X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=52fa38b110a68c1616eb046be0a93dcf69e51a19;hb=f520af45449b203a879392e8a0aeda6703abadfa;hp=cd28748f583c70cbd6553fde16bd3d3a092ed369;hpb=9f729eeb8255a9d800ad2506735dda8cc215a135;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index cd28748f5..52fa38b11 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -1,6 +1,6 @@ package org.argeo.osgi.useradmin; -import static org.argeo.naming.LdapAttrs.objectClass; +import static org.argeo.util.naming.LdapAttrs.objectClass; import java.util.ArrayList; import java.util.Dictionary; @@ -19,6 +19,7 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; +import org.argeo.util.naming.LdapObjs; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; @@ -79,13 +80,13 @@ public class LdapUserAdmin extends AbstractUserDirectory { if (attrs.size() == 0) return null; int roleType = roleType(name); - LdifUser res; + DirectoryUser res; if (roleType == Role.GROUP) - res = new LdifGroup(this, name, attrs); + res = newGroup(name, attrs); else if (roleType == Role.USER) - res = new LdifUser(this, name, attrs); + res = newUser(name, attrs); else - throw new UserDirectoryException("Unsupported LDAP type for " + name); + throw new IllegalArgumentException("Unsupported LDAP type for " + name); return res; } catch (NameNotFoundException e) { throw e; @@ -95,16 +96,17 @@ public class LdapUserAdmin extends AbstractUserDirectory { } @Override - protected List doGetRoles(Filter f) { + protected List doGetRoles(LdapName searchBase, Filter f, boolean deep) { ArrayList res = new ArrayList(); try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" + objectClass + "=" + getGroupObjectClass() + "))"; SearchControls searchControls = new SearchControls(); - searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); + // FIXME make one level consistent with deep + searchControls.setSearchScope(deep ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE); - LdapName searchBase = getBaseDn(); + // LdapName searchBase = getBaseDn(); NamingEnumeration results = ldapConnection.search(searchBase, searchFilter, searchControls); results: while (results.hasMoreElements()) { @@ -112,13 +114,13 @@ public class LdapUserAdmin extends AbstractUserDirectory { Attributes attrs = searchResult.getAttributes(); Attribute objectClassAttr = attrs.get(objectClass.name()); LdapName dn = toDn(searchBase, searchResult); - LdifUser role; + DirectoryUser role; if (objectClassAttr.contains(getGroupObjectClass()) || objectClassAttr.contains(getGroupObjectClass().toLowerCase())) - role = new LdifGroup(this, dn, attrs); + role = newGroup(dn, attrs); else if (objectClassAttr.contains(getUserObjectClass()) || objectClassAttr.contains(getUserObjectClass().toLowerCase())) - role = new LdifUser(this, dn, attrs); + role = newUser(dn, attrs); else { // log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; @@ -130,9 +132,8 @@ public class LdapUserAdmin extends AbstractUserDirectory { // ignore (typically an unsupported anonymous bind) // TODO better logging return res; - } catch (Exception e) { - e.printStackTrace(); - throw new UserDirectoryException("Cannot get roles for filter " + f, e); + } catch (NamingException e) { + throw new IllegalStateException("Cannot get roles for filter " + f, e); } } @@ -158,8 +159,8 @@ public class LdapUserAdmin extends AbstractUserDirectory { directGroups.add(toDn(searchBase, searchResult)); } return directGroups; - } catch (Exception e) { - throw new UserDirectoryException("Cannot populate direct members of " + dn, e); + } catch (NamingException e) { + throw new IllegalStateException("Cannot populate direct members of " + dn, e); } } @@ -168,7 +169,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { try { ldapConnection.prepareChanges(wc); } catch (NamingException e) { - throw new UserDirectoryException("Cannot prepare LDAP", e); + throw new IllegalStateException("Cannot prepare LDAP", e); } } @@ -177,7 +178,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { try { ldapConnection.commitChanges(wc); } catch (NamingException e) { - throw new UserDirectoryException("Cannot commit LDAP", e); + throw new IllegalStateException("Cannot commit LDAP", e); } } @@ -186,4 +187,44 @@ public class LdapUserAdmin extends AbstractUserDirectory { // prepare not impacting } + /* + * HIERARCHY + */ + + @Override + protected Iterable doGetDirectHierarchyUnits(LdapName searchBase, boolean functionalOnly) { + List res = new ArrayList<>(); + try { + String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass + + "=" + LdapObjs.organization.name() + "))"; + + SearchControls searchControls = new SearchControls(); + searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE); + + NamingEnumeration results = ldapConnection.search(searchBase, searchFilter, searchControls); + + while (results.hasMoreElements()) { + SearchResult searchResult = (SearchResult) results.nextElement(); + LdapName dn = toDn(searchBase, searchResult); + Attributes attrs = searchResult.getAttributes(); + LdifHierarchyUnit hierarchyUnit = new LdifHierarchyUnit(this, dn, attrs); + if (hierarchyUnit.isFunctional()) + res.add(hierarchyUnit); + } + return res; + } catch (NamingException e) { + throw new IllegalStateException("Cannot get direct hierarchy units ", e); + } + } + + @Override + protected HierarchyUnit doGetHierarchyUnit(LdapName dn) { + try { + Attributes attrs = ldapConnection.getAttributes(dn); + return new LdifHierarchyUnit(this, dn, attrs); + } catch (NamingException e) { + throw new IllegalStateException("Cannot get hierarchy unit " + dn, e); + } + } + }