import org.argeo.util.transaction.WorkingCopyXaResource;
import org.argeo.util.transaction.XAResourceProvider;
+/** A {@link Directory} based either on LDAP or LDIF. */
public abstract class AbstractLdapDirectory implements Directory, XAResourceProvider {
protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
String key = keys.nextElement();
configProperties.put(key, props.get(key));
}
- baseDn = toLdapName(DirectoryConf.baseDn.getValue(configProperties));
+
+ String baseDnStr = DirectoryConf.baseDn.getValue(configProperties);
+ if (baseDnStr == null)
+ throw new IllegalArgumentException("Base DN must be specified: " + configProperties);
+ baseDn = toLdapName(baseDnStr);
this.scoped = scoped;
if (uriArg != null) {
// TODO manage generic redundant LDAP case
directoryDao = new LdapDao(this);
} else {
- URI u = URI.create(uri);
- if (DirectoryConf.SCHEME_LDAP.equals(u.getScheme()) || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
- directoryDao = new LdapDao(this);
- } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
- directoryDao = new LdifDao(this);
- } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
- directoryDao = new OsUserDirectory(this);
- // singleUser = true;
+ if (uri != null) {
+ URI u = URI.create(uri);
+ if (DirectoryConf.SCHEME_LDAP.equals(u.getScheme())
+ || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
+ directoryDao = new LdapDao(this);
+ } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
+ directoryDao = new LdifDao(this);
+ } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
+ directoryDao = new OsUserDirectory(this);
+ // singleUser = true;
+ } else {
+ throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
+ }
} else {
- throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
+ // in memory
+ directoryDao = new LdifDao(this);
}
}
- xaResource = new WorkingCopyXaResource<>(directoryDao);
+ if (directoryDao != null)
+ xaResource = new WorkingCopyXaResource<>(directoryDao);
}
/*
- * ABSTRACT METHODS
- */
-
-// public abstract HierarchyUnit doGetHierarchyUnit(LdapName dn);
-//
-// public abstract Iterable<HierarchyUnit> doGetDirectHierarchyUnits(LdapName searchBase, boolean functionalOnly);
-//
-// protected abstract Boolean daoHasEntry(LdapName dn);
-//
-// protected abstract LdapEntry daoGetEntry(LdapName key) throws NameNotFoundException;
-//
-// protected abstract List<LdapEntry> doGetEntries(LdapName searchBase, Filter f, boolean deep);
-//
-// /** Returns the groups this user is a direct member of. */
-// protected abstract List<LdapName> getDirectGroups(LdapName dn);
- /*
- * INITIALIZATION
+ * INITIALISATION
*/
public void init() {
/*
* CREATION
*/
- protected abstract LdapEntry newUser(LdapName name, Attributes attrs);
+ protected abstract LdapEntry newUser(LdapName name);
- protected abstract LdapEntry newGroup(LdapName name, Attributes attrs);
+ protected abstract LdapEntry newGroup(LdapName name);
/*
* EDITION
LdapEntry group = doGetRole(groupDn);
if (group != null) {
allRoles.add(group);
- }else {
+ } else {
// user doesn't have the right to retrieve role, but we know it exists
// otherwise memberOf would not work
- Attributes a = new BasicAttributes();
- a.put(LdapNameUtils.getLastRdn(groupDn).getType(), LdapNameUtils.getLastRdn(groupDn).getValue());
- a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
- group = newGroup(groupDn, a);
+// Attributes a = new BasicAttributes();
+// a.put(LdapNameUtils.getLastRdn(groupDn).getType(),
+// LdapNameUtils.getLastRdn(groupDn).getValue());
+// a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+ group = newGroup(groupDn);
allRoles.add(group);
}
}
throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
}
} else {
- for (LdapName groupDn : getDirectoryDao().getDirectGroups(user.getDn())) {
- // TODO check for loops
+ directGroups: for (LdapName groupDn : getDirectoryDao().getDirectGroups(user.getDn())) {
LdapEntry group = doGetRole(groupDn);
if (group != null) {
+ if (allRoles.contains(group)) {
+ // important in order to avoi loops
+ continue directGroups;
+ }
allRoles.add(group);
collectGroups(group, allRoles);
}
return this;
}
+ @Override
+ public HierarchyUnit createHierarchyUnit(String path) {
+ checkEdit();
+ LdapEntryWorkingCopy wc = getWorkingCopy();
+ LdapName dn = pathToName(path);
+ if ((getDirectoryDao().entryExists(dn) && !wc.getDeletedData().containsKey(dn))
+ || wc.getNewData().containsKey(dn))
+ throw new IllegalArgumentException("Already a hierarchy unit " + path);
+ BasicAttributes attrs = new BasicAttributes(true);
+ attrs.put(LdapAttrs.objectClass.name(), LdapObjs.organizationalUnit.name());
+ Rdn nameRdn = dn.getRdn(dn.size() - 1);
+ // TODO deal with multiple attr RDN
+ attrs.put(nameRdn.getType(), nameRdn.getValue());
+ wc.getModifiedData().put(dn, attrs);
+ LdapHierarchyUnit newHierarchyUnit = new LdapHierarchyUnit(this, dn);
+ wc.getNewData().put(dn, newHierarchyUnit);
+ return newHierarchyUnit;
+ }
+
/*
* PATHS
*/
@Override
- public String getContext() {
+ public String getBase() {
return getBaseDn().toString();
}
protected boolean isExternal(LdapName name) {
return !name.startsWith(baseDn);
}
-
+
protected static boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
return hasObjectClass(attrs, objectClass.name());
}