X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Futil%2Fdirectory%2Fldap%2FAbstractLdapDirectory.java;h=71a87887b85c7fd066d0230b341a312315caa1c7;hb=e9d0731a65b0d3523906c58f987ad9610c4286b7;hp=55449a70748f3a0f7b4bf079123adc70988b4b7b;hpb=3066d79e3ced9339679672242bdf2340a03e1f29;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java index 55449a707..71a87887b 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java @@ -19,6 +19,7 @@ import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttributes; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.transaction.xa.XAResource; @@ -37,8 +38,8 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; - protected final LdapName baseDn; - protected final Hashtable configProperties; + private final LdapName baseDn; + private final Hashtable configProperties; private final Rdn userBaseRdn, groupBaseRdn, systemRoleBaseRdn; private final String userObjectClass, groupObjectClass; private String memberAttributeId = "member"; @@ -113,18 +114,22 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv disabled = Boolean.parseBoolean(disabledStr); else disabled = false; - - URI u = URI.create(uri); - if (!getRealm().isEmpty() || DirectoryConf.SCHEME_LDAP.equals(u.getScheme()) - || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) { + if (!getRealm().isEmpty()) { + // IPA multiple LDAP causes URI parsing to fail + // TODO manage generic redundant LDAP case directoryDao = new LdapDao(this); - } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) { - directoryDao = new LdifDao(this); - } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) { - directoryDao = new OsUserDirectory(this); - // singleUser = true; } else { - throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); + URI u = URI.create(uri); + if (DirectoryConf.SCHEME_LDAP.equals(u.getScheme()) || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) { + directoryDao = new LdapDao(this); + } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) { + directoryDao = new LdifDao(this); + } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) { + directoryDao = new OsUserDirectory(this); + // singleUser = true; + } else { + throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); + } } xaResource = new WorkingCopyXaResource<>(directoryDao); } @@ -249,8 +254,17 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv Object value = values.next(); LdapName groupDn = new LdapName(value.toString()); LdapEntry group = doGetRole(groupDn); - if (group != null) + if (group != null) { allRoles.add(group); + }else { + // user doesn't have the right to retrieve role, but we know it exists + // otherwise memberOf would not work + Attributes a = new BasicAttributes(); + a.put(LdapNameUtils.getLastRdn(groupDn).getType(), LdapNameUtils.getLastRdn(groupDn).getValue()); + a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name()); + group = newGroup(groupDn, a); + allRoles.add(group); + } } } catch (NamingException e) { throw new IllegalStateException("Cannot get memberOf groups for " + user, e); @@ -338,7 +352,7 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv for (int i = 0; i < segments.length; i++) { String segment = segments[i]; // TODO make attr names configurable ? - String attr = LdapAttrs.ou.name(); + String attr = path.startsWith("accounts/")/* IPA */ ? LdapAttrs.cn.name() : LdapAttrs.ou.name(); if (parentRdn != null) { if (getUserBaseRdn().equals(parentRdn)) attr = LdapAttrs.uid.name(); @@ -361,6 +375,10 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv /* * UTILITIES */ + protected boolean isExternal(LdapName name) { + return !name.startsWith(baseDn); + } + protected static boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) { return hasObjectClass(attrs, objectClass.name()); }