Example 1 with OrFilter
use of org.springframework.ldap.filter.OrFilter in project modesti by jlsalmon.
the class LdapUserService method findByNameAndGroup.
@Override
public List<User> findByNameAndGroup(String query, List<String> groups) {
AndFilter and = new AndFilter();
OrFilter roleOr;
try {
roleOr = memberOf(groups);
} catch (InvalidNameException e) {
throw new RuntimeException("Error querying LDAP server", e);
}
and.and(roleOr);
OrFilter nameOr = new OrFilter();
nameOr.or(new LikeFilter("CN", query + "*")).or(new LikeFilter("givenName", query + "*")).or(new LikeFilter("SN", query + "*"));
and.and(nameOr);
try {
return ldapTemplate.search(ldapUserBase, and.encode(), SearchControls.SUBTREE_SCOPE, null, mapper);
} catch (Exception e) {
// the group search and do only a name-based search.
if (environment.acceptsProfiles("dev")) {
log.warn("Failed to search users using 'memberOf'. Falling back to name-only search");
return ldapTemplate.search(ldapUserBase, nameOr.encode(), SearchControls.SUBTREE_SCOPE, null, mapper);
} else {
throw e;
}
}
}
Also used :
LikeFilter(org.springframework.ldap.filter.LikeFilter)
AndFilter(org.springframework.ldap.filter.AndFilter)
InvalidNameException(javax.naming.InvalidNameException)
OrFilter(org.springframework.ldap.filter.OrFilter)
InvalidNameException(javax.naming.InvalidNameException)
Example 2 with OrFilter
use of org.springframework.ldap.filter.OrFilter in project gocd by gocd.
the class LdapUserSearch method search.
public List<User> search(String username, LdapConfig ldapConfig) {
if (ldapConfig.getBasesConfig().isEmpty()) {
throw new RuntimeException("Atleast one Search Base needs to be configured.");
}
OrFilter filter = new OrFilter();
String searchString = MessageFormat.format("*{0}*", username);
filter.or(new LikeFilter(SAM_ACCOUNT_NAME, searchString));
filter.or(new LikeFilter(UID, searchString));
filter.or(new LikeFilter(COMMON_NAME, searchString));
filter.or(new LikeFilter(MAIL_ID, searchString));
// This field is optional to search based on. Only for alias emails.
filter.or(new LikeFilter(ALIAS_EMAIL_ID, searchString));
//List ldapUserList = template.search(ldapConfig.searchBase(), filter.encode(), attributes);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setCountLimit(MAX_RESULTS);
AttributesMapperCallbackHandler handler = getAttributesMapperCallbackHandler();
for (BaseConfig baseConfig : ldapConfig.getBasesConfig()) {
try {
ldapTemplate.search(baseConfig.getValue(), filter.encode(), controls, handler);
} catch (org.springframework.ldap.LimitExceededException e) {
throw new NotAllResultsShownException(buildUserList(handler.getList()));
}
}
return buildUserList(handler.getList());
}
Also used :
LikeFilter(org.springframework.ldap.filter.LikeFilter)
SearchControls(javax.naming.directory.SearchControls)
OrFilter(org.springframework.ldap.filter.OrFilter)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
AttributesMapperCallbackHandler(org.springframework.ldap.core.AttributesMapperCallbackHandler)
Example 3 with OrFilter
use of org.springframework.ldap.filter.OrFilter in project trainning by fernandotomasio.
the class LDAPNetworkUserDAO method search.
@Override
public List<NetworkUserDTO> search(String uid) throws DAOException {
OrFilter filter = new OrFilter();
filter.or(new LikeFilter("uid", uid));
// AndFilter filter = new AndFilter();
// filter.and(new EqualsFilter("objectclass", "inetOrgPerson"));
// filter.and(new LikeFilter("uid", uid));
System.out.println(filter.toString());
@SuppressWarnings({ "unchecked" }) List<NetworkUserDTO> users = ldapTemplate.search(DistinguishedName.EMPTY_PATH, filter.toString(), new UserAttributesMapper());
return users;
}
Also used :
LikeFilter(org.springframework.ldap.filter.LikeFilter)
NetworkUserDTO(com.tomasio.projects.trainning.dto.NetworkUserDTO)
OrFilter(org.springframework.ldap.filter.OrFilter)
Example 4 with OrFilter
use of org.springframework.ldap.filter.OrFilter in project ddf by codice.
the class RoleClaimsHandler method retrieveClaims.
