From 780f1fce719bb66b4e4899c2339cb49d62c07dc6 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 7 Nov 2017 12:16:41 +0100
Subject: [PATCH] Make LDAP support more robust

---
 .../src/org/argeo/naming/LdifParser.java         |  1 +
 .../src/org/argeo/naming/LdifWriter.java         |  6 +++---
 .../osgi/useradmin/AbstractUserDirectory.java    | 16 +++++++++++++---
 .../org/argeo/osgi/useradmin/LdapUserAdmin.java  | 10 ++++++++--
 .../org/argeo/osgi/useradmin/LdifUserAdmin.java  |  7 +++++--
 5 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/org.argeo.enterprise/src/org/argeo/naming/LdifParser.java b/org.argeo.enterprise/src/org/argeo/naming/LdifParser.java
index 9595b57f0..86392b345 100644
--- a/org.argeo.enterprise/src/org/argeo/naming/LdifParser.java
+++ b/org.argeo.enterprise/src/org/argeo/naming/LdifParser.java
@@ -114,6 +114,7 @@ public class LdifParser {
 					}
 
 					String attributeId = attrId.toString();
+					// TODO should we really trim the end of the string as well?
 					String cleanValueStr = currentEntry.toString().trim();
 					Object attributeValue = isBase64 ? Base64.getDecoder().decode(cleanValueStr) : cleanValueStr;
 
diff --git a/org.argeo.enterprise/src/org/argeo/naming/LdifWriter.java b/org.argeo.enterprise/src/org/argeo/naming/LdifWriter.java
index 892fa885d..6a3fea12f 100644
--- a/org.argeo.enterprise/src/org/argeo/naming/LdifWriter.java
+++ b/org.argeo.enterprise/src/org/argeo/naming/LdifWriter.java
@@ -42,7 +42,7 @@ public class LdifWriter {
 				throw new UserDirectoryException(
 						"Attribute " + nameAttr.getID() + "=" + nameAttr.get() + " not consistent with DN " + name);
 
-			writer.append(LdapAttrs.DN + ":").append(name.toString()).append('\n');
+			writer.append(LdapAttrs.DN + ": ").append(name.toString()).append('\n');
 			Attribute objectClassAttr = attributes.get("objectClass");
 			if (objectClassAttr != null)
 				writeAttribute(objectClassAttr);
@@ -69,9 +69,9 @@ public class LdifWriter {
 			Object value = attrValues.next();
 			if (value instanceof byte[]) {
 				String encoded = Base64.getEncoder().encodeToString((byte[]) value);
-				writer.append(attribute.getID()).append("::").append(encoded).append('\n');
+				writer.append(attribute.getID()).append(":: ").append(encoded).append('\n');
 			} else {
-				writer.append(attribute.getID()).append(':').append(value.toString()).append('\n');
+				writer.append(attribute.getID()).append(": ").append(value.toString()).append('\n');
 			}
 		}
 	}
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index e4b25ae81..66b6e91e2 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -1,6 +1,7 @@
 package org.argeo.osgi.useradmin;
 
 import static org.argeo.naming.LdapAttrs.objectClass;
+import static org.argeo.naming.LdapObjs.extensibleObject;
 import static org.argeo.naming.LdapObjs.inetOrgPerson;
 import static org.argeo.naming.LdapObjs.organizationalPerson;
 import static org.argeo.naming.LdapObjs.person;
@@ -18,6 +19,7 @@ import java.util.Iterator;
 import java.util.List;
 
 import javax.naming.InvalidNameException;
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
@@ -32,6 +34,7 @@ import javax.transaction.TransactionManager;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
+import org.argeo.naming.LdapObjs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -113,7 +116,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
 	protected abstract Boolean daoHasRole(LdapName dn);
 
-	protected abstract DirectoryUser daoGetRole(LdapName key);
+	protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException;
 
 	protected abstract List<DirectoryUser> doGetRoles(Filter f);
 
@@ -209,7 +212,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
 	protected DirectoryUser doGetRole(LdapName dn) {
 		UserDirectoryWorkingCopy wc = getWorkingCopy();
-		DirectoryUser user = daoGetRole(dn);
+		DirectoryUser user;
+		try {
+			user = daoGetRole(dn);
+		} catch (NameNotFoundException e) {
+			user = null;
+		}
 		if (wc != null) {
 			if (user == null && wc.getNewUsers().containsKey(dn))
 				user = wc.getNewUsers().get(dn);
@@ -313,12 +321,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		if (wc.getDeletedUsers().containsKey(dn)) {
 			wc.getDeletedUsers().remove(dn);
 			wc.getModifiedUsers().put(dn, attrs);
+			return getRole(name);
 		} else {
 			wc.getModifiedUsers().put(dn, attrs);
 			DirectoryUser newRole = newRole(dn, type, attrs);
 			wc.getNewUsers().put(dn, newRole);
+			return newRole;
 		}
-		return getRole(name);
 	}
 
 	protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) {
@@ -334,6 +343,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 				objClass.add(person.name());
 			}
 			objClass.add(top.name());
+			objClass.add(extensibleObject.name());
 			attrs.put(objClass);
 			newRole = new LdifUser(this, dn, attrs);
 		} else if (type == Role.GROUP) {
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
index 494d9c2df..cf97ebea3 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
@@ -101,11 +101,15 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 
 	@Override
 	protected Boolean daoHasRole(LdapName dn) {
-		return daoGetRole(dn) != null;
+		try {
+			return daoGetRole(dn) != null;
+		} catch (NameNotFoundException e) {
+			return false;
+		}
 	}
 
 	@Override
-	protected DirectoryUser daoGetRole(LdapName name) {
+	protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException {
 		try {
 			Attributes attrs = getLdapContext().getAttributes(name);
 			if (attrs.size() == 0)
@@ -119,6 +123,8 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 			else
 				throw new UserDirectoryException("Unsupported LDAP type for " + name);
 			return res;
+		} catch (NameNotFoundException e) {
+			throw e;
 		} catch (NamingException e) {
 			log.error("Cannot get role: " + name, e);
 			return null;
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index 3e683b611..aab96dd7a 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -18,6 +18,7 @@ import java.util.Set;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
@@ -154,14 +155,16 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 		groups = null;
 	}
 
-	protected DirectoryUser daoGetRole(LdapName key) {
+	@Override
+	protected DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException {
 		if (groups.containsKey(key))
 			return groups.get(key);
 		if (users.containsKey(key))
 			return users.get(key);
-		return null;
+		throw new NameNotFoundException(key + " not persisted");
 	}
 
+	@Override
 	protected Boolean daoHasRole(LdapName dn) {
 		return users.containsKey(dn) || groups.containsKey(dn);
 	}
-- 
2.30.2