List of usage examples for javax.naming.directory SearchResult getNameInNamespace
public String getNameInNamespace()
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
/** * *//*from w w w . j a v a 2 s .c o m*/ public String[] getUserListOfLDAPRole(RoleContext context, String filter) throws UserStoreException { boolean debug = log.isDebugEnabled(); if (debug) { log.debug("Getting user list of role: " + context.getRoleName() + " with filter: " + filter); } List<String> userList = new ArrayList<String>(); String[] names = new String[0]; int givenMax = UserCoreConstants.MAX_USER_ROLE_LIST; int searchTime = UserCoreConstants.MAX_SEARCH_TIME; try { givenMax = Integer.parseInt( realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST)); } catch (Exception e) { givenMax = UserCoreConstants.MAX_USER_ROLE_LIST; } try { searchTime = Integer.parseInt( realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_SEARCH_TIME)); } catch (Exception e) { searchTime = UserCoreConstants.MAX_SEARCH_TIME; } DirContext dirContext = null; NamingEnumeration<SearchResult> answer = null; try { SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchCtls.setTimeLimit(searchTime); searchCtls.setCountLimit(givenMax); String searchFilter = ((LDAPRoleContext) context).getListFilter(); String roleNameProperty = ((LDAPRoleContext) context).getRoleNameProperty(); searchFilter = "(&" + searchFilter + "(" + roleNameProperty + "=" + escapeSpecialCharactersForFilter(context.getRoleName()) + "))"; String membershipProperty = realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE); String returnedAtts[] = { membershipProperty }; searchCtls.setReturningAttributes(returnedAtts); List<String> userDNList = new ArrayList<String>(); SearchResult sr = null; dirContext = connectionSource.getContext(); // with DN patterns if (((LDAPRoleContext) context).getRoleDNPatterns().size() > 0) { for (String pattern : ((LDAPRoleContext) context).getRoleDNPatterns()) { if (debug) { log.debug("Using pattern: " + pattern); } pattern = MessageFormat.format(pattern.trim(), escapeSpecialCharactersForDN(context.getRoleName())); try { answer = dirContext.search(escapeDNForSearch(pattern), searchFilter, searchCtls); if (answer.hasMore()) { sr = (SearchResult) answer.next(); break; } } catch (NamingException e) { // ignore if (log.isDebugEnabled()) { log.debug(e); } } } } if (sr == null) { // handling multiple search bases String searchBases = ((LDAPRoleContext) context).getSearchBase(); String[] roleSearchBaseArray = searchBases.split("#"); for (String searchBase : roleSearchBaseArray) { if (debug) { log.debug("Searching role: " + context.getRoleName() + " SearchBase: " + searchBase + " SearchFilter: " + searchFilter); } try { // read the DN of users who are members of the group answer = dirContext.search(escapeDNForSearch(searchBase), searchFilter, searchCtls); int count = 0; if (answer.hasMore()) { // to check if there is a result while (answer.hasMore()) { // to check if there are more than one group if (count > 0) { throw new UserStoreException("More than one group exist with name"); } sr = (SearchResult) answer.next(); count++; } break; } } catch (NamingException e) { // ignore if (log.isDebugEnabled()) { log.debug(e); } } } } if (debug) { log.debug("Found role: " + sr.getNameInNamespace()); } // read the member attribute and get DNs of the users Attributes attributes = sr.getAttributes(); if (attributes != null) { NamingEnumeration attributeEntry = null; for (attributeEntry = attributes.getAll(); attributeEntry.hasMore();) { Attribute valAttribute = (Attribute) attributeEntry.next(); if (membershipProperty == null || membershipProperty.equals(valAttribute.getID())) { NamingEnumeration values = null; for (values = valAttribute.getAll(); values.hasMore();) { String value = values.next().toString(); userDNList.add(value); if (debug) { log.debug("Found attribute: " + membershipProperty + " value: " + value); } } } } } if (MEMBER_UID.equals(realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE))) { /* when the GroupEntryObjectClass is posixGroup, membership attribute is memberUid. We have to retrieve the