--- /dev/null
+package org.argeo.api.acr.ldap;
+
+import static org.argeo.api.acr.ArgeoNamespace.LDAP_DEFAULT_PREFIX;
+import static org.argeo.api.acr.ArgeoNamespace.LDAP_NAMESPACE_URI;
+
+import javax.xml.namespace.QName;
+
+import org.argeo.api.acr.ContentName;
+import org.argeo.api.acr.QNamed;
+import org.argeo.api.acr.RuntimeNamespaceContext;
+
+/**
+ * Standard LDAP attributes as per:<br>
+ * - <a href= "https://www.ldap.com/ldap-oid-reference">Standard LDAP</a><br>
+ * - <a href=
+ * "https://github.com/krb5/krb5/blob/master/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema">Kerberos
+ * LDAP (partial)</a>
+ */
+public enum LdapAttr implements QNamed, SpecifiedName {
+ /** */
+ uid("0.9.2342.19200300.100.1.1", "RFC 4519"),
+ /** */
+ mail("0.9.2342.19200300.100.1.3", "RFC 4524"),
+ /** */
+ info("0.9.2342.19200300.100.1.4", "RFC 4524"),
+ /** */
+ drink("0.9.2342.19200300.100.1.5", "RFC 4524"),
+ /** */
+ roomNumber("0.9.2342.19200300.100.1.6", "RFC 4524"),
+ /** */
+ photo("0.9.2342.19200300.100.1.7", "RFC 2798"),
+ /** */
+ userClass("0.9.2342.19200300.100.1.8", "RFC 4524"),
+ /** */
+ host("0.9.2342.19200300.100.1.9", "RFC 4524"),
+ /** */
+ manager("0.9.2342.19200300.100.1.10", "RFC 4524"),
+ /** */
+ documentIdentifier("0.9.2342.19200300.100.1.11", "RFC 4524"),
+ /** */
+ documentTitle("0.9.2342.19200300.100.1.12", "RFC 4524"),
+ /** */
+ documentVersion("0.9.2342.19200300.100.1.13", "RFC 4524"),
+ /** */
+ documentAuthor("0.9.2342.19200300.100.1.14", "RFC 4524"),
+ /** */
+ documentLocation("0.9.2342.19200300.100.1.15", "RFC 4524"),
+ /** */
+ homePhone("0.9.2342.19200300.100.1.20", "RFC 4524"),
+ /** */
+ secretary("0.9.2342.19200300.100.1.21", "RFC 4524"),
+ /** */
+ dc("0.9.2342.19200300.100.1.25", "RFC 4519"),
+ /** */
+ associatedDomain("0.9.2342.19200300.100.1.37", "RFC 4524"),
+ /** */
+ associatedName("0.9.2342.19200300.100.1.38", "RFC 4524"),
+ /** */
+ homePostalAddress("0.9.2342.19200300.100.1.39", "RFC 4524"),
+ /** */
+ personalTitle("0.9.2342.19200300.100.1.40", "RFC 4524"),
+ /** */
+ mobile("0.9.2342.19200300.100.1.41", "RFC 4524"),
+ /** */
+ pager("0.9.2342.19200300.100.1.42", "RFC 4524"),
+ /** */
+ co("0.9.2342.19200300.100.1.43", "RFC 4524"),
+ /** */
+ uniqueIdentifier("0.9.2342.19200300.100.1.44", "RFC 4524"),
+ /** */
+ organizationalStatus("0.9.2342.19200300.100.1.45", "RFC 4524"),
+ /** */
+ buildingName("0.9.2342.19200300.100.1.48", "RFC 4524"),
+ /** */
+ audio("0.9.2342.19200300.100.1.55", "RFC 2798"),
+ /** */
+ documentPublisher("0.9.2342.19200300.100.1.56", "RFC 4524"),
+ /** */
+ jpegPhoto("0.9.2342.19200300.100.1.60", "RFC 2798"),
+ /** */
+ vendorName("1.3.6.1.1.4", "RFC 3045"),
+ /** */
+ vendorVersion("1.3.6.1.1.5", "RFC 3045"),
+ /** */
+ entryUUID("1.3.6.1.1.16.4", "RFC 4530"),
