import org.argeo.util.directory.DirectoryDigestUtils;
import org.argeo.util.directory.HierarchyUnit;
import org.argeo.util.directory.ldap.AbstractLdapDirectory;
+import org.argeo.util.directory.ldap.LdapDao;
import org.argeo.util.directory.ldap.LdapEntry;
import org.argeo.util.directory.ldap.LdapEntryWorkingCopy;
import org.argeo.util.directory.ldap.LdapNameUtils;
import org.argeo.util.directory.ldap.LdifDao;
-import org.argeo.util.naming.LdapObjs;
import org.osgi.framework.Filter;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
*/
protected AbstractLdapDirectory scope(User user) {
- throw new UnsupportedAddressTypeException();
+ if (getDirectoryDao() instanceof LdapDao) {
+ return scopeLdap(user);
+ } else if (getDirectoryDao() instanceof LdifDao) {
+ return scopeLdif(user);
+ } else {
+ throw new IllegalStateException("Unsupported DAO " + getDirectoryDao().getClass());
+ }
}
protected DirectoryUserAdmin scopeLdap(User user) {
String username = (String) credentials.get(SHARED_STATE_USERNAME);
if (username == null)
username = user.getName();
- Dictionary<String, Object> properties = cloneProperties();
+ Dictionary<String, Object> properties = cloneConfigProperties();
properties.put(Context.SECURITY_PRINCIPAL, username.toString());
Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
byte[] pwd = (byte[]) pwdCred;
} else {
properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
}
- return new DirectoryUserAdmin(null, properties, true);
+ DirectoryUserAdmin scopedDirectory = new DirectoryUserAdmin(null, properties, true);
+ scopedDirectory.init();
+ return scopedDirectory;
}
protected DirectoryUserAdmin scopeLdif(User user) {
} else {
throw new IllegalStateException("Password is required");
}
- Dictionary<String, Object> properties = cloneProperties();
+ Dictionary<String, Object> properties = cloneConfigProperties();
properties.put(DirectoryConf.readOnly.name(), "true");
DirectoryUserAdmin scopedUserAdmin = new DirectoryUserAdmin(null, properties, true);
// scopedUserAdmin.groups = Collections.unmodifiableNavigableMap(groups);
// scopedUserAdmin.users = Collections.unmodifiableNavigableMap(users);
// FIXME do it better
((LdifDao) getDirectoryDao()).scope((LdifDao) scopedUserAdmin.getDirectoryDao());
+ scopedUserAdmin.init();
return scopedUserAdmin;
}
@Override
public Role getRoleByPath(String path) {
- return (Role) doGetRole(pathToName(path));
+ LdapEntry entry = doGetRole(pathToName(path));
+ if (!(entry instanceof Role)) {
+ throw new IllegalStateException("Path must be a UserAdmin Role.");
+ } else {
+ return (Role) entry;
+ }
}
protected List<Role> getAllRoles(DirectoryUser user) {
LdapEntry entry = (LdapEntry) user;
collectGroups(entry, allEntries);
for (LdapEntry e : allEntries) {
- allRoles.add((Role) e);
+ if (e instanceof Role)
+ allRoles.add((Role) e);
}
// Attributes attrs = user.getAttributes();
// // TODO centralize attribute name
checkEdit();
LdapEntryWorkingCopy wc = getWorkingCopy();
LdapName dn = toLdapName(name);
- if ((getDirectoryDao().daoHasEntry(dn) && !wc.getDeletedData().containsKey(dn))
+ if ((getDirectoryDao().entryExists(dn) && !wc.getDeletedData().containsKey(dn))
|| wc.getNewData().containsKey(dn))
throw new IllegalArgumentException("Already a role " + name);
BasicAttributes attrs = new BasicAttributes(true);
*/
protected LdapEntry newUser(LdapName name, Attributes attrs) {
// TODO support devices, applications, etc.
- return new LdifUser.LdifPerson(this, name, attrs);
+ return new LdifUser(this, name, attrs);
}
protected LdapEntry newGroup(LdapName name, Attributes attrs) {
- if (LdapNameUtils.getParentRdn(name).equals(getSystemRoleBaseRdn()))
- return new LdifGroup.LdifSystemPermissions(this, name, attrs);
-
- if (hasObjectClass(attrs, LdapObjs.organization))
- return new LdifGroup.LdifOrganization(this, name, attrs);
- else
- return new LdifGroup.LdifFunctionalGroup(this, name, attrs);
+ return new LdifGroup(this, name, attrs);
}