Example 11 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPLoginManagerImpl method createAndPersistUser.
@Override
public Identity createAndPersistUser(String uid) {
String ldapUserIDAttribute = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
String filter = ldapDao.buildSearchUserFilter(ldapUserIDAttribute, uid);
LdapContext ctx = bindSystem();
String userDN = ldapDao.searchUserDNByUid(uid, ctx);
log.info("create and persist user identifier by userDN: " + userDN + " with filter: " + filter);
LDAPUserVisitor visitor = new LDAPUserVisitor(syncConfiguration);
ldapDao.search(visitor, userDN, filter, syncConfiguration.getUserAttributes(), ctx);
Identity newIdentity = null;
List<LDAPUser> ldapUser = visitor.getLdapUserList();
if (ldapUser != null && ldapUser.size() > 0) {
Attributes userAttributes = ldapUser.get(0).getAttributes();
newIdentity = createAndPersistUser(userAttributes);
}
return newIdentity;
}
Also used :
Attributes(javax.naming.directory.Attributes)
LDAPUser(org.olat.ldap.model.LDAPUser)
Identity(org.olat.core.id.Identity)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
Example 12 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPLoginManagerImpl method doBatchSyncNewAndModifiedUsers.
private List<LDAPUser> doBatchSyncNewAndModifiedUsers(LdapContext ctx, String sinceSentence, Map<String, LDAPUser> dnToIdentityKeyMap, LDAPError errors) {
// Get new and modified users from LDAP
int count = 0;
List<LDAPUser> ldapUserList = ldapDao.getUserAttributesModifiedSince(lastSyncDate, ctx);
// Check for new and modified users
List<LDAPUser> newLdapUserList = new ArrayList<LDAPUser>();
Map<IdentityRef, Map<String, String>> changedMapIdentityMap = new HashMap<>();
for (LDAPUser ldapUser : ldapUserList) {
String user = null;
try {
Attributes userAttrs = ldapUser.getAttributes();
String uidProp = syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER);
user = getAttributeValue(userAttrs.get(uidProp));
Identity identity = findIdentityByLdapAuthentication(userAttrs, errors);
if (identity != null) {
Map<String, String> changedAttrMap = prepareUserPropertyForSync(userAttrs, identity);
if (changedAttrMap != null) {
changedMapIdentityMap.put(identity, changedAttrMap);
}
if (StringHelper.containsNonWhitespace(ldapUser.getDn())) {
dnToIdentityKeyMap.put(ldapUser.getDn(), ldapUser);
ldapUser.setCachedIdentity(new IdentityRefImpl(identity.getKey()));
}
} else if (errors.isEmpty()) {
String[] reqAttrs = syncConfiguration.checkRequestAttributes(userAttrs);
if (reqAttrs == null) {
newLdapUserList.add(ldapUser);
} else {
log.warn("LDAP batch sync: can't create user with username::" + user + " : missing required attributes::" + ArrayUtils.toString(reqAttrs), null);
}
} else {
log.warn(errors.get(), null);
}
} catch (Exception e) {
// catch here to go on with other users on exeptions!
log.error("some error occured in looping over set of changed user-attributes, actual user " + user + ". Will still continue with others.", e);
errors.insert("Cannot sync user: " + user);
} finally {
dbInstance.commit();
if (count % 10 == 0) {
dbInstance.closeSession();
}
}
if (count % 1000 == 0) {
log.info("Retrieve " + count + "/" + ldapUserList.size() + " users in LDAP server");
}
count++;
}
// sync existing users
if (changedMapIdentityMap == null || changedMapIdentityMap.isEmpty()) {
log.info("LDAP batch sync: no users to sync" + sinceSentence);
} else {
int syncCount = 0;
for (IdentityRef ident : changedMapIdentityMap.keySet()) {
// sync user is exception save, no try/catch needed
try {
syncCount++;
syncUser(changedMapIdentityMap.get(ident), ident);
} catch (Exception e) {
errors.insert("Cannot sync user: " + ident);
} finally {
dbInstance.commit();
if (syncCount % 20 == 0) {
dbInstance.closeSession();
}
}
if (syncCount % 1000 == 0) {
log.info("Update " + syncCount + "/" + changedMapIdentityMap.size() + " LDAP users");
}
}
log.info("LDAP batch sync: " + changedMapIdentityMap.size() + " users synced" + sinceSentence);
}
// create new users
if (newLdapUserList.isEmpty()) {
log.info("LDAP batch sync: no users to create" + sinceSentence);
} else {
int newCount = 0;
for (LDAPUser ldapUser : newLdapUserList) {
Attributes userAttrs = ldapUser.getAttributes();
try {
newCount++;
Identity identity = createAndPersistUser(userAttrs);
if (identity != null && StringHelper.containsNonWhitespace(ldapUser.getDn())) {
dnToIdentityKeyMap.put(ldapUser.getDn(), ldapUser);
ldapUser.setCachedIdentity(new IdentityRefImpl(identity.getKey()));
}
} catch (Exception e) {
// catch here to go on with other users on exeptions!