+ /** */
+ entryDN("1.3.6.1.1.20", "RFC 5020"),
+ /** */
+ labeledURI("1.3.6.1.4.1.250.1.57", "RFC 2798"),
+ /** */
+ numSubordinates("1.3.6.1.4.1.453.16.2.103", "draft-ietf-boreham-numsubordinates"),
+ /** */
+ namingContexts("1.3.6.1.4.1.1466.101.120.5", "RFC 4512"),
+ /** */
+ altServer("1.3.6.1.4.1.1466.101.120.6", "RFC 4512"),
+ /** */
+ supportedExtension("1.3.6.1.4.1.1466.101.120.7", "RFC 4512"),
+ /** */
+ supportedControl("1.3.6.1.4.1.1466.101.120.13", "RFC 4512"),
+ /** */
+ supportedSASLMechanisms("1.3.6.1.4.1.1466.101.120.14", "RFC 4512"),
+ /** */
+ supportedLDAPVersion("1.3.6.1.4.1.1466.101.120.15", "RFC 4512"),
+ /** */
+ ldapSyntaxes("1.3.6.1.4.1.1466.101.120.16", "RFC 4512"),
+ /** */
+ supportedAuthPasswordSchemes("1.3.6.1.4.1.4203.1.3.3", "RFC 3112"),
+ /** */
+ authPassword("1.3.6.1.4.1.4203.1.3.4", "RFC 3112"),
+ /** */
+ supportedFeatures("1.3.6.1.4.1.4203.1.3.5", "RFC 4512"),
+ /** */
+ inheritable("1.3.6.1.4.1.7628.5.4.1", "draft-ietf-ldup-subentry"),
+ /** */
+ blockInheritance("1.3.6.1.4.1.7628.5.4.2", "draft-ietf-ldup-subentry"),
+ /** */
+ objectClass("2.5.4.0", "RFC 4512"),
+ /** */
+ aliasedObjectName("2.5.4.1", "RFC 4512"),
+ /** */
+ cn("2.5.4.3", "RFC 4519"),
+ /** */
+ sn("2.5.4.4", "RFC 4519"),
+ /** */
+ serialNumber("2.5.4.5", "RFC 4519"),
+ /** */
+ c("2.5.4.6", "RFC 4519"),
+ /** */
+ l("2.5.4.7", "RFC 4519"),
+ /** */
+ st("2.5.4.8", "RFC 4519"),
+ /** */
+ street("2.5.4.9", "RFC 4519"),
+ /** */
+ o("2.5.4.10", "RFC 4519"),
+ /** */
+ ou("2.5.4.11", "RFC 4519"),
+ /** */
+ title("2.5.4.12", "RFC 4519"),
+ /** */
+ description("2.5.4.13", "RFC 4519"),
+ /** */
+ searchGuide("2.5.4.14", "RFC 4519"),
+ /** */
+ businessCategory("2.5.4.15", "RFC 4519"),
+ /** */
+ postalAddress("2.5.4.16", "RFC 4519"),
+ /** */
+ postalCode("2.5.4.17", "RFC 4519"),
+ /** */
+ postOfficeBox("2.5.4.18", "RFC 4519"),
+ /** */
+ physicalDeliveryOfficeName("2.5.4.19", "RFC 4519"),
+ /** */
+ telephoneNumber("2.5.4.20", "RFC 4519"),
+ /** */
+ telexNumber("2.5.4.21", "RFC 4519"),
+ /** */
+ teletexTerminalIdentifier("2.5.4.22", "RFC 4519"),
+ /** */
+ facsimileTelephoneNumber("2.5.4.23", "RFC 4519"),
+ /** */
+ x121Address("2.5.4.24", "RFC 4519"),
+ /** */
+ internationalISDNNumber("2.5.4.25", "RFC 4519"),
+ /** */
+ registeredAddress("2.5.4.26", "RFC 4519"),
+ /** */
+ destinationIndicator("2.5.4.27", "RFC 4519"),
+ /** */
+ preferredDeliveryMethod("2.5.4.28", "RFC 4519"),
+ /** */
+ member("2.5.4.31", "RFC 4519"),
+ /** */
+ owner("2.5.4.32", "RFC 4519"),
+ /** */
+ roleOccupant("2.5.4.33", "RFC 4519"),
+ /** */
+ seeAlso("2.5.4.34", "RFC 4519"),
+ /** */
+ userPassword("2.5.4.35", "RFC 4519"),
+ /** */
+ userCertificate("2.5.4.36", "RFC 4523"),
+ /** */
+ cACertificate("2.5.4.37", "RFC 4523"),
