import org.argeo.osgi.transaction.WorkControl;
import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.LdapObjs;
import org.osgi.framework.Filter;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
private final Hashtable<String, Object> properties;
- private final LdapName baseDn, userBaseDn, groupBaseDn;
- private final String userObjectClass, userBase, groupObjectClass, groupBase;
+ private final LdapName baseDn;
+ // private final LdapName userBaseDn, groupBaseDn;
+ private final Rdn userBaseRdn, groupBaseRdn, systemRoleBaseRdn;
+ private final String userObjectClass, groupObjectClass;
private final boolean readOnly;
private final boolean disabled;
forcedPassword = UserAdminConf.forcedPassword.getValue(properties);
userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
- userBase = UserAdminConf.userBase.getValue(properties);
+ String userBase = UserAdminConf.userBase.getValue(properties);
groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
- groupBase = UserAdminConf.groupBase.getValue(properties);
+ String groupBase = UserAdminConf.groupBase.getValue(properties);
+ String systemRoleBase = UserAdminConf.systemRoleBase.getValue(properties);
try {
baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
- userBaseDn = new LdapName(userBase + "," + baseDn);
- groupBaseDn = new LdapName(groupBase + "," + baseDn);
+ userBaseRdn = new Rdn(userBase);
+// userBaseDn = new LdapName(userBase + "," + baseDn);
+ groupBaseRdn = new Rdn(groupBase);
+// groupBaseDn = new LdapName(groupBase + "," + baseDn);
+ systemRoleBaseRdn = new Rdn(systemRoleBase);
} catch (InvalidNameException e) {
throw new IllegalArgumentException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties),
e);
*/
@Override
- public String getGlobalId() {
+ public String getContext() {
return getBaseDn().toString();
}
try {
LdapName name = (LdapName) getBaseDn().clone();
String[] segments = path.split("/");
- String parentSegment = null;
+ Rdn parentRdn = null;
for (String segment : segments) {
- String attr = "ou";
- if (parentSegment != null) {
- if (getUserBase().equals(parentSegment))
- attr = "uid";
- else if (getGroupBase().equals(parentSegment))
- attr = "cn";
+ // TODO make attr names configurable ?
+ String attr = LdapAttrs.ou.name();
+ if (parentRdn != null) {
+ if (getUserBaseRdn().equals(parentRdn))
+ attr = LdapAttrs.uid.name();
+ else if (getGroupBaseRdn().equals(parentRdn))
+ attr = LdapAttrs.cn.name();
+ else if (getSystemRoleBaseRdn().equals(parentRdn))
+ attr = LdapAttrs.cn.name();
}
Rdn rdn = new Rdn(attr, segment);
name.add(rdn);
-
- // TODO make it more robust using RDNs
- parentSegment = rdn.toString();
+ parentRdn = rdn;
}
return name;
} catch (InvalidNameException e) {
}
protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) {
- LdifUser newRole;
+ DirectoryUser newRole;
BasicAttribute objClass = new BasicAttribute(objectClass.name());
if (type == Role.USER) {
String userObjClass = newUserObjectClass(dn);
objClass.add(top.name());
objClass.add(extensibleObject.name());
attrs.put(objClass);
- newRole = new LdifUser(this, dn, attrs);
+ newRole = newUser(dn, attrs);
} else if (type == Role.GROUP) {
String groupObjClass = getGroupObjectClass();
objClass.add(groupObjClass);
// objClass.add(LdifName.extensibleObject.name());
objClass.add(top.name());
attrs.put(objClass);
- newRole = new LdifGroup(this, dn, attrs);
+ newRole = newGroup(dn, attrs);
} else
throw new IllegalArgumentException("Unsupported type " + type);
return newRole;
// }
@Override
- public Iterable<HierarchyUnit> getRootHierarchyUnits() {
+ public Iterable<HierarchyUnit> getDirectHierarchyUnits(boolean functionalOnly) {
throw new UnsupportedOperationException();
}
+ /*
+ * ROLES CREATION
+ */
+ protected DirectoryUser newUser(LdapName name, Attributes attrs) {
+ // TODO support devices, applications, etc.
+ return new LdifUser.LdifPerson(this, name, attrs);
+ }
+
+ protected DirectoryGroup newGroup(LdapName name, Attributes attrs) {
+ if (LdapNameUtils.getParentRdn(name).equals(getSystemRoleBaseRdn()))
+ return new LdifGroup.LdifSystemPermissions(this, name, attrs);
+
+ if (hasObjectClass(attrs, LdapObjs.organization))
+ return new LdifGroup.LdifOrganization(this, name, attrs);
+ else
+ return new LdifGroup.LdifFunctionalGroup(this, name, attrs);
+
+ }
+
+ private boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
+ try {
+ Attribute attr = attrs.get(LdapAttrs.objectClass.name());
+ NamingEnumeration<?> en = attr.getAll();
+ while (en.hasMore()) {
+ String v = en.next().toString();
+ if (v.equalsIgnoreCase(objectClass.name()))
+ return true;
+
+ }
+ return false;
+ } catch (NamingException e) {
+ throw new IllegalStateException("Cannot search for objectClass " + objectClass.name(), e);
+ }
+ }
+
// GETTERS
protected String getMemberAttributeId() {
return memberAttributeId;
}
protected int roleType(LdapName dn) {
- if (dn.startsWith(groupBaseDn))
+ Rdn technicalRdn = LdapNameUtils.getParentRdn(dn);
+ if (getGroupBaseRdn().equals(technicalRdn) || getSystemRoleBaseRdn().equals(technicalRdn))
return Role.GROUP;
- else if (dn.startsWith(userBaseDn))
+ else if (userBaseRdn.equals(technicalRdn))
return Role.USER;
else
- return Role.GROUP;
+ throw new IllegalArgumentException(
+ "Cannot dind role type, " + technicalRdn + " is not a technical RDN for " + dn);
}
/** dn can be null, in that case a default should be returned. */
return userObjectClass;
}
- public String getUserBase() {
- return userBase;
+ Rdn getUserBaseRdn() {
+ return userBaseRdn;
}
protected String newUserObjectClass(LdapName dn) {
return groupObjectClass;
}
- public String getGroupBase() {
- return groupBase;
+ Rdn getGroupBaseRdn() {
+ return groupBaseRdn;
+ }
+
+ Rdn getSystemRoleBaseRdn() {
+ return systemRoleBaseRdn;
}
LdapName getBaseDn() {