Exemplo n.º 1
0
 @Override
 public Set<String> retrieveUserGroups(LdapUserContext userContext) throws LdapException {
   Set<String> groups = new HashSet<String>();
   try {
     Filter groupClassFilter;
     if (groupObjectClass != null && !groupObjectClass.isEmpty()) {
       groupClassFilter = Filter.createEqualityFilter("objectClass", groupObjectClass);
     } else {
       groupClassFilter = Filter.createPresenceFilter("objectClass");
     }
     Filter filter =
         Filter.createANDFilter(
             groupClassFilter,
             Filter.createEqualityFilter(groupMemberAttribute, userContext.getDn()));
     LOGGER.debug(filter.toString());
     SearchResult searchResult =
         ldapConnectionPool.search(
             StringUtils.join(groupBase, ','), SearchScope.SUB, filter, "cn");
     for (SearchResultEntry entry : searchResult.getSearchEntries()) {
       groups.add(entry.getAttributeValue("cn"));
     }
     return groups;
   } catch (com.unboundid.ldap.sdk.LDAPException e) {
     throw new LdapException(e);
   }
 }
Exemplo n.º 2
0
  public boolean isUserInGroupOrMember(String groupDn, String personDn) {
    Filter ownerFilter = Filter.createEqualityFilter("owner", personDn);
    Filter memberFilter = Filter.createEqualityFilter("member", personDn);
    Filter searchFilter = Filter.createORFilter(ownerFilter, memberFilter);

    boolean isMemberOrOwner = false;
    try {
      isMemberOrOwner =
          ldapEntryManager.findEntries(groupDn, UserGroup.class, searchFilter, 1).size() > 0;

    } catch (EntryPersistenceException ex) {
      log.error(
          "Failed to determine if person '{0}' memeber or owner of group '{1}'",
          ex, personDn, groupDn);
    }

    return isMemberOrOwner;
  }
Exemplo n.º 3
0
 @Override
 public LdapUserContext findUser(String identityAttributeValue) throws LdapException {
   try {
     Filter userClassFilter;
     if (userObjectClass != null && !userObjectClass.isEmpty()) {
       userClassFilter = Filter.createEqualityFilter("objectClass", userObjectClass);
     } else {
       userClassFilter = Filter.createPresenceFilter("objectClass");
     }
     Filter filter =
         Filter.createANDFilter(
             userClassFilter,
             Filter.createEqualityFilter(userIdentityAttribute, identityAttributeValue));
     LOGGER.debug(filter.toString());
     String[] attributesToRetrieve;
     if (userAdditionalAttributes != null) {
       attributesToRetrieve = userAdditionalAttributes;
       if (!ArrayUtils.contains(attributesToRetrieve, "cn")
           || !ArrayUtils.contains(attributesToRetrieve, "CN")) {
         ArrayUtils.add(attributesToRetrieve, "cn");
       }
     } else {
       attributesToRetrieve = new String[] {"cn"};
     }
     SearchResult searchResult =
         ldapConnectionPool.search(
             StringUtils.join(userBase, ','), SearchScope.SUB, filter, attributesToRetrieve);
     if (searchResult.getEntryCount() != 1) {
       throw new UnknownAccountException();
     }
     SearchResultEntry searchResultEntry = searchResult.getSearchEntries().get(0);
     String dn = searchResultEntry.getDN();
     DefaultLdapUserContext ldapUserContext = internalCreateUser(dn);
     ldapUserContext.getKnownAttributes().put("cn", searchResultEntry.getAttributeValue("cn"));
     return ldapUserContext;
   } catch (com.unboundid.ldap.sdk.LDAPException e) {
     throw new LdapException(e);
   }
 }
Exemplo n.º 4
0
  /** {@inheritDoc} */
  @Override
  public Filter toLDAPFilter(
      final SCIMFilter filter,
      final LDAPRequestInterface ldapInterface,
      final LDAPSearchResolver userResolver)
      throws InvalidResourceException {
    // Only the managerId sub-attribute will ever have a value so filter
    // must target that sub-attribute.
    String subAttribute = filter.getFilterAttribute().getSubAttributeName();
    if (subAttribute == null || !subAttribute.equals("managerId")) {
      return null;
    }

    final String ldapAttributeType = ATTR_MANAGER;
    final SCIMFilterType filterType = filter.getFilterType();
    final String filterValue = filter.getFilterValue();

    // Determine the DN for this member.
    try {
      switch (filterType) {
          // We don't have to worry about AND and OR filter types since they are
          // handled earlier by the resource mapper.
        case EQUALITY:
          {
            String dn;
            try {
              dn = userResolver.getDnFromId(ldapInterface, filterValue);
            } catch (ResourceNotFoundException e) {
              // Value is not a valid user. Will not match anything.
              return null;
            }
            return Filter.createEqualityFilter(ldapAttributeType, dn);
          }

        default:
          throw new InvalidResourceException(
              "Filter type "
                  + filterType
                  + " is not supported for attribute "
                  + getAttributeDescriptor().getName());
      }
    } catch (Exception e) {
      Debug.debugException(e);
      throw new InvalidResourceException(e.getMessage());
    }
  }