org.argeo.enterprise/src/org/argeo/osgi/useradmin/IpaUtils.java

   1 package org.argeo.osgi.useradmin;
   2
   3 import javax.naming.InvalidNameException;
   4 import javax.naming.ldap.LdapName;
   5
   6 import org.argeo.naming.LdapAttrs;
   7
   8 /** Free IPA specific conventions. */
   9 public class IpaUtils {
  10         public final static String IPA_USER_BASE = "cn=users,cn=accounts";
  11         public final static String IPA_GROUP_BASE = "cn=groups,cn=accounts";
  12         public final static String IPA_SERVICE_BASE = "cn=services,cn=accounts";
  13
  14         private final static String KRB_PRINCIPAL_NAME = LdapAttrs.krbPrincipalName.name().toLowerCase();
  15
  16         public final static String IPA_USER_DIRECTORY_CONFIG = UserAdminConf.userBase + "=" + IPA_USER_BASE + "&"
  17                         + UserAdminConf.groupBase + "=" + IPA_GROUP_BASE + "&" + UserAdminConf.readOnly + "=true";
  18
  19         static String domainToUserDirectoryConfigPath(String realm) {
  20                 return domainToBaseDn(realm) + "?" + IPA_USER_DIRECTORY_CONFIG + "&" + UserAdminConf.realm.name() + "=" + realm;
  21         }
  22
  23         public static String domainToBaseDn(String domain) {
  24                 String[] dcs = domain.split("\\.");
  25                 StringBuilder sb = new StringBuilder();
  26                 for (int i = 0; i < dcs.length; i++) {
  27                         if (i != 0)
  28                                 sb.append(',');
  29                         String dc = dcs[i];
  30                         sb.append(LdapAttrs.dc.name()).append('=').append(dc.toLowerCase());
  31                 }
  32                 return sb.toString();
  33         }
  34
  35         public static LdapName kerberosToDn(String kerberosName) {
  36                 String[] kname = kerberosName.split("@");
  37                 String username = kname[0];
  38                 String baseDn = domainToBaseDn(kname[1]);
  39                 String dn;
  40                 if (!username.contains("/"))
  41                         dn = LdapAttrs.uid + "=" + username + "," + IPA_USER_BASE + "," + baseDn;
  42                 else
  43                         dn = KRB_PRINCIPAL_NAME + "=" + kerberosName + "," + IPA_SERVICE_BASE + "," + baseDn;
  44                 try {
  45                         return new LdapName(dn);
  46                 } catch (InvalidNameException e) {
  47                         throw new IllegalArgumentException("Badly formatted name for " + kerberosName + ": " + dn);
  48                 }
  49         }
  50
  51         private IpaUtils() {
  52
  53         }
  54 }