X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=73dc510eccae80b2a1702564f518aecee8a5242c;hb=2dfbd96ae2f0d51cf10f9ddd2fc0e73dee13848b;hp=cce1a01c4ec35cabd1b5e268c06c6cd6d38e9776;hpb=563ee18b53fa90f14dc3f443f29f6d020ffdee2b;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index cce1a01c4..73dc510ec 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -12,6 +12,7 @@ import javax.naming.Context; import javax.naming.InvalidNameException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; +import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.SearchControls; @@ -24,7 +25,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.osgi.framework.Filter; -import org.osgi.service.useradmin.User; /** * A user admin based on a LDAP server. Requires a {@link TransactionManager} @@ -43,7 +43,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { "com.sun.jndi.ldap.LdapCtxFactory"); connEnv.put(Context.PROVIDER_URL, getUri().toString()); connEnv.put("java.naming.ldap.attributes.binary", - LdifName.userpassword.name()); + LdifName.userPassword.name()); initialLdapContext = new InitialLdapContext(connEnv, null); // StartTlsResponse tls = (StartTlsResponse) ctx @@ -112,7 +112,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { @Override protected List doGetRoles(Filter f) { - // TODO Auto-generated method stub try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" @@ -125,22 +124,21 @@ public class LdapUserAdmin extends AbstractUserDirectory { searchBase, searchFilter, searchControls); ArrayList res = new ArrayList(); - while (results.hasMoreElements()) { + results: while (results.hasMoreElements()) { SearchResult searchResult = results.next(); Attributes attrs = searchResult.getAttributes(); + Attribute objectClassAttr = attrs.get(objectClass.name()); + LdapName dn = toDn(searchBase, searchResult); LdifUser role; - if (attrs.get(objectClass.name()).contains( - getGroupObjectClass())) - role = new LdifGroup(this, toDn(searchBase, searchResult), - attrs); - else if (attrs.get(objectClass.name()).contains( - getUserObjectClass())) - role = new LdifUser(this, toDn(searchBase, searchResult), - attrs); - else - throw new UserDirectoryException( - "Unsupported LDAP type for " - + searchResult.getName()); + if (objectClassAttr.contains(getGroupObjectClass())) + role = new LdifGroup(this, dn, attrs); + else if (objectClassAttr.contains(getUserObjectClass())) + role = new LdifUser(this, dn, attrs); + else { + log.warn("Unsupported LDAP type for " + + searchResult.getName()); + continue results; + } res.add(role); } return res; @@ -150,36 +148,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { } } - @Override - protected void doGetUser(String key, String value, - List collectedUsers) { - try { - String searchFilter = "(&(" + objectClass + "=" - + getUserObjectClass() + ")(" + key + "=" + value + "))"; - - SearchControls searchControls = new SearchControls(); - searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); - - String searchBase = getBaseDn(); - NamingEnumeration results = getLdapContext().search( - searchBase, searchFilter, searchControls); - - SearchResult searchResult = null; - if (results.hasMoreElements()) { - searchResult = (SearchResult) results.nextElement(); - if (results.hasMoreElements()) - searchResult = null; - } - if (searchResult != null) - collectedUsers.add(new LdifUser(this, toDn(searchBase, - searchResult), searchResult.getAttributes())); - } catch (Exception e) { - throw new UserDirectoryException("Cannot get user with " + key - + "=" + value, e); - } - - } - private LdapName toDn(String baseDn, Binding binding) throws InvalidNameException { return new LdapName(binding.isRelative() ? binding.getName() + "," @@ -187,12 +155,12 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected List getDirectGroups(User user) { - List directGroups = new ArrayList(); + protected List getDirectGroups(LdapName dn) { + List directGroups = new ArrayList(); try { String searchFilter = "(&(" + objectClass + "=" + getGroupObjectClass() + ")(" + getMemberAttributeId() - + "=" + user.getName() + "))"; + + "=" + dn + "))"; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -204,19 +172,17 @@ public class LdapUserAdmin extends AbstractUserDirectory { while (results.hasMoreElements()) { SearchResult searchResult = (SearchResult) results .nextElement(); - LdifGroup group = new LdifGroup(this, toDn(searchBase, - searchResult), searchResult.getAttributes()); - directGroups.add(group); + directGroups.add(toDn(searchBase, searchResult)); } return directGroups; } catch (Exception e) { - throw new ArgeoException("Cannot populate direct members of " - + user, e); + throw new ArgeoException("Cannot populate direct members of " + dn, + e); } } @Override - protected void prepare(WorkingCopy wc) { + protected void prepare(UserDirectoryWorkingCopy wc) { try { getLdapContext().reconnect(getLdapContext().getConnectControls()); // delete @@ -247,7 +213,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected void commit(WorkingCopy wc) { + protected void commit(UserDirectoryWorkingCopy wc) { try { // delete for (LdapName dn : wc.getDeletedUsers().keySet()) { @@ -270,7 +236,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected void rollback(WorkingCopy wc) { + protected void rollback(UserDirectoryWorkingCopy wc) { // prepare not impacting }