List of usage examples for org.apache.shiro.realm.ldap LdapUtils getAllAttributeValues
public static Collection<String> getAllAttributeValues(Attribute attr) throws NamingException
From source file:org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.java
License:Apache License
public List<String> searchForUserName(String containString, LdapContext ldapContext, int numUsersToFetch) throws NamingException { List<String> userNameList = new ArrayList<>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchCtls.setCountLimit(numUsersToFetch); String searchFilter = String.format("(&(objectClass=*)(%s=*%s*))", this.getUserSearchAttributeName(), containString);/*from ww w. j av a 2s . c om*/ Object[] searchArguments = new Object[] { containString }; NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); if (log.isDebugEnabled()) { log.debug("Retrieving userprincipalname names for user [" + sr.getName() + "]"); } Attributes attrs = sr.getAttributes(); if (attrs != null) { NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().toLowerCase().equals(this.getUserSearchAttributeName().toLowerCase())) { userNameList.addAll(LdapUtils.getAllAttributeValues(attr)); } } } } return userNameList; }
From source file:org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.java
License:Apache License
private Set<String> getRoleNamesForUser(String username, LdapContext ldapContext) throws NamingException { Set<String> roleNames = new LinkedHashSet<>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String userPrincipalName = username; if (this.principalSuffix != null && userPrincipalName.indexOf('@') > 1) { userPrincipalName = userPrincipalName.split("@")[0]; }//from w w w .ja va 2 s. c o m String searchFilter = String.format("(&(objectClass=*)(%s=%s))", this.getUserSearchAttributeName(), userPrincipalName); Object[] searchArguments = new Object[] { userPrincipalName }; NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); if (log.isDebugEnabled()) { log.debug("Retrieving group names for user [" + sr.getName() + "]"); } Attributes attrs = sr.getAttributes(); if (attrs != null) { NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().equals("memberOf")) { Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr); if (log.isDebugEnabled()) { log.debug("Groups found for user [" + username + "]: " + groupNames); } Collection<String> rolesForGroups = getRoleNamesForGroups(groupNames); roleNames.addAll(rolesForGroups); } } } } return roleNames; }
From source file:org.apache.zeppelin.server.ActiveDirectoryGroupRealm.java
License:Apache License
public List<String> searchForUserName(String containString, LdapContext ldapContext) throws NamingException { List<String> userNameList = new ArrayList<>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String searchFilter = "(&(objectClass=*)(userPrincipalName=*" + containString + "*))"; Object[] searchArguments = new Object[] { containString }; NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); if (log.isDebugEnabled()) { log.debug("Retrieving userprincipalname names for user [" + sr.getName() + "]"); }//from w w w. j a v a 2 s. c o m Attributes attrs = sr.getAttributes(); if (attrs != null) { NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().toLowerCase().equals("cn")) { userNameList.addAll(LdapUtils.getAllAttributeValues(attr)); } } } } return userNameList; }
From source file:org.apache.zeppelin.server.ActiveDirectoryGroupRealm.java
License:Apache License
private Set<String> getRoleNamesForUser(String username, LdapContext ldapContext) throws NamingException { Set<String> roleNames = new LinkedHashSet<>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String userPrincipalName = username; if (principalSuffix != null) { userPrincipalName += principalSuffix; }//from w ww . j a va 2s. c o m String searchFilter = "(&(objectClass=*)(userPrincipalName=" + userPrincipalName + "))"; Object[] searchArguments = new Object[] { userPrincipalName }; NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); if (log.isDebugEnabled()) { log.debug("Retrieving group names for user [" + sr.getName() + "]"); } Attributes attrs = sr.getAttributes(); if (attrs != null) { NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().equals("memberOf")) { Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr); if (log.isDebugEnabled()) { log.debug("Groups found for user [" + username + "]: " + groupNames); } Collection<String> rolesForGroups = getRoleNamesForGroups(groupNames); roleNames.addAll(rolesForGroups); } } } } return roleNames; }
From source file:org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm.java
License:Open Source License
/** * extracts the Set of roles associated with a user based on the username * and ldap context (server).// www. ja v a 2 s . c om * * @param username The username for the request * @param ldapContext The specific system context provided by <code>shiro.ini</code> * @return A set of roles * @throws NamingException If the ldap search fails */ protected Set<String> getRoleNamesForUser(final String username, final LdapContext ldapContext) throws NamingException { // Stores the role names, which are equivalent to the set of group names extracted // from the LDAP query. final Set<String> roleNames = new LinkedHashSet<String>(); final SearchControls searchControls = createSearchControls(); LOG.debug( "Asking the configured LDAP about which groups uid=\"{}\" belongs to using " + "searchBase=\"{}\" ldapAttributeForComparison=\"{}\"", username, searchBase, ldapAttributeForComparison); final NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, String.format("%s=%s", UID, username), searchControls); // Cursor based traversal over the LDAP query result while (answer.hasMoreElements()) { final SearchResult searchResult = answer.next(); final Attributes attrs = searchResult.getAttributes(); if (attrs != null) { // Extract the attributes from the LDAP search. // attrs.getAttr(String) was not chosen, since all attributes should be exposed // in trace logging should the operator wish to use an alternate attribute. final NamingEnumeration<? extends Attribute> ae = attrs.getAll(); while (ae.hasMore()) { final Attribute attr = ae.next(); LOG.trace("LDAP returned \"{}\" attribute for \"{}\"", attr.getID(), username); if (attr.getID().equals(ldapAttributeForComparison)) { // Stresses the point that LDAP groups are EQUIVALENT to ODL role names // TODO make this configurable via a Strategy pattern so more interesting mappings can be made final Collection<String> groupNamesExtractedFromLdap = LdapUtils .getAllAttributeValues(attr); final Collection<String> roleNamesFromLdapGroups = groupNamesExtractedFromLdap; if (LOG.isTraceEnabled()) { for (String roleName : roleNamesFromLdapGroups) { LOG.trace("Mapped the \"{}\" LDAP group to ODL role for \"{}\"", roleName, username); } } roleNames.addAll(roleNamesFromLdapGroups); } } } } return roleNames; }
From source file:org.ow2.proactive.iam.core.realms.LdapRealm.java
License:Open Source License
protected Set<String> getRoleNamesForUser(String username, LdapContext ldapContext) throws NamingException { Set<String> roleNames; roleNames = new LinkedHashSet<String>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the attributes to return String returnedAtts[] = { "memberOf" }; searchCtls.setReturningAttributes(returnedAtts); String userPrincipalName = username; if (principalSuffix != null) { userPrincipalName += principalSuffix; }//from w w w . j ava 2 s.com Object[] searchArguments = new Object[] { userPrincipalName }; NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); log.debug("Retrieving group names for user [" + sr.getName() + "]"); Attributes attrs = sr.getAttributes(); if (attrs != null) { NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().equals("memberOf")) { Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr); log.debug("Groups found for user [" + username + "]: " + groupNames); Collection<String> rolesForGroups = getRoleNamesForGroups(groupNames); roleNames.addAll(rolesForGroups); } } } } return roleNames; }