@Override
public Set<String> retrieveUserGroups(LdapUserContext userContext) throws LdapException {
Set<String> groups = new HashSet<String>();
try {
Filter groupClassFilter;
if (groupObjectClass != null && !groupObjectClass.isEmpty()) {
groupClassFilter = Filter.createEqualityFilter("objectClass", groupObjectClass);
} else {
groupClassFilter = Filter.createPresenceFilter("objectClass");
}
Filter filter =
Filter.createANDFilter(
groupClassFilter,
Filter.createEqualityFilter(groupMemberAttribute, userContext.getDn()));
LOGGER.debug(filter.toString());
SearchResult searchResult =
ldapConnectionPool.search(
StringUtils.join(groupBase, ','), SearchScope.SUB, filter, "cn");
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
groups.add(entry.getAttributeValue("cn"));
}
return groups;
} catch (com.unboundid.ldap.sdk.LDAPException e) {
throw new LdapException(e);
}
}
public boolean isUserInGroupOrMember(String groupDn, String personDn) {
Filter ownerFilter = Filter.createEqualityFilter("owner", personDn);
Filter memberFilter = Filter.createEqualityFilter("member", personDn);
Filter searchFilter = Filter.createORFilter(ownerFilter, memberFilter);
boolean isMemberOrOwner = false;
try {
isMemberOrOwner =
ldapEntryManager.findEntries(groupDn, UserGroup.class, searchFilter, 1).size() > 0;
} catch (EntryPersistenceException ex) {
log.error(
"Failed to determine if person '{0}' memeber or owner of group '{1}'",
ex, personDn, groupDn);
}
return isMemberOrOwner;
}
@Override
public LdapUserContext findUser(String identityAttributeValue) throws LdapException {
try {
Filter userClassFilter;
if (userObjectClass != null && !userObjectClass.isEmpty()) {
userClassFilter = Filter.createEqualityFilter("objectClass", userObjectClass);
} else {
userClassFilter = Filter.createPresenceFilter("objectClass");
}
Filter filter =
Filter.createANDFilter(
userClassFilter,
Filter.createEqualityFilter(userIdentityAttribute, identityAttributeValue));
LOGGER.debug(filter.toString());
String[] attributesToRetrieve;
if (userAdditionalAttributes != null) {
attributesToRetrieve = userAdditionalAttributes;
if (!ArrayUtils.contains(attributesToRetrieve, "cn")
|| !ArrayUtils.contains(attributesToRetrieve, "CN")) {
ArrayUtils.add(attributesToRetrieve, "cn");
}
} else {
attributesToRetrieve = new String[] {"cn"};
}
SearchResult searchResult =
ldapConnectionPool.search(
StringUtils.join(userBase, ','), SearchScope.SUB, filter, attributesToRetrieve);
if (searchResult.getEntryCount() != 1) {
throw new UnknownAccountException();
}
SearchResultEntry searchResultEntry = searchResult.getSearchEntries().get(0);
String dn = searchResultEntry.getDN();
DefaultLdapUserContext ldapUserContext = internalCreateUser(dn);
ldapUserContext.getKnownAttributes().put("cn", searchResultEntry.getAttributeValue("cn"));
return ldapUserContext;
} catch (com.unboundid.ldap.sdk.LDAPException e) {
throw new LdapException(e);
}
}
/** {@inheritDoc} */
@Override
public Filter toLDAPFilter(
final SCIMFilter filter,
final LDAPRequestInterface ldapInterface,
final LDAPSearchResolver userResolver)
throws InvalidResourceException {
// Only the managerId sub-attribute will ever have a value so filter
// must target that sub-attribute.
String subAttribute = filter.getFilterAttribute().getSubAttributeName();
if (subAttribute == null || !subAttribute.equals("managerId")) {
return null;
}
final String ldapAttributeType = ATTR_MANAGER;
final SCIMFilterType filterType = filter.getFilterType();
final String filterValue = filter.getFilterValue();
// Determine the DN for this member.
try {
switch (filterType) {
// We don't have to worry about AND and OR filter types since they are
// handled earlier by the resource mapper.
case EQUALITY:
{
String dn;
try {
dn = userResolver.getDnFromId(ldapInterface, filterValue);
} catch (ResourceNotFoundException e) {
// Value is not a valid user. Will not match anything.
return null;
}
return Filter.createEqualityFilter(ldapAttributeType, dn);
}
default:
throw new InvalidResourceException(
"Filter type "
+ filterType
+ " is not supported for attribute "
+ getAttributeDescriptor().getName());
}
} catch (Exception e) {
Debug.debugException(e);
throw new InvalidResourceException(e.getMessage());
}
}