X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Futil%2Fdirectory%2Fldap%2FLdapDao.java;h=fac7dd1acf582bb47d7b080bdf70fb8f9cf09b8c;hb=9c8e52bcbb2a583f8e83c6390b960e9d9edefd53;hp=a2d9e7fc3bbc0c33fbb4cadaff5cbcbdd06349d7;hpb=dc27b57704278684e72efcaf72b01c5b91df39f8;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java index a2d9e7fc3..fac7dd1ac 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java @@ -13,12 +13,14 @@ import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttributes; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import org.argeo.util.directory.HierarchyUnit; +import org.argeo.util.naming.LdapAttrs; import org.argeo.util.naming.LdapObjs; /** A user admin based on a LDAP server. */ @@ -35,7 +37,7 @@ public class LdapDao extends AbstractLdapDirectoryDao { @Override public void init() { - ldapConnection = new LdapConnection(getDirectory().getUri().toString(), getDirectory().getProperties()); + ldapConnection = new LdapConnection(getDirectory().getUri().toString(), getDirectory().cloneConfigProperties()); } public void destroy() { @@ -66,46 +68,77 @@ public class LdapDao extends AbstractLdapDirectoryDao { // } @Override - public Boolean daoHasEntry(LdapName dn) { + public Boolean entryExists(LdapName dn) { try { - return daoGetEntry(dn) != null; + return ldapConnection.entryExists(dn); } catch (NameNotFoundException e) { return false; + } catch (NamingException e) { + throw new IllegalStateException("Cannot check " + dn, e); } } @Override - public LdapEntry daoGetEntry(LdapName name) throws NameNotFoundException { + public LdapEntry doGetEntry(LdapName name) throws NameNotFoundException { +// if (!entryExists(name)) +// throw new NameNotFoundException(name + " was not found in " + getDirectory().getBaseDn()); try { Attributes attrs = ldapConnection.getAttributes(name); - if (attrs.size() == 0) - return null; -// int roleType = roleType(name); + LdapEntry res; - if (isGroup(name)) + Rdn technicalRdn = LdapNameUtils.getParentRdn(name); + if (getDirectory().getGroupBaseRdn().equals(technicalRdn)) { + if (attrs.size() == 0) {// exists but not accessible + attrs = new BasicAttributes(); + attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name()); + attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass()); + } + res = newGroup(name, attrs); + } else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) { + if (attrs.size() == 0) {// exists but not accessible + attrs = new BasicAttributes(); + attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name()); + attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass()); + } res = newGroup(name, attrs); - else + } else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) { + if (attrs.size() == 0) {// exists but not accessible + attrs = new BasicAttributes(); + attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name()); + attrs.put(LdapAttrs.objectClass.name(), getDirectory().getUserObjectClass()); + } res = newUser(name, attrs); -// else -// throw new IllegalArgumentException("Unsupported LDAP type for " + name); + } else { + res = new DefaultLdapEntry(getDirectory(), name, attrs); + } return res; } catch (NameNotFoundException e) { throw e; } catch (NamingException e) { - return null; + throw new IllegalStateException("Cannot retrieve entry " + name, e); } } - protected boolean isGroup(LdapName dn) { - Rdn technicalRdn = LdapNameUtils.getParentRdn(dn); - if (getDirectory().getGroupBaseRdn().equals(technicalRdn) - || getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) - return true; - else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) - return false; - else - throw new IllegalArgumentException( - "Cannot dind role type, " + technicalRdn + " is not a technical RDN for " + dn); +// protected boolean isGroup(LdapName dn) { +// Rdn technicalRdn = LdapNameUtils.getParentRdn(dn); +// if (getDirectory().getGroupBaseRdn().equals(technicalRdn) +// || getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) +// return true; +// else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) +// return false; +// else +// throw new IllegalArgumentException( +// "Cannot find role type, " + technicalRdn + " is not a technical RDN for " + dn); +// } + + @Override + public Attributes doGetAttributes(LdapName name) { + try { + Attributes attrs = ldapConnection.getAttributes(name); + return attrs; + } catch (NamingException e) { + throw new IllegalStateException("Cannot get attributes for " + name); + } } @Override @@ -210,6 +243,8 @@ public class LdapDao extends AbstractLdapDirectoryDao { try { String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass + "=" + LdapObjs.organization.name() + "))"; +// String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass +// + "=" + LdapObjs.organization.name() + ")(cn=accounts)(cn=users)(cn=groups))"; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE); @@ -237,6 +272,10 @@ public class LdapDao extends AbstractLdapDirectoryDao { @Override public HierarchyUnit doGetHierarchyUnit(LdapName dn) { try { + if (getDirectory().getBaseDn().equals(dn)) + return getDirectory(); + if (!dn.startsWith(getDirectory().getBaseDn())) + throw new IllegalArgumentException(dn + " does not start with base DN " + getDirectory().getBaseDn()); Attributes attrs = ldapConnection.getAttributes(dn); return new LdapHierarchyUnit(getDirectory(), dn, attrs); } catch (NamingException e) {