@Override
public ClaimsCollection retrieveClaims(ClaimsParameters parameters) {
String[] attributes = { groupNameAttribute, memberNameAttribute };
ClaimsCollection claimsColl = new ClaimsCollectionImpl();
Connection connection = null;
try {
Principal principal = parameters.getPrincipal();
String user = attributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ClaimsCollectionImpl();
}
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
String membershipValue = user;
String baseDN = attributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
String userDN = String.format("%s=%s,%s", loginUserAttribute, user, baseDN);
String specificUserBaseDN = baseDN;
while (entryReader.hasNext()) {
if (entryReader.isEntry()) {
SearchResultEntry entry = entryReader.readEntry();
userDN = entry.getName().toString();
specificUserBaseDN = userDN.substring(userDN.indexOf(',') + 1);
if (!membershipUserAttribute.equals(loginUserAttribute)) {
Attribute attr = entry.getAttribute(membershipUserAttribute);
if (attr != null) {
for (ByteString value : attr) {
membershipValue = value.toString();
}
}
}
} else {
// Got a continuation reference
LOGGER.debug("Referral ignored while searching for user {}", user);
entryReader.readReference();
}
}
filter = new AndFilter();
filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new OrFilter().or(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + specificUserBaseDN)).or(new EqualsFilter(getMemberNameAttribute(), userDN)));
if (bindResult.isSuccess()) {
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter);
entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
if (entryReader.isEntry()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(groupNameAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", roleClaimType);
} else {
Claim claim = new ClaimImpl(roleClaimType);
for (ByteString value : attr) {
String itemValue = value.toString();
claim.addValue(itemValue);
}
claimsColl.add(claim);
}
} else {
// Got a continuation reference
LOGGER.debug("Referral ignored while searching for user {}", user);
entryReader.readReference();
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Unable to set role claims.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ClaimImpl(ddf.security.claims.impl.ClaimImpl)
ByteString(org.forgerock.opendj.ldap.ByteString)
OrFilter(org.springframework.ldap.filter.OrFilter)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Principal(java.security.Principal)
Claim(ddf.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 5 with OrFilter
use of org.springframework.ldap.filter.OrFilter in project modesti by jlsalmon.
the class LdapUserService method memberOf.
private OrFilter memberOf(List<String> groups) throws InvalidNameException {
OrFilter or = new OrFilter();
for (String group : groups) {
LdapName ln = new LdapName(ldapGroupFilter);
ln.add(new Rdn("cn", group));
// The magic number will trigger a recursive search of nested groups. It's slow, but it works.
// See https://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx
EqualsFilter filter = new EqualsFilter("memberOf:1.2.840.113556.1.4.1941:", ln.toString());
or.or(filter);
}
return or;
}
Also used :
OrFilter(org.springframework.ldap.filter.OrFilter)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Aggregations
OrFilter (org.springframework.ldap.filter.OrFilter)5
LikeFilter (org.springframework.ldap.filter.LikeFilter)3
AndFilter (org.springframework.ldap.filter.AndFilter)2
EqualsFilter (org.springframework.ldap.filter.EqualsFilter)2
BaseConfig (com.thoughtworks.go.config.server.security.ldap.BaseConfig)1
NetworkUserDTO (com.tomasio.projects.trainning.dto.NetworkUserDTO)1
Claim (ddf.security.claims.Claim)1
ClaimsCollection (ddf.security.claims.ClaimsCollection)1
ClaimImpl (ddf.security.claims.impl.ClaimImpl)1
ClaimsCollectionImpl (ddf.security.claims.impl.ClaimsCollectionImpl)1
Principal (java.security.Principal)1
InvalidNameException (javax.naming.InvalidNameException)1
SearchControls (javax.naming.directory.SearchControls)1
LdapName (javax.naming.ldap.LdapName)1
Rdn (javax.naming.ldap.Rdn)1
Attribute (org.forgerock.opendj.ldap.Attribute)1
ByteString (org.forgerock.opendj.ldap.ByteString)1
Connection (org.forgerock.opendj.ldap.Connection)1
LdapException (org.forgerock.opendj.ldap.LdapException)1
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)1
