X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Futil%2Fdirectory%2Fldap%2FLdapDao.java;h=0f6e324ad258411a5da7f314e30283e8e1c31ffa;hb=138e686fbf65683c3c94a52f1cfbaf8e02362e19;hp=b1c0c9849a14cb6abdd5214ad239912e591d887f;hpb=4012bedd8870634488b307d2233590fb1226e5d4;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
index b1c0c9849..0f6e324ad 100644
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
@@ -27,10 +27,6 @@ import org.argeo.util.naming.LdapObjs;
 public class LdapDao extends AbstractLdapDirectoryDao {
 	private LdapConnection ldapConnection;
 
-//	public LdapUserAdmin(Dictionary<String, ?> properties) {
-//		this(properties, false);
-//	}
-
 	public LdapDao(AbstractLdapDirectory directory) {
 		super(directory);
 	}
@@ -44,31 +40,17 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 		ldapConnection.destroy();
 	}
 
-//	@Override
-//	protected AbstractUserDirectory scope(User user) {
-//		Dictionary<String, Object> credentials = user.getCredentials();
-//		String username = (String) credentials.get(SHARED_STATE_USERNAME);
-//		if (username == null)
-//			username = user.getName();
-//		Dictionary<String, Object> properties = cloneProperties();
-//		properties.put(Context.SECURITY_PRINCIPAL, username.toString());
-//		Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
-//		byte[] pwd = (byte[]) pwdCred;
-//		if (pwd != null) {
-//			char[] password = DirectoryDigestUtils.bytesToChars(pwd);
-//			properties.put(Context.SECURITY_CREDENTIALS, new String(password));
-//		} else {
-//			properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
-//		}
-//		return new LdapUserAdmin(properties, true);
-//	}
-
-//	protected InitialLdapContext getLdapContext() {
-//		return initialLdapContext;
-//	}
+	@Override
+	public boolean checkConnection() {
+		try {
+			return ldapConnection.entryExists(getDirectory().getBaseDn());
+		} catch (NamingException e) {
+			return false;
+		}
+	}
 
 	@Override
-	public Boolean entryExists(LdapName dn) {
+	public boolean entryExists(LdapName dn) {
 		try {
 			return ldapConnection.entryExists(dn);
 		} catch (NameNotFoundException e) {
@@ -93,23 +75,23 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 					attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
 					attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
 				}
-				res = newGroup(name, attrs);
+				res = newGroup(name);
 			} else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) {
 				if (attrs.size() == 0) {// exists but not accessible
 					attrs = new BasicAttributes();
 					attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
 					attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
 				}
-				res = newGroup(name, attrs);
+				res = newGroup(name);
 			} else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) {
 				if (attrs.size() == 0) {// exists but not accessible
 					attrs = new BasicAttributes();
 					attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
 					attrs.put(LdapAttrs.objectClass.name(), getDirectory().getUserObjectClass());
 				}
-				res = newUser(name, attrs);
+				res = newUser(name);
 			} else {
-				res = new DefaultLdapEntry(getDirectory(), name, attrs);
+				res = new DefaultLdapEntry(getDirectory(), name);
 			}
 			return res;
 		} catch (NameNotFoundException e) {
@@ -119,18 +101,6 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 		}
 	}
 
-//	protected boolean isGroup(LdapName dn) {
-//		Rdn technicalRdn = LdapNameUtils.getParentRdn(dn);
-//		if (getDirectory().getGroupBaseRdn().equals(technicalRdn)
-//				|| getDirectory().getSystemRoleBaseRdn().equals(technicalRdn))
-//			return true;
-//		else if (getDirectory().getUserBaseRdn().equals(technicalRdn))
-//			return false;
-//		else
-//			throw new IllegalArgumentException(
-//					"Cannot find role type, " + technicalRdn + " is not a technical RDN for " + dn);
-//	}
-
 	@Override
 	public Attributes doGetAttributes(LdapName name) {
 		try {
@@ -146,9 +116,11 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 		ArrayList<LdapEntry> res = new ArrayList<>();
 		try {
 			String searchFilter = f != null ? f.toString()
-					: "(|(" + objectClass + "=" + getDirectory().getUserObjectClass() + ")(" + objectClass + "="
-							+ getDirectory().getGroupObjectClass() + "))";
+					: "(|(" + objectClass.name() + "=" + getDirectory().getUserObjectClass() + ")(" + objectClass.name()
+							+ "=" + getDirectory().getGroupObjectClass() + "))";
 			SearchControls searchControls = new SearchControls();
+			// only attribute needed is objectClass
+			searchControls.setReturningAttributes(new String[] { objectClass.name() });
 			// FIXME make one level consistent with deep
 			searchControls.setSearchScope(deep ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
 
@@ -163,10 +135,10 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 				LdapEntry role;
 				if (objectClassAttr.contains(getDirectory().getGroupObjectClass())
 						|| objectClassAttr.contains(getDirectory().getGroupObjectClass().toLowerCase()))
-					role = newGroup(dn, attrs);
+					role = newGroup(dn);
 				else if (objectClassAttr.contains(getDirectory().getUserObjectClass())
 						|| objectClassAttr.contains(getDirectory().getUserObjectClass().toLowerCase()))
-					role = newUser(dn, attrs);
+					role = newUser(dn);
 				else {
 //					log.warn("Unsupported LDAP type for " + searchResult.getName());
 					continue results;
@@ -248,14 +220,16 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 
 			SearchControls searchControls = new SearchControls();
 			searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+			// no attributes needed
+			searchControls.setReturningAttributes(new String[0]);
 
 			NamingEnumeration<SearchResult> results = ldapConnection.search(searchBase, searchFilter, searchControls);
 
 			while (results.hasMoreElements()) {
 				SearchResult searchResult = (SearchResult) results.nextElement();
 				LdapName dn = toDn(searchBase, searchResult);
-				Attributes attrs = searchResult.getAttributes();
-				LdapHierarchyUnit hierarchyUnit = new LdapHierarchyUnit(getDirectory(), dn, attrs);
+//				Attributes attrs = searchResult.getAttributes();
+				LdapHierarchyUnit hierarchyUnit = new LdapHierarchyUnit(getDirectory(), dn);
 				if (functionalOnly) {
 					if (hierarchyUnit.isFunctional())
 						res.add(hierarchyUnit);
@@ -276,8 +250,9 @@ public class LdapDao extends AbstractLdapDirectoryDao {
 				return getDirectory();
 			if (!dn.startsWith(getDirectory().getBaseDn()))
 				throw new IllegalArgumentException(dn + " does not start with base DN " + getDirectory().getBaseDn());
-			Attributes attrs = ldapConnection.getAttributes(dn);
-			return new LdapHierarchyUnit(getDirectory(), dn, attrs);
+			if (!ldapConnection.entryExists(dn))
+				return null;
+			return new LdapHierarchyUnit(getDirectory(), dn);
 		} catch (NameNotFoundException e) {
 			return null;
 		} catch (NamingException e) {