DN using the memberUid. This procedure has to make an extra call to ldap. alternatively this can be done with a single ldap search using the memberUid and retrieving the display name and username. */ List<String> userDNListNew = new ArrayList<>(); for (String user : userDNList) { String userDN = getNameInSpaceForUserName(user); userDNListNew.add(userDN); } userDNList = userDNListNew; } // iterate over users' DN list and get userName and display name // attribute values String userNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE); String displayNameAttribute = realmConfig.getUserStoreProperty(LDAPConstants.DISPLAY_NAME_ATTRIBUTE); String[] returnedAttributes = { userNameProperty, displayNameAttribute }; for (String user : userDNList) { if (debug) { log.debug("Getting name attributes of: " + user); } Attributes userAttributes; try { // '\' and '"' characters need another level of escaping before searching userAttributes = dirContext.getAttributes( user.replace("\\\\", "\\\\\\").replace("\\\"", "\\\\\""), returnedAttributes); String displayName = null; String userName = null; if (userAttributes != null) { Attribute userNameAttribute = userAttributes.get(userNameProperty); if (userNameAttribute != null) { userName = (String) userNameAttribute.get(); if (debug) { log.debug("UserName: " + userName); } } if (displayNameAttribute != null) { Attribute displayAttribute = userAttributes.get(displayNameAttribute); if (displayAttribute != null) { displayName = (String) displayAttribute.get(); } if (debug) { log.debug("DisplayName: " + displayName); } } } String domainName = realmConfig .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME); // Username will be null in the special case where the // username attribute has changed to another // and having different userNameProperty than the current // user-mgt.xml if (userName != null) { user = UserCoreUtil.getCombinedName(domainName, userName, displayName); userList.add(user); if (debug) { log.debug(user + " is added to the result list"); } } // Skip listing users which are not applicable to current // user-mgt.xml else { if (log.isDebugEnabled()) { log.debug( "User " + user + " doesn't have the user name property : " + userNameProperty); } } } catch (NamingException e) { if (log.isDebugEnabled()) { log.debug("Error in reading user information in the user store for the user " + user + e.getMessage(), e); } } } names = userList.toArray(new String[userList.size()]); } catch (PartialResultException e) { // can be due to referrals in AD. so just ignore error String errorMessage = "Error in reading user information in the user store for filter : " + filter; if (isIgnorePartialResultException()) { if (log.isDebugEnabled()) { log.debug(errorMessage, e); } } else { throw new UserStoreException(errorMessage, e); } } catch (NamingException e) { String errorMessage = "Error in reading user information in the user store for filter : " + filter; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeNamingEnumeration(answer); JNDIUtil.closeContext(dirContext); } return names; }
From source file:ru.runa.wfe.security.logic.LdapLogic.java
private int synchronizeActors(DirContext dirContext, Map<String, Actor> actorsByDistinguishedName) throws Exception { int changesCount = 0; List<Actor> existingActorsList = executorDao.getAllActors(BatchPresentationFactory.ACTORS.createNonPaged()); Map<String, Actor> existingActorsMap = Maps.newHashMap(); for (Actor actor : existingActorsList) { existingActorsMap.put(actor.getName().toLowerCase(), actor); }// w ww . ja v a 2s . c o m Set<Actor> ldapActorsToDelete = Sets.newHashSet(); if (LdapProperties.isSynchronizationDeleteExecutors()) { ldapActorsToDelete.addAll(executorDao.getGroupActors(importGroup)); } SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); for (String ou : LdapProperties.getSynchronizationOrganizationUnits()) { List<SearchResult> resultList = Lists.newArrayList(); try { NamingEnumeration<SearchResult> list = dirContext.search(ou, OBJECT_CLASS_USER_FILTER, controls); while (list.hasMore()) { SearchResult searchResult = list.next(); resultList.add(searchResult); } list.close(); } catch (SizeLimitExceededException e) { resultList.clear(); for (String y : ALPHABETS) { NamingEnumeration<SearchResult> list = dirContext.search(ou, MessageFormat.format(LOGIN_FIRST_LETTER_FILTER, ATTR_ACCOUNT_NAME, y, y.toLowerCase(), OBJECT_CLASS_USER_FILTER), controls); while (list.hasMore()) { SearchResult searchResult = list.next(); resultList.add(searchResult); } list.close(); } } for (SearchResult searchResult : resultList) { String name = getStringAttribute(searchResult, ATTR_ACCOUNT_NAME); String description = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserDescriptionAttribute()); String fullName = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserFullNameAttribute()); String email = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserEmailAttribute()); String phone = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserPhoneAttribute()); String title = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserTitleAttribute()); String department = getStringAttribute(searchResult, LdapProperties.getSynchronizationUserDepartmentAttribute()); ToStringHelper toStringHelper = MoreObjects.toStringHelper("user info"); toStringHelper.add("name", name).add("description", description).add("fullName", fullName) .add("email", email); toStringHelper.add("phone", phone).add("title", title).add("department", department) .omitNullValues(); log.debug("Read " + toStringHelper.toString()); Actor actor = existingActorsMap.get(name.toLowerCase()); if (actor == null) { if (!LdapProperties.isSynchronizationCreateExecutors()) { continue; } actor = new Actor(name, description, fullName, null, email, phone, title, department); log.info("Creating " + actor); executorDao.create(actor); executorDao.addExecutorsToGroup(Lists.newArrayList(actor), importGroup); permissionDao.setPermissions(importGroup, Lists.newArrayList(Permission.LIST), actor); changesCount++; } else { ldapActorsToDelete.remove(actor); if (LdapProperties.isSynchronizationUpdateExecutors()) { List<IChange> changes = Lists.newArrayList(); if (isAttributeNeedsChange(description, actor.getDescription())) { changes.add(new AttributeChange("description", actor.getDescription(), description)); actor.setDescription(description); } if (isAttributeNeedsChange(fullName, actor.getFullName())) { changes.add(new AttributeChange("fullName", actor.getFullName(), fullName)); actor.setFullName(fullName); } if (isAttributeNeedsChange(email, actor.getEmail())) { changes.add(new AttributeChange("email", actor.getEmail(), email)); actor.setEmail(email); } if (isAttributeNeedsChange(phone, actor.getPhone())) { changes.add(new AttributeChange("phone", actor.getPhone(), phone)); actor.setPhone(phone); } if (isAttributeNeedsChange(title, actor.getTitle())) { changes.add(new AttributeChange("title", actor.getTitle(), title)); actor.setTitle(title); } if (isAttributeNeedsChange(department, actor.getDepartment())) { changes.add(new AttributeChange("department", actor.getDepartment(), department)); actor.setDepartment(department); } if (!actor.isActive()) { if (LdapProperties.isSynchronizationUserStatusEnabled()) { actor.setActive(true); changes.add(new AttributeChange("active", "false", "true")); } if (executorDao.removeExecutorFromGroup(actor, wasteGroup)) { changes.add(new Change("waste group removal")); } if (executorDao.addExecutorToGroup(actor, importGroup)) { changes.add(new Change("import group addition")); } } if (!changes.isEmpty()) { executorDao.update(actor); log.info("Updating " + actor + ": " + changes); changesCount++; } } } actorsByDistinguishedName.put(searchResult.getNameInNamespace(), actor); } } if (LdapProperties.isSynchronizationDeleteExecutors() && ldapActorsToDelete.size() > 0) { if (LdapProperties.isSynchronizationUserStatusEnabled()) { for (Actor actor : ldapActorsToDelete) { actor.setActive(false); executorDao.update(actor); log.info("Inactivating " + actor); changesCount++; } } executorDao.removeExecutorsFromGroup(ldapActorsToDelete, importGroup); executorDao.addExecutorsToGroup(ldapActorsToDelete, wasteGroup); changesCount += ldapActorsToDelete.size(); } return changesCount; }