import javax.security.auth.Subject;
+import org.argeo.cms.auth.SystemRole;
import org.argeo.osgi.useradmin.UserDirectory;
import org.argeo.util.directory.HierarchyUnit;
import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
/*
* EDITION
*/
- /** Creates a new user.*/
+ /** Creates a new user. */
User createUser(String username, Map<String, Object> properties, Map<String, Object> credentials);
+ /** Creates a group. */
+ Group getOrCreateGroup(HierarchyUnit groups, String commonName);
+
+ /** Creates a new system role. */
+ Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole);
+
+ /** Add additional object classes to this role. */
+ void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties);
+
+ /** Add a member to this group. */
+ void addMember(Group group, Role role);
+
/* MISCELLANEOUS */
/** Returns the dn of a role given its local ID */
String buildDefaultDN(String localId, int type);
UserDirectory getDirectory(Role role);
/** Create a new hierarchy unit. Does nothing if it already exists. */
- HierarchyUnit createHierarchyUnit(UserDirectory directory, String path);
+ HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path);
}
\ No newline at end of file
import org.argeo.api.acr.ContentName;
import org.argeo.api.acr.CrName;
+/** Standard CMS system roles. */
public enum CmsRole implements SystemRole {
userAdmin, //
groupAdmin;
name = new ContentName(CrName.ROLE_NAMESPACE_URI, QUALIFIER + name());
}
+ @Override
public QName getName() {
return name;
}
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
+import org.argeo.api.acr.NamespaceUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.auth.SystemRole;
import org.argeo.cms.auth.UserAdminUtils;
import org.argeo.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.osgi.useradmin.TokenUtils;
import org.argeo.osgi.useradmin.UserDirectory;
import org.argeo.util.directory.DirectoryConf;
import org.argeo.util.directory.HierarchyUnit;
+import org.argeo.util.directory.ldap.LdapEntry;
import org.argeo.util.directory.ldap.SharedSecret;
import org.argeo.util.naming.LdapAttrs;
import org.argeo.util.naming.NamingUtils;
}
}
+ @Override
+ public Group getOrCreateGroup(HierarchyUnit groups, String commonName) {
+ try {
+ String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
+ Group group = (Group) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
+ userTransaction.begin();
+ group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ userTransaction.commit();
+ return group;
+ } catch (Exception e) {
+ try {
+ userTransaction.rollback();
+ } catch (Exception e1) {
+ log.error("Could not roll back", e1);
+ }
+ if (e instanceof RuntimeException)
+ throw (RuntimeException) e;
+ else
+ throw new RuntimeException("Cannot create group " + commonName + " in " + groups, e);
+ }
+ }
+
+ @Override
+ public Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) {
+ try {
+ String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole.getName()) + ","
+ + roles.getBase();
+ Group group = (Group) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
+ userTransaction.begin();
+ group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ userTransaction.commit();
+ return group;
+ } catch (Exception e) {
+ try {
+ userTransaction.rollback();
+ } catch (Exception e1) {
+ log.error("Could not roll back", e1);
+ }
+ if (e instanceof RuntimeException)
+ throw (RuntimeException) e;
+ else
+ throw new RuntimeException("Cannot create system role " + systemRole + " in " + roles, e);
+ }
+ }
+
+ @Override
+ public HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path) {
+ HierarchyUnit hi = directory.getHierarchyUnit(path);
+ if (hi != null)
+ return hi;
+ try {
+ userTransaction.begin();
+ HierarchyUnit hierarchyUnit = directory.createHierarchyUnit(path);
+ userTransaction.commit();
+ return hierarchyUnit;
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot create hierarchy unit " + path + " in directory " + directory, e1);
+ }
+ }
+
+ @Override
+ public void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
+ try {
+ userTransaction.begin();
+ LdapEntry.addObjectClasses(role.getProperties(), objectClasses);
+ for (String key : additionalProperties.keySet()) {
+ role.getProperties().put(key, additionalProperties.get(key));
+ }
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + role, e1);
+ }
+ }
+
+ @Override
+ public void addMember(Group group, Role role) {
+ try {
+ userTransaction.begin();
+ group.addMember(role);
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot add object classes " + role + " to group " + group, e1);
