++;
}
if (count > 20) {
dbInstance.commitAndCloseSession();
count = 0;
}
}
dbInstance.commitAndCloseSession();
}Aggregations
LDAPUser (org.olat.ldap.model.LDAPUser)22
Attributes (javax.naming.directory.Attributes)10
IdentityRef (org.olat.basesecurity.IdentityRef)8
Identity (org.olat.core.id.Identity)8
HashMap (java.util.HashMap)6
AuthenticationException (javax.naming.AuthenticationException)6
NamingException (javax.naming.NamingException)6
LdapContext (javax.naming.ldap.LdapContext)6
LDAPGroup (org.olat.ldap.model.LDAPGroup)6
ArrayList (java.util.ArrayList)4
Date (java.util.Date)4
Map (java.util.Map)4
InitialLdapContext (javax.naming.ldap.InitialLdapContext)4
SimpleDateFormat (java.text.SimpleDateFormat)2
Calendar (java.util.Calendar)2
HashSet (java.util.HashSet)2
Ignore (org.junit.Ignore)2
Test (org.junit.Test)2
SecurityGroup (org.olat.basesecurity.SecurityGroup)2
IdentityRefImpl (org.olat.basesecurity.model.IdentityRefImpl)2
