package org.argeo.osgi.useradmin;
import static org.argeo.naming.LdapAttrs.objectClass;
+import static org.argeo.naming.LdapObjs.extensibleObject;
import static org.argeo.naming.LdapObjs.inetOrgPerson;
import static org.argeo.naming.LdapObjs.organizationalPerson;
import static org.argeo.naming.LdapObjs.person;
import java.util.List;
import javax.naming.InvalidNameException;
+import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
protected abstract Boolean daoHasRole(LdapName dn);
- protected abstract DirectoryUser daoGetRole(LdapName key);
+ protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException;
protected abstract List<DirectoryUser> doGetRoles(Filter f);
private void collectRoles(DirectoryUser user, List<Role> allRoles) {
Attributes attrs = user.getAttributes();
// TODO centralize attribute name
- Attribute memberOf = attrs.get("memberOf");
+ Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
if (memberOf != null) {
try {
NamingEnumeration<?> values = memberOf.getAll();
LdapName groupDn = new LdapName(value.toString());
DirectoryUser group = doGetRole(groupDn);
allRoles.add(group);
- if (log.isDebugEnabled())
- log.debug("Add memberOf " + groupDn);
+ if (log.isTraceEnabled())
+ log.trace("Add memberOf " + groupDn);
}
} catch (Exception e) {
throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
// TODO check for loops
DirectoryUser group = doGetRole(groupDn);
allRoles.add(group);
- if (log.isDebugEnabled())
- log.debug("Add direct group " + groupDn);
+ if (log.isTraceEnabled())
+ log.trace("Add direct group " + groupDn);
collectRoles(group, allRoles);
}
}
protected DirectoryUser doGetRole(LdapName dn) {
UserDirectoryWorkingCopy wc = getWorkingCopy();
- DirectoryUser user = daoGetRole(dn);
+ DirectoryUser user;
+ try {
+ user = daoGetRole(dn);
+ } catch (NameNotFoundException e) {
+ user = null;
+ }
if (wc != null) {
if (user == null && wc.getNewUsers().containsKey(dn))
user = wc.getNewUsers().get(dn);
AbstractUserDirectory scopedUserAdmin = scope(user);
try {
DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+ if (directoryUser == null)
+ throw new UserDirectoryException("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
scopedUserAdmin.getAllRoles(directoryUser));
return authorization;
if (wc.getDeletedUsers().containsKey(dn)) {
wc.getDeletedUsers().remove(dn);
wc.getModifiedUsers().put(dn, attrs);
+ return getRole(name);
} else {
wc.getModifiedUsers().put(dn, attrs);
DirectoryUser newRole = newRole(dn, type, attrs);
wc.getNewUsers().put(dn, newRole);
+ return newRole;
}
- return getRole(name);
}
protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) {
objClass.add(person.name());
}
objClass.add(top.name());
+ objClass.add(extensibleObject.name());
attrs.put(objClass);
newRole = new LdifUser(this, dn, attrs);
} else if (type == Role.GROUP) {
return uri;
}
- // protected List<String> getIndexedUserProperties() {
- // return indexedUserProperties;
- // }
- //
- // protected void setIndexedUserProperties(List<String>
- // indexedUserProperties) {
- // this.indexedUserProperties = indexedUserProperties;
- // }
-
private static boolean readOnlyDefault(URI uri) {
if (uri == null)
return true;
if (uri.getScheme() == null)
return false;// assume relative file to be writable
- if (uri.getScheme().equals("file")) {
+ if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
File file = new File(uri);
if (file.exists())
return !file.canWrite();
else
return !file.getParentFile().canWrite();
+ } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) {
+ if (uri.getAuthority() != null)// assume writable if authenticated
+ return false;
+ } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) {
+ return true;
}
- return true;
+ return true;// read only by default
}
public boolean isReadOnly() {