import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.transaction.xa.XAResource;
protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
- protected final LdapName baseDn;
- protected final Hashtable<String, Object> configProperties;
+ private final LdapName baseDn;
+ private final Hashtable<String, Object> configProperties;
private final Rdn userBaseRdn, groupBaseRdn, systemRoleBaseRdn;
private final String userObjectClass, groupObjectClass;
private String memberAttributeId = "member";
String key = keys.nextElement();
configProperties.put(key, props.get(key));
}
- baseDn = toLdapName(DirectoryConf.baseDn.getValue(configProperties));
+
+ String baseDnStr = DirectoryConf.baseDn.getValue(configProperties);
+ if (baseDnStr == null)
+ throw new IllegalArgumentException("Base DN must be specified: " + configProperties);
+ baseDn = toLdapName(baseDnStr);
this.scoped = scoped;
if (uriArg != null) {
disabled = Boolean.parseBoolean(disabledStr);
else
disabled = false;
-
- URI u = URI.create(uri);
- if (!getRealm().isEmpty() || DirectoryConf.SCHEME_LDAP.equals(u.getScheme())
- || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
+ if (!getRealm().isEmpty()) {
+ // IPA multiple LDAP causes URI parsing to fail
+ // TODO manage generic redundant LDAP case
directoryDao = new LdapDao(this);
- } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
- directoryDao = new LdifDao(this);
- } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
- directoryDao = new OsUserDirectory(this);
- // singleUser = true;
} else {
- throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
+ if (uri != null) {
+ URI u = URI.create(uri);
+ if (DirectoryConf.SCHEME_LDAP.equals(u.getScheme())
+ || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
+ directoryDao = new LdapDao(this);
+ } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
+ directoryDao = new LdifDao(this);
+ } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
+ directoryDao = new OsUserDirectory(this);
+ // singleUser = true;
+ } else {
+ throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
+ }
+ } else {
+ // in memory
+ directoryDao = new LdifDao(this);
+ }
}
- xaResource = new WorkingCopyXaResource<>(directoryDao);
+ if (directoryDao != null)
+ xaResource = new WorkingCopyXaResource<>(directoryDao);
}
/*
Object value = values.next();
LdapName groupDn = new LdapName(value.toString());
LdapEntry group = doGetRole(groupDn);
- if (group != null)
+ if (group != null) {
+ allRoles.add(group);
+ } else {
+ // user doesn't have the right to retrieve role, but we know it exists
+ // otherwise memberOf would not work
+ Attributes a = new BasicAttributes();
+ a.put(LdapNameUtils.getLastRdn(groupDn).getType(),
+ LdapNameUtils.getLastRdn(groupDn).getValue());
+ a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+ group = newGroup(groupDn, a);
allRoles.add(group);
+ }
}
} catch (NamingException e) {
throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
return directoryDao.doGetDirectHierarchyUnits(baseDn, functionalOnly);
}
+ @Override
+ public String getHierarchyUnitName() {
+ return getName();
+ }
+
+ @Override
+ public HierarchyUnit getParent() {
+ return null;
+ }
+
+ @Override
+ public boolean isFunctional() {
+ return true;
+ }
+
+ @Override
+ public Directory getDirectory() {
+ return this;
+ }
+
/*
* PATHS
*/
LdapName name = (LdapName) getBaseDn().clone();
String[] segments = path.split("/");
Rdn parentRdn = null;
- for (String segment : segments) {
+ // segments[0] is the directory itself
+ for (int i = 0; i < segments.length; i++) {
+ String segment = segments[i];
// TODO make attr names configurable ?
- String attr = LdapAttrs.ou.name();
+ String attr = path.startsWith("accounts/")/* IPA */ ? LdapAttrs.cn.name() : LdapAttrs.ou.name();
if (parentRdn != null) {
if (getUserBaseRdn().equals(parentRdn))
attr = LdapAttrs.uid.name();
/*
* UTILITIES
*/
+ protected boolean isExternal(LdapName name) {
+ return !name.startsWith(baseDn);
+ }
+
protected static boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
return hasObjectClass(attrs, objectClass.name());
}