X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=7acb7dffd915808a7297ed09f336b9015aa11070;hb=6342d1d28f8338866c876f8b6364ce3f1eac28aa;hp=0c6d2937649431414be31b615d91b04b8837c4eb;hpb=ddc39c1b3948757c83c9a89853b0ede87f46ddea;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 0c6d29376..7acb7dffd 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -12,6 +12,7 @@ import javax.naming.Context; import javax.naming.InvalidNameException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; +import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.SearchControls; @@ -24,7 +25,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.osgi.framework.Filter; -import org.osgi.service.useradmin.User; /** * A user admin based on a LDAP server. Requires a {@link TransactionManager} @@ -43,7 +43,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { "com.sun.jndi.ldap.LdapCtxFactory"); connEnv.put(Context.PROVIDER_URL, getUri().toString()); connEnv.put("java.naming.ldap.attributes.binary", - LdifName.userpassword.name()); + LdifName.userPassword.name()); initialLdapContext = new InitialLdapContext(connEnv, null); // StartTlsResponse tls = (StartTlsResponse) ctx @@ -106,13 +106,12 @@ public class LdapUserAdmin extends AbstractUserDirectory { + name); return res; } catch (NamingException e) { - throw new UserDirectoryException("Cannot get role for " + name, e); + return null; } } @Override protected List doGetRoles(Filter f) { - // TODO Auto-generated method stub try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" @@ -125,22 +124,21 @@ public class LdapUserAdmin extends AbstractUserDirectory { searchBase, searchFilter, searchControls); ArrayList res = new ArrayList(); - while (results.hasMoreElements()) { + results: while (results.hasMoreElements()) { SearchResult searchResult = results.next(); Attributes attrs = searchResult.getAttributes(); + Attribute objectClassAttr = attrs.get(objectClass.name()); + LdapName dn = toDn(searchBase, searchResult); LdifUser role; - if (attrs.get(objectClass.name()).contains( - getGroupObjectClass())) - role = new LdifGroup(this, toDn(searchBase, searchResult), - attrs); - else if (attrs.get(objectClass.name()).contains( - getUserObjectClass())) - role = new LdifUser(this, toDn(searchBase, searchResult), - attrs); - else - throw new UserDirectoryException( - "Unsupported LDAP type for " - + searchResult.getName()); + if (objectClassAttr.contains(getGroupObjectClass())) + role = new LdifGroup(this, dn, attrs); + else if (objectClassAttr.contains(getUserObjectClass())) + role = new LdifUser(this, dn, attrs); + else { + log.warn("Unsupported LDAP type for " + + searchResult.getName()); + continue results; + } res.add(role); } return res; @@ -157,12 +155,12 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected List getDirectGroups(User user) { - List directGroups = new ArrayList(); + protected List getDirectGroups(LdapName dn) { + List directGroups = new ArrayList(); try { String searchFilter = "(&(" + objectClass + "=" + getGroupObjectClass() + ")(" + getMemberAttributeId() - + "=" + user.getName() + "))"; + + "=" + dn + "))"; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -174,19 +172,17 @@ public class LdapUserAdmin extends AbstractUserDirectory { while (results.hasMoreElements()) { SearchResult searchResult = (SearchResult) results .nextElement(); - LdifGroup group = new LdifGroup(this, toDn(searchBase, - searchResult), searchResult.getAttributes()); - directGroups.add(group); + directGroups.add(toDn(searchBase, searchResult)); } return directGroups; } catch (Exception e) { - throw new ArgeoException("Cannot populate direct members of " - + user, e); + throw new ArgeoException("Cannot populate direct members of " + dn, + e); } } @Override - protected void prepare(WorkingCopy wc) { + protected void prepare(UserDirectoryWorkingCopy wc) { try { getLdapContext().reconnect(getLdapContext().getConnectControls()); // delete @@ -197,7 +193,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { } // add for (LdapName dn : wc.getNewUsers().keySet()) { - if (!entryExists(dn)) + if (entryExists(dn)) throw new UserDirectoryException("User to create found " + dn); } @@ -217,7 +213,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected void commit(WorkingCopy wc) { + protected void commit(UserDirectoryWorkingCopy wc) { try { // delete for (LdapName dn : wc.getDeletedUsers().keySet()) { @@ -240,7 +236,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected void rollback(WorkingCopy wc) { + protected void rollback(UserDirectoryWorkingCopy wc) { // prepare not impacting }