+ /** */
+ authorityRevocationList("2.5.4.38", "RFC 4523"),
+ /** */
+ certificateRevocationList("2.5.4.39", "RFC 4523"),
+ /** */
+ crossCertificatePair("2.5.4.40", "RFC 4523"),
+ /** */
+ name("2.5.4.41", "RFC 4519"),
+ /** */
+ givenName("2.5.4.42", "RFC 4519"),
+ /** */
+ initials("2.5.4.43", "RFC 4519"),
+ /** */
+ generationQualifier("2.5.4.44", "RFC 4519"),
+ /** */
+ x500UniqueIdentifier("2.5.4.45", "RFC 4519"),
+ /** */
+ dnQualifier("2.5.4.46", "RFC 4519"),
+ /** */
+ enhancedSearchGuide("2.5.4.47", "RFC 4519"),
+ /** */
+ distinguishedName("2.5.4.49", "RFC 4519"),
+ /** */
+ uniqueMember("2.5.4.50", "RFC 4519"),
+ /** */
+ houseIdentifier("2.5.4.51", "RFC 4519"),
+ /** */
+ supportedAlgorithms("2.5.4.52", "RFC 4523"),
+ /** */
+ deltaRevocationList("2.5.4.53", "RFC 4523"),
+ /** */
+ createTimestamp("2.5.18.1", "RFC 4512"),
+ /** */
+ modifyTimestamp("2.5.18.2", "RFC 4512"),
+ /** */
+ creatorsName("2.5.18.3", "RFC 4512"),
+ /** */
+ modifiersName("2.5.18.4", "RFC 4512"),
+ /** */
+ subschemaSubentry("2.5.18.10", "RFC 4512"),
+ /** */
+ dITStructureRules("2.5.21.1", "RFC 4512"),
+ /** */
+ dITContentRules("2.5.21.2", "RFC 4512"),
+ /** */
+ matchingRules("2.5.21.4", "RFC 4512"),
+ /** */
+ attributeTypes("2.5.21.5", "RFC 4512"),
+ /** */
+ objectClasses("2.5.21.6", "RFC 4512"),
+ /** */
+ nameForms("2.5.21.7", "RFC 4512"),
+ /** */
+ matchingRuleUse("2.5.21.8", "RFC 4512"),
+ /** */
+ structuralObjectClass("2.5.21.9", "RFC 4512"),
+ /** */
+ governingStructureRule("2.5.21.10", "RFC 4512"),
+ /** */
+ carLicense("2.16.840.1.113730.3.1.1", "RFC 2798"),
+ /** */
+ departmentNumber("2.16.840.1.113730.3.1.2", "RFC 2798"),
+ /** */
+ employeeNumber("2.16.840.1.113730.3.1.3", "RFC 2798"),
+ /** */
+ employeeType("2.16.840.1.113730.3.1.4", "RFC 2798"),
+ /** */
+ changeNumber("2.16.840.1.113730.3.1.5", "draft-good-ldap-changelog"),
+ /** */
+ targetDN("2.16.840.1.113730.3.1.6", "draft-good-ldap-changelog"),
+ /** */
+ changeType("2.16.840.1.113730.3.1.7", "draft-good-ldap-changelog"),
+ /** */
+ changes("2.16.840.1.113730.3.1.8", "draft-good-ldap-changelog"),
+ /** */
+ newRDN("2.16.840.1.113730.3.1.9", "draft-good-ldap-changelog"),
+ /** */
+ deleteOldRDN("2.16.840.1.113730.3.1.10", "draft-good-ldap-changelog"),
+ /** */
+ newSuperior("2.16.840.1.113730.3.1.11", "draft-good-ldap-changelog"),
+ /** */
+ ref("2.16.840.1.113730.3.1.34", "RFC 3296"),
+ /** */
+ changelog("2.16.840.1.113730.3.1.35", "draft-good-ldap-changelog"),
+ /** */
+ preferredLanguage("2.16.840.1.113730.3.1.39", "RFC 2798"),
+ /** */
+ userSMIMECertificate("2.16.840.1.113730.3.1.40", "RFC 2798"),
+ /** */
+ userPKCS12("2.16.840.1.113730.3.1.216", "RFC 2798"),
+ /** */
+ displayName("2.16.840.1.113730.3.1.241", "RFC 2798"),
+
+ // Sun memberOf