log.error("some error occured while creating new users, actual userAttribs " + userAttrs + ". Will still continue with others.", e);
} finally {
dbInstance.commit();
if (newCount % 20 == 0) {
dbInstance.closeSession();
}
}
if (newCount % 1000 == 0) {
log.info("Create " + count + "/" + newLdapUserList.size() + " LDAP users");
}
}
log.info("LDAP batch sync: " + newLdapUserList.size() + " users created" + sinceSentence);
}
dbInstance.commitAndCloseSession();
return ldapUserList;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
LDAPUser(org.olat.ldap.model.LDAPUser)
NamingException(javax.naming.NamingException)
AuthenticationException(javax.naming.AuthenticationException)
IdentityRefImpl(org.olat.basesecurity.model.IdentityRefImpl)
IdentityRef(org.olat.basesecurity.IdentityRef)
Identity(org.olat.core.id.Identity)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 13 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project openolat by klemens.
the class LDAPUserVisitor method visit.
@Override
public void visit(SearchResult searchResult) throws NamingException {
Attributes resAttribs = searchResult.getAttributes();
String dn = searchResult.getNameInNamespace();
LDAPUser ldapUser = new LDAPUser();
ldapUser.setDn(dn);
ldapUser.setAttributes(resAttribs);
ldapUser.setCoach(hasAttributeValue(resAttribs, syncConfiguration.getCoachRoleAttribute(), syncConfiguration.getCoachRoleValue()));
ldapUser.setAuthor(hasAttributeValue(resAttribs, syncConfiguration.getAuthorRoleAttribute(), syncConfiguration.getAuthorRoleValue()));
ldapUser.setUserManager(hasAttributeValue(resAttribs, syncConfiguration.getUserManagerRoleAttribute(), syncConfiguration.getUserManagerRoleValue()));
ldapUser.setGroupManager(hasAttributeValue(resAttribs, syncConfiguration.getGroupManagerRoleAttribute(), syncConfiguration.getGroupManagerRoleValue()));
ldapUser.setQpoolManager(hasAttributeValue(resAttribs, syncConfiguration.getQpoolManagerRoleAttribute(), syncConfiguration.getQpoolManagerRoleValue()));
ldapUser.setLearningResourceManager(hasAttributeValue(resAttribs, syncConfiguration.getLearningResourceManagerRoleAttribute(), syncConfiguration.getLearningResourceManagerRoleValue()));
List<String> groupList = parseGroupList(resAttribs, syncConfiguration.getGroupAttribute(), syncConfiguration.getGroupAttributeSeparator());
ldapUser.setGroupIds(groupList);
List<String> coachedGroupList = parseGroupList(resAttribs, syncConfiguration.getCoachedGroupAttribute(), syncConfiguration.getCoachedGroupAttributeSeparator());
ldapUser.setCoachedGroupIds(coachedGroupList);
ldapUserList.add(ldapUser);
}
Also used :
Attributes(javax.naming.directory.Attributes)
LDAPUser(org.olat.ldap.model.LDAPUser)
Example 14 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project OpenOLAT by OpenOLAT.
the class LDAPDAO method getUserAttributesModifiedSince.
/**
* Creates list of all LDAP Users or changed Users since syncTime
*
* Configuration: userAttr = ldapContext.xml (property=userAttrs) LDAP Base =
* ldapContext.xml (property=ldapBase)
*
* @param syncTime The time to search in LDAP for changes since this time.
* SyncTime has to formatted: JJJJMMddHHmm
* @param ctx The LDAP system connection, if NULL or closed NamingExecpiton is
* thrown
*
* @return Returns list of Arguments of found users or empty list if search
* fails or nothing is changed
*
* @throws NamingException
*/
public List<LDAPUser> getUserAttributesModifiedSince(Date syncTime, LdapContext ctx) {
final boolean debug = log.isDebug();
String userFilter = syncConfiguration.getLdapUserFilter();
StringBuilder filter = new StringBuilder();
if (syncTime == null) {
if (debug)
log.debug("LDAP get user attribs since never -> full sync!");
if (filter != null) {
filter.append(userFilter);
}
} else {
String dateFormat = ldapLoginModule.getLdapDateFormat();
SimpleDateFormat generalizedTimeFormatter = new SimpleDateFormat(dateFormat);
generalizedTimeFormatter.setTimeZone(UTC_TIME_ZONE);
String syncTimeForm = generalizedTimeFormatter.format(syncTime);
if (debug)
log.debug("LDAP get user attribs since " + syncTime + " -> means search with date restriction-filter: " + syncTimeForm);
if (userFilter != null) {
// merge user filter with time fileter using and rule
filter.append("(&").append(userFilter);
}
filter.append("(|(");
filter.append(syncConfiguration.getLdapUserLastModifiedTimestampAttribute()).append(">=").append(syncTimeForm);
filter.append(")(");
filter.append(syncConfiguration.getLdapUserCreatedTimestampAttribute()).append(">=").append(syncTimeForm);
filter.append("))");
if (userFilter != null) {
filter.append(")");
}
}
String[] userAttrs = getEnhancedUserAttributes();
LDAPUserVisitor userVisitor = new LDAPUserVisitor(syncConfiguration);
searchInLdap(userVisitor, filter.toString(), userAttrs, ctx);
List<LDAPUser> ldapUserList = userVisitor.getLdapUserList();
if (debug) {
log.debug("attrib search returned " + ldapUserList.size() + " results");
}
return ldapUserList;
}
Also used :
LDAPUser(org.olat.ldap.model.LDAPUser)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 15 with LDAPUser
use of org.olat.ldap.model.LDAPUser in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method doSyncGroupByAttribute.
private void doSyncGroupByAttribute(List<LDAPUser> ldapUsers, Map<String, LDAPGroup> cnToGroupMap) {
for (LDAPUser ldapUser : ldapUsers) {
List<String> groupIds = ldapUser.getGroupIds();
List<String> coachedGroupIds = ldapUser.getCoachedGroupIds();
if ((groupIds != null && groupIds.size() > 0) || (coachedGroupIds != null && coachedGroupIds.size() > 0)) {
IdentityRef identity = ldapUser.getCachedIdentity();
if (identity == null) {
log.error("Identity with dn=" + ldapUser.getDn() + " not found");
} else {
if (groupIds != null && groupIds.size() > 0) {
for (String groupId : groupIds) {
if (!cnToGroupMap.containsKey(groupId)) {
cnToGroupMap.put(groupId, new LDAPGroup(groupId));
}
cnToGroupMap.get(groupId).getParticipants().add(ldapUser);
}
}
if (coachedGroupIds != null && coachedGroupIds.size() > 0) {
for (String coachedGroupId : coachedGroupIds) {
if (!cnToGroupMap.containsKey(coachedGroupId)) {
cnToGroupMap.put(coachedGroupId, new LDAPGroup(coachedGroupId));
}
cnToGroupMap.get(coachedGroupId).getCoaches().add(ldapUser);
}
}
}
}
}
}
Also used :
IdentityRef(org.olat.basesecurity.IdentityRef)
LDAPUser(org.olat.ldap.model.LDAPUser)
LDAPGroup(org.olat.ldap.model.LDAPGroup)
Aggregations
LDAPUser (org.olat.ldap.model.LDAPUser)22
Attributes (javax.naming.directory.Attributes)10
IdentityRef (org.olat.basesecurity.IdentityRef)8
Identity (org.olat.core.id.Identity)8
HashMap (java.util.HashMap)6
AuthenticationException (javax.naming.AuthenticationException)6
NamingException (javax.naming.NamingException)6
LdapContext (javax.naming.ldap.LdapContext)6
LDAPGroup (org.olat.ldap.model.LDAPGroup)6
ArrayList (java.util.ArrayList)4
Date (java.util.Date)4
Map (java.util.Map)4
InitialLdapContext (javax.naming.ldap.InitialLdapContext)4
SimpleDateFormat (java.text.SimpleDateFormat)2
Calendar (java.util.Calendar)2
HashSet (java.util.HashSet)2
Ignore (org.junit.Ignore)2
Test (org.junit.Test)2
SecurityGroup (org.olat.basesecurity.SecurityGroup)2
IdentityRefImpl (org.olat.basesecurity.model.IdentityRefImpl)2
