1 package org
.argeo
.osgi
.useradmin
;
3 import javax
.naming
.InvalidNameException
;
4 import javax
.naming
.ldap
.LdapName
;
6 import org
.argeo
.naming
.LdapAttrs
;
8 /** Free IPA specific conventions. */
9 public class IpaUtils
{
10 public final static String IPA_USER_BASE
= "cn=users,cn=accounts";
11 public final static String IPA_GROUP_BASE
= "cn=groups,cn=accounts";
12 public final static String IPA_SERVICE_BASE
= "cn=services,cn=accounts";
14 private final static String KRB_PRINCIPAL_NAME
= LdapAttrs
.krbPrincipalName
.name().toLowerCase();
16 public final static String IPA_USER_DIRECTORY_CONFIG
= UserAdminConf
.userBase
+ "=" + IPA_USER_BASE
+ "&"
17 + UserAdminConf
.groupBase
+ "=" + IPA_GROUP_BASE
+ "&" + UserAdminConf
.readOnly
+ "=true";
19 static String
domainToUserDirectoryConfigPath(String realm
) {
20 return domainToBaseDn(realm
) + "?" + IPA_USER_DIRECTORY_CONFIG
+ "&" + UserAdminConf
.realm
.name() + "=" + realm
;
23 public static String
domainToBaseDn(String domain
) {
24 String
[] dcs
= domain
.split("\\.");
25 StringBuilder sb
= new StringBuilder();
26 for (int i
= 0; i
< dcs
.length
; i
++) {
30 sb
.append(LdapAttrs
.dc
.name()).append('=').append(dc
.toLowerCase());
35 public static LdapName
kerberosToDn(String kerberosName
) {
36 String
[] kname
= kerberosName
.split("@");
37 String username
= kname
[0];
38 String baseDn
= domainToBaseDn(kname
[1]);
40 if (!username
.contains("/"))
41 dn
= LdapAttrs
.uid
+ "=" + username
+ "," + IPA_USER_BASE
+ "," + baseDn
;
43 dn
= KRB_PRINCIPAL_NAME
+ "=" + kerberosName
+ "," + IPA_SERVICE_BASE
+ "," + baseDn
;
45 return new LdapName(dn
);
46 } catch (InvalidNameException e
) {
47 throw new IllegalArgumentException("Badly formatted name for " + kerberosName
+ ": " + dn
);