+ memberOf("1.2.840.113556.1.2.102", "389 DS memberOf"),
+
+ // KERBEROS (partial)
+ krbPrincipalName("2.16.840.1.113719.1.301.6.8.1", "Novell Kerberos Schema Definitions"),
+
+ // RFC 2985 and RFC 3039 (partial)
+ dateOfBirth("1.3.6.1.5.5.7.9.1", "RFC 2985"),
+ /** */
+ placeOfBirth("1.3.6.1.5.5.7.9.2", "RFC 2985"),
+ /** */
+ gender("1.3.6.1.5.5.7.9.3", "RFC 2985"),
+ /** */
+ countryOfCitizenship("1.3.6.1.5.5.7.9.4", "RFC 2985"),
+ /** */
+ countryOfResidence("1.3.6.1.5.5.7.9.5", "RFC 2985"),
+
+ // RFC 2307bis (partial)
+ /** */
+ uidNumber("1.3.6.1.1.1.1.0", "RFC 2307bis"),
+ /** */
+ gidNumber("1.3.6.1.1.1.1.1", "RFC 2307bis"),
+ /** */
+ homeDirectory("1.3.6.1.1.1.1.3", "RFC 2307bis"),
+ /** */
+ loginShell("1.3.6.1.1.1.1.4", "RFC 2307bis"),
+ /** */
+ memberUid("1.3.6.1.1.1.1.12", "RFC 2307bis"),
+
+ //
+ ;
+
+ public final static String DN = "dn";
+
+ private final String oid, spec;
+ private final QName value;
+
+ LdapAttr(String oid, String spec) {
+ this.oid = oid;
+ this.spec = spec;
+ this.value = new ContentName(LDAP_NAMESPACE_URI, name());
+ }
+
+ public QName qName() {
+ return value;
+ }
+
+ @Override
+ public String getID() {
+ return oid;
+ }
+
+ @Override
+ public String getSpec() {
+ return spec;
+ }
+
+ @Deprecated
+ public String property() {
+ return get();
+ }
+
+ @Deprecated
+ public String qualified() {
+ return get();
+ }
+
+ /** @deprecated use {@link #qName()} instead. */
+ @Deprecated
+ public String get() {
+ return RuntimeNamespaceContext.getNamespaceContext().getPrefix(LDAP_NAMESPACE_URI) + ":" + name();
+ }
+
+ @Override
+ public final String toString() {
+ // must return the name
+ return name();
+ }
+
+ @Override
+ public String getNamespace() {
+ return LDAP_NAMESPACE_URI;
+ }
+
+ @Override
+ public String getDefaultPrefix() {
+ return LDAP_DEFAULT_PREFIX;
+ }
+
+}
+++ /dev/null
-package org.argeo.api.acr.ldap;
-
-import static org.argeo.api.acr.ArgeoNamespace.LDAP_DEFAULT_PREFIX;
-import static org.argeo.api.acr.ArgeoNamespace.LDAP_NAMESPACE_URI;
-
-import java.util.function.Supplier;
-
-import javax.xml.namespace.QName;
-
-import org.argeo.api.acr.ContentName;
-import org.argeo.api.acr.QNamed;
-import org.argeo.api.acr.RuntimeNamespaceContext;
-
-/**
- * Standard LDAP attributes as per:<br>
- * - <a href= "https://www.ldap.com/ldap-oid-reference">Standard LDAP</a><br>
- * - <a href=
- * "https://github.com/krb5/krb5/blob/master/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema">Kerberos
- * LDAP (partial)</a>
- */
-public enum LdapAttrs implements QNamed, SpecifiedName, Supplier<String> {
- /** */
- uid("0.9.2342.19200300.100.1.1", "RFC 4519"),
- /** */
- mail("0.9.2342.19200300.100.1.3", "RFC 4524"),
- /** */
- info("0.9.2342.19200300.100.1.4", "RFC 4524"),