+ }
+ }
+
@Override
public String getDefaultDomainName() {
Map<String, String> dns = getKnownBaseDns(true);
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories) {
Boolean readOnly = userDirectory.isReadOnly();
- String baseDn = userDirectory.getContext();
+ String baseDn = userDirectory.getBase();
if (onlyWritable && readOnly)
continue;
}
public Set<UserDirectory> getUserDirectories() {
- TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
+ TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase()));
res.addAll(userDirectories);
return res;
}
String name = user.getName();
NavigableMap<String, UserDirectory> possible = new TreeMap<>();
for (UserDirectory userDirectory : userDirectories) {
- if (name.endsWith(userDirectory.getContext())) {
- possible.put(userDirectory.getContext(), userDirectory);
+ if (name.endsWith(userDirectory.getBase())) {
+ possible.put(userDirectory.getBase(), userDirectory);
}
}
if (possible.size() == 0)
return possible.lastEntry().getValue();
}
- public HierarchyUnit createHierarchyUnit(UserDirectory directory, String path) {
- HierarchyUnit hi = directory.getHierarchyUnit(path);
- if (hi != null)
- return hi;
- try {
- userTransaction.begin();
- HierarchyUnit hierarchyUnit = directory.createHierarchyUnit(path);
- userTransaction.commit();
- return hierarchyUnit;
- } catch (Exception e1) {
- try {
- if (!userTransaction.isNoTransactionStatus())
- userTransaction.rollback();
- } catch (Exception e2) {
- if (log.isTraceEnabled())
- log.trace("Cannot rollback transaction", e2);
- }
- throw new RuntimeException("Cannot create hierarchy unit " + path + " in directory " + directory, e1);
- }
- }
-
// public User createUserFromPerson(Node person) {
// String email = JcrUtils.get(person, LdapAttrs.mail.property());
// String dn = buildDefaultDN(email, Role.USER);
// } else {
// throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
// }
- String basePath = userDirectory.getContext();
+ String basePath = userDirectory.getBase();
addUserDirectory(userDirectory);
if (isSystemRolesBaseDn(basePath)) {
addStandardSystemRoles();
}
if (log.isDebugEnabled()) {
- log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "")
+ log.debug("User directory " + userDirectory.getBase() + (u != null ? " [" + u.getScheme() + "]" : "")
+ " enabled." + (realm != null ? " " + realm + " realm." : ""));
}
return userDirectory;
if (!(ud instanceof DirectoryUserAdmin))
throw new IllegalArgumentException("Only " + DirectoryUserAdmin.class.getName() + " is supported");
DirectoryUserAdmin userDirectory = (DirectoryUserAdmin) ud;
- String basePath = userDirectory.getContext();
+ String basePath = userDirectory.getBase();
if (isSystemRolesBaseDn(basePath)) {
this.systemRoles = userDirectory;
systemRoles.setExternalRoles(this);
}
public Set<UserDirectory> getUserDirectories() {
- TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
+ TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase()));
res.addAll(businessRoles.values());
res.add(systemRoles);
return res;
return getRole(name);
} else {
wc.getModifiedData().put(dn, attrs);
- LdapEntry newRole = newRole(dn, type, attrs);
+ LdapEntry newRole = doCreateRole(dn, type, attrs);
wc.getNewData().put(dn, newRole);
return (Role) newRole;
}
}
- protected LdapEntry newRole(LdapName dn, int type, Attributes attrs) {
+ private LdapEntry doCreateRole(LdapName dn, int type, Attributes attrs) {
LdapEntry newRole;
BasicAttribute objClass = new BasicAttribute(objectClass.name());
if (type == Role.USER) {
objClass.add(top.name());
objClass.add(extensibleObject.name());
attrs.put(objClass);
- newRole = newUser(dn, attrs);
+ newRole = newUser(dn);
} else if (type == Role.GROUP) {
String groupObjClass = getGroupObjectClass();
objClass.add(groupObjClass);
// objClass.add(LdifName.extensibleObject.name());
objClass.add(top.name());
attrs.put(objClass);
- newRole = newGroup(dn, attrs);
+ newRole = newGroup(dn);
} else
throw new IllegalArgumentException("Unsupported type " + type);
return newRole;
@Override
public Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep) {
- LdapName dn = LdapNameUtils.toLdapName(hierarchyUnit.getContext());
+ LdapName dn = LdapNameUtils.toLdapName(hierarchyUnit.getBase());
try {
return getRoles(dn, filter, deep);
} catch (InvalidSyntaxException e) {
/*
* ROLES CREATION
*/
- protected LdapEntry newUser(LdapName name, Attributes attrs) {
+ protected LdapEntry newUser(LdapName name) {
// TODO support devices, applications, etc.