- /** */
- drink("0.9.2342.19200300.100.1.5", "RFC 4524"),
- /** */
- roomNumber("0.9.2342.19200300.100.1.6", "RFC 4524"),
- /** */
- photo("0.9.2342.19200300.100.1.7", "RFC 2798"),
- /** */
- userClass("0.9.2342.19200300.100.1.8", "RFC 4524"),
- /** */
- host("0.9.2342.19200300.100.1.9", "RFC 4524"),
- /** */
- manager("0.9.2342.19200300.100.1.10", "RFC 4524"),
- /** */
- documentIdentifier("0.9.2342.19200300.100.1.11", "RFC 4524"),
- /** */
- documentTitle("0.9.2342.19200300.100.1.12", "RFC 4524"),
- /** */
- documentVersion("0.9.2342.19200300.100.1.13", "RFC 4524"),
- /** */
- documentAuthor("0.9.2342.19200300.100.1.14", "RFC 4524"),
- /** */
- documentLocation("0.9.2342.19200300.100.1.15", "RFC 4524"),
- /** */
- homePhone("0.9.2342.19200300.100.1.20", "RFC 4524"),
- /** */
- secretary("0.9.2342.19200300.100.1.21", "RFC 4524"),
- /** */
- dc("0.9.2342.19200300.100.1.25", "RFC 4519"),
- /** */
- associatedDomain("0.9.2342.19200300.100.1.37", "RFC 4524"),
- /** */
- associatedName("0.9.2342.19200300.100.1.38", "RFC 4524"),
- /** */
- homePostalAddress("0.9.2342.19200300.100.1.39", "RFC 4524"),
- /** */
- personalTitle("0.9.2342.19200300.100.1.40", "RFC 4524"),
- /** */
- mobile("0.9.2342.19200300.100.1.41", "RFC 4524"),
- /** */
- pager("0.9.2342.19200300.100.1.42", "RFC 4524"),
- /** */
- co("0.9.2342.19200300.100.1.43", "RFC 4524"),
- /** */
- uniqueIdentifier("0.9.2342.19200300.100.1.44", "RFC 4524"),
- /** */
- organizationalStatus("0.9.2342.19200300.100.1.45", "RFC 4524"),
- /** */
- buildingName("0.9.2342.19200300.100.1.48", "RFC 4524"),
- /** */
- audio("0.9.2342.19200300.100.1.55", "RFC 2798"),
- /** */
- documentPublisher("0.9.2342.19200300.100.1.56", "RFC 4524"),
- /** */
- jpegPhoto("0.9.2342.19200300.100.1.60", "RFC 2798"),
- /** */
- vendorName("1.3.6.1.1.4", "RFC 3045"),
- /** */
- vendorVersion("1.3.6.1.1.5", "RFC 3045"),
- /** */
- entryUUID("1.3.6.1.1.16.4", "RFC 4530"),
- /** */
- entryDN("1.3.6.1.1.20", "RFC 5020"),
- /** */
- labeledURI("1.3.6.1.4.1.250.1.57", "RFC 2798"),
- /** */
- numSubordinates("1.3.6.1.4.1.453.16.2.103", "draft-ietf-boreham-numsubordinates"),
- /** */
- namingContexts("1.3.6.1.4.1.1466.101.120.5", "RFC 4512"),
- /** */
- altServer("1.3.6.1.4.1.1466.101.120.6", "RFC 4512"),
- /** */
- supportedExtension("1.3.6.1.4.1.1466.101.120.7", "RFC 4512"),
- /** */
- supportedControl("1.3.6.1.4.1.1466.101.120.13", "RFC 4512"),
- /** */
- supportedSASLMechanisms("1.3.6.1.4.1.1466.101.120.14", "RFC 4512"),
- /** */
- supportedLDAPVersion("1.3.6.1.4.1.1466.101.120.15", "RFC 4512"),
- /** */
- ldapSyntaxes("1.3.6.1.4.1.1466.101.120.16", "RFC 4512"),
- /** */
- supportedAuthPasswordSchemes("1.3.6.1.4.1.4203.1.3.3", "RFC 3112"),
- /** */
- authPassword("1.3.6.1.4.1.4203.1.3.4", "RFC 3112"),
- /