- return new LdifUser(this, name, attrs);
+ return new LdifUser(this, name);
}
- protected LdapEntry newGroup(LdapName name, Attributes attrs) {
- return new LdifGroup(this, name, attrs);
+ protected LdapEntry newGroup(LdapName name) {
+ return new LdifGroup(this, name);
}
import javax.naming.InvalidNameException;
import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import org.argeo.util.directory.ldap.AbstractLdapDirectory;
class LdifGroup extends LdifUser implements DirectoryGroup {
private final String memberAttributeId;
- LdifGroup(AbstractLdapDirectory userAdmin, LdapName dn, Attributes attributes) {
- super(userAdmin, dn, attributes);
+ LdifGroup(AbstractLdapDirectory userAdmin, LdapName dn) {
+ super(userAdmin, dn);
memberAttributeId = userAdmin.getMemberAttributeId();
}
package org.argeo.osgi.useradmin;
-import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import org.argeo.util.directory.ldap.AbstractLdapDirectory;
/** Directory user implementation */
class LdifUser extends DefaultLdapEntry implements DirectoryUser {
- LdifUser(AbstractLdapDirectory userAdmin, LdapName dn, Attributes attributes) {
- super(userAdmin, dn, attributes);
+ LdifUser(AbstractLdapDirectory userAdmin, LdapName dn) {
+ super(userAdmin, dn);
}
@Override
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapName;
import org.argeo.util.directory.HierarchyUnit;
try {
osUserDn = new LdapName(LdapAttrs.uid.name() + "=" + osUsername + "," + directory.getUserBaseRdn() + ","
+ directory.getBaseDn());
- Attributes attributes = new BasicAttributes();
- attributes.put(LdapAttrs.uid.name(), osUsername);
- osUser = newUser(osUserDn, attributes);
+// Attributes attributes = new BasicAttributes();
+// attributes.put(LdapAttrs.uid.name(), osUsername);
+ osUser = newUser(osUserDn);
} catch (NamingException e) {
throw new IllegalStateException("Cannot create system user", e);
}
/** An information directory (typicylly LDAP). */
public interface Directory extends HierarchyUnit {
- /**
- * The base of the hierarchy defined by this directory. This could typically be
- * an LDAP base DN.
- */
- String getContext();
-
String getName();
/** Whether this directory is read only. */
boolean isFunctional();
- String getContext();
+ /**
+ * The base of this organisational unit within the hierarchy. This would
+ * typically be an LDAP base DN.
+ */
+ String getBase();
Directory getDirectory();
/*
* CREATION
*/
- protected abstract LdapEntry newUser(LdapName name, Attributes attrs);
+ protected abstract LdapEntry newUser(LdapName name);
- protected abstract LdapEntry newGroup(LdapName name, Attributes attrs);
+ protected abstract LdapEntry newGroup(LdapName name);
/*
* EDITION
} else {
// user doesn't have the right to retrieve role, but we know it exists
// otherwise memberOf would not work
- Attributes a = new BasicAttributes();
- a.put(LdapNameUtils.getLastRdn(groupDn).getType(),
- LdapNameUtils.getLastRdn(groupDn).getValue());
- a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
- group = newGroup(groupDn, a);
+// Attributes a = new BasicAttributes();
+// a.put(LdapNameUtils.getLastRdn(groupDn).getType(),
+// LdapNameUtils.getLastRdn(groupDn).getValue());
+// a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+ group = newGroup(groupDn);
allRoles.add(group);
}
}
throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
}
} else {
- for (LdapName groupDn : getDirectoryDao().getDirectGroups(user.getDn())) {
- // TODO check for loops
+ directGroups: for (LdapName groupDn : getDirectoryDao().getDirectGroups(user.getDn())) {
LdapEntry group = doGetRole(groupDn);
if (group != null) {
+ if (allRoles.contains(group)) {
+ // important in order to avoi loops
+ continue directGroups;
+ }
allRoles.add(group);
collectGroups(group, allRoles);
}
// TODO deal with multiple attr RDN
attrs.put(nameRdn.getType(), nameRdn.getValue());
wc.getModifiedData().put(dn, attrs);
- LdapHierarchyUnit newHierarchyUnit = new LdapHierarchyUnit(this, dn, attrs);
+ LdapHierarchyUnit newHierarchyUnit = new LdapHierarchyUnit(this, dn);
wc.getNewData().put(dn, newHierarchyUnit);
return newHierarchyUnit;
}
*/
@Override
- public String getContext() {
+ public String getBase() {
return getBaseDn().toString();
}
}
@Override
- public LdapEntry newUser(LdapName name, Attributes attrs) {
- return getDirectory().newUser(name, attrs);
+ public LdapEntry newUser(LdapName name) {
+ return getDirectory().newUser(name);
}
@Override
- public LdapEntry newGroup(LdapName name, Attributes attrs) {
- return getDirectory().newGroup(name, attrs);
+ public LdapEntry newGroup(LdapName name) {
+ return getDirectory().newGroup(name);
}
}
private final LdapName dn;
- private Attributes publishedAttributes;
+// private Attributes publishedAttributes;
// Temporarily expose the fields
protected AttributeDictionary properties;
protected AttributeDictionary credentials;
- protected DefaultLdapEntry(AbstractLdapDirectory directory, LdapName dn, Attributes attributes) {
+ protected DefaultLdapEntry(AbstractLdapDirectory directory, LdapName dn) {
Objects.requireNonNull(directory);
Objects.requireNonNull(dn);
this.directory = directory;
this.dn = dn;
- this.publishedAttributes = attributes;
+// this.publishedAttributes = attributes;
// properties = new AttributeDictionary(false);
// credentials = new AttributeDictionary(true);
}
}
public synchronized Attributes getAttributes() {
- // lazy loading
- if (publishedAttributes == null)
- publishedAttributes = getDirectory().getDirectoryDao().doGetAttributes(dn);
- return isEditing() ? getModifiedAttributes() : publishedAttributes;
+// // lazy loading
+// if (publishedAttributes == null)
+// publishedAttributes = getDirectory().getDirectoryDao().doGetAttributes(dn);
+ return isEditing() ? getModifiedAttributes() : getDirectory().getDirectoryDao().doGetAttributes(dn);
}
@Override
}
public synchronized void publishAttributes(Attributes modifiedAttributes) {
- publishedAttributes = modifiedAttributes;
+// publishedAttributes = modifiedAttributes;
}
/*
public Object put(String key, Object value) {
try {
if (key == null) {
+ // FIXME remove this "feature", a key should be specified
// TODO persist to other sources (like PKCS12)
char[] password = DirectoryDigestUtils.bytesToChars(value);
byte[] hashedPassword = sha1hash(password);
if (key.startsWith("X-")) {
return put(LdapAttrs.authPassword.name(), value);
}
+
+ // start editing
+ getDirectory().checkEdit();
+ if (!isEditing())
+ startEditing();
+
+ // object classes special case.
if (key.equals(LdapAttrs.objectClasses.name())) {
Attribute attribute = new BasicAttribute(LdapAttrs.objectClass.name());
String[] objectClasses = value.toString().split("\n");
return null;
}
- getDirectory().checkEdit();
- if (!isEditing())
- startEditing();
-
if (!(value instanceof String || value instanceof byte[]))
throw new IllegalArgumentException("Value must be String or byte[]");
attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
}
- res = newGroup(name, attrs);
+ res = newGroup(name);
} else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) {
if (attrs.size() == 0) {// exists but not accessible
attrs = new BasicAttributes();
attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
}
- res = newGroup(name, attrs);
+ res = newGroup(name);
} else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) {
if (attrs.size() == 0) {// exists but not accessible
attrs = new BasicAttributes();
attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
attrs.put(LdapAttrs.objectClass.name(), getDirectory().getUserObjectClass());
}
- res = newUser(name, attrs);
+ res = newUser(name);
} else {
- res = new DefaultLdapEntry(getDirectory(), name, attrs);
+ res = new DefaultLdapEntry(getDirectory(), name);
}
return res;
} catch (NameNotFoundException e) {
ArrayList<LdapEntry> res = new ArrayList<>();
try {
String searchFilter = f != null ? f.toString()
- : "(|(" + objectClass + "=" + getDirectory().getUserObjectClass() + ")(" + objectClass + "="
- + getDirectory().getGroupObjectClass() + "))";
+ : "(|(" + objectClass.name() + "=" + getDirectory().getUserObjectClass() + ")(" + objectClass.name()
+ + "=" + getDirectory().getGroupObjectClass() + "))";
SearchControls searchControls = new SearchControls();
+ // only attribute needed is objectClass
+ searchControls.setReturningAttributes(new String[] { objectClass.name() });
// FIXME make one level consistent with deep
searchControls.setSearchScope(deep ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
LdapEntry role;
if (objectClassAttr.contains(getDirectory().getGroupObjectClass())
|| objectClassAttr.contains(getDirectory().getGroupObjectClass().toLowerCase()))
- role = newGroup(dn, attrs);
+ role = newGroup(dn);
else if (objectClassAttr.contains(getDirectory().getUserObjectClass())
|| objectClassAttr.contains(getDirectory().getUserObjectClass().toLowerCase()))
- role = newUser(dn, attrs);
+ role = newUser(dn);
else {
// log.warn("Unsupported LDAP type for " + searchResult.getName());
continue results;
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ // no attributes needed
+ searchControls.setReturningAttributes(new String[0]);
NamingEnumeration<SearchResult> results = ldapConnection.search(searchBase, searchFilter, searchControls);
while (results.hasMoreElements()) {
SearchResult searchResult = (SearchResult) results.nextElement();
LdapName dn = toDn(searchBase, searchResult);
- Attributes attrs = searchResult.getAttributes();
- LdapHierarchyUnit hierarchyUnit = new LdapHierarchyUnit(getDirectory(), dn, attrs);
+// Attributes attrs = searchResult.getAttributes();
+ LdapHierarchyUnit hierarchyUnit = new LdapHierarchyUnit(getDirectory(), dn);
if (functionalOnly) {
if (hierarchyUnit.isFunctional())
res.add(hierarchyUnit);
return getDirectory();
if (!dn.startsWith(getDirectory().getBaseDn()))
throw new IllegalArgumentException(dn + " does not start with base DN " + getDirectory().getBaseDn());
- Attributes attrs = ldapConnection.getAttributes(dn);
- return new LdapHierarchyUnit(getDirectory(), dn, attrs);
+ if (!ldapConnection.entryExists(dn))
+ return null;
+ return new LdapHierarchyUnit(getDirectory(), dn);
} catch (NameNotFoundException e) {
return null;
} catch (NamingException e) {
HierarchyUnit doGetHierarchyUnit(LdapName dn);
- LdapEntry newUser(LdapName name, Attributes attrs);
+ LdapEntry newUser(LdapName name);
- LdapEntry newGroup(LdapName name, Attributes attrs);
+ LdapEntry newGroup(LdapName name);
void init();
package org.argeo.util.directory.ldap;
+import java.util.Arrays;
import java.util.Dictionary;
import java.util.List;
+import java.util.Set;
+import java.util.StringJoiner;
+import java.util.TreeSet;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
+import org.argeo.util.naming.LdapAttrs;
+
+/** An LDAP entry. */
public interface LdapEntry {
LdapName getDn();
void publishAttributes(Attributes modifiedAttributes);
- public List<LdapName> getReferences(String attributeId);
-
- public Dictionary<String, Object> getProperties();
+ List<LdapName> getReferences(String attributeId);
+
+ Dictionary<String, Object> getProperties();
- public boolean hasCredential(String key, Object value) ;
+ boolean hasCredential(String key, Object value);
+ /*
+ * UTILITIES
+ */
+ public static void addObjectClasses(Dictionary<String, Object> properties, Set<String> objectClasses) {
+ String value = properties.get(LdapAttrs.objectClasses.name()).toString();
+ Set<String> currentObjectClasses = new TreeSet<>(Arrays.asList(value.toString().split("\n")));
+ currentObjectClasses.addAll(objectClasses);
+ StringJoiner values = new StringJoiner("\n");
+ currentObjectClasses.forEach((s) -> values.add(s));
+ properties.put(LdapAttrs.objectClasses.name(), values.toString());
+ }
}
package org.argeo.util.directory.ldap;
-import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
public class LdapHierarchyUnit extends DefaultLdapEntry implements HierarchyUnit {
private final boolean functional;
- public LdapHierarchyUnit(AbstractLdapDirectory directory, LdapName dn, Attributes attributes) {
- super(directory, dn, attributes);
+ public LdapHierarchyUnit(AbstractLdapDirectory directory, LdapName dn) {
+ super(directory, dn);
Rdn rdn = LdapNameUtils.getLastRdn(dn);
functional = !(directory.getUserBaseRdn().equals(rdn) || directory.getGroupBaseRdn().equals(rdn)
- || directory.getSystemRoleBaseRdn().equals(rdn) );
+ || directory.getSystemRoleBaseRdn().equals(rdn));
}
@Override
}
@Override
- public String getContext() {
+ public String getBase() {
return getDn().toString();
}
return getLastRdn(dn).toString();
}
+ public static String getLastRdnValue(String dn) {
+ return getLastRdnValue(toLdapName(dn));
+ }
+
public static String getLastRdnValue(LdapName dn) {
return getLastRdn(dn).getValue().toString();
}
/** A user admin based on a LDIF files. */
public class LdifDao extends AbstractLdapDirectoryDao {
private NavigableMap<LdapName, LdapEntry> entries = new TreeMap<>();
-
private NavigableMap<LdapName, LdapHierarchyUnit> hierarchy = new TreeMap<>();
+ private NavigableMap<LdapName, Attributes> values = new TreeMap<>();
+
public LdifDao(AbstractLdapDirectory directory) {
super(directory);
}
lowerCase.add(id);
}
+ values.put(key, attributes);
+
// analyse object classes
NamingEnumeration<?> objectClasses = attributes.get(objectClass.name()).getAll();
// System.out.println(key);
String objectClass = objectClasses.next().toString();
// System.out.println(" " + objectClass);
if (objectClass.toLowerCase().equals(inetOrgPerson.name().toLowerCase())) {
- entries.put(key, newUser(key, attributes));
+ entries.put(key, newUser(key));
break objectClasses;
} else if (objectClass.toLowerCase().equals(getDirectory().getGroupObjectClass().toLowerCase())) {
- entries.put(key, newGroup(key, attributes));
+ entries.put(key, newGroup(key));
break objectClasses;
} else if (objectClass.equalsIgnoreCase(LdapObjs.organizationalUnit.name())) {
// TODO skip if it does not contain groups or users
- hierarchy.put(key, new LdapHierarchyUnit(getDirectory(), key, attributes));
+ hierarchy.put(key, new LdapHierarchyUnit(getDirectory(), key));
break objectClasses;
}
}
@Override
public Attributes doGetAttributes(LdapName name) {
- try {
- return doGetEntry(name).getAttributes();
- } catch (NameNotFoundException e) {
- throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn(), e);
- }
+ if (!values.containsKey(name))
+ throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn());
+ return values.get(name);
}
@Override
}
private synchronized void cleanUp(Xid xid) {
- wc(xid).cleanUp();
- workingCopies.remove(xid);
+ WC wc = workingCopies.get(xid);
+ if (wc != null) {
+ wc.cleanUp();
+ workingCopies.remove(xid);
+ }
editingXid = null;
}
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
- String baseDn = userDirectory.getContext();
+ String baseDn = userDirectory.getBase();
if (onlyWritable && readOnly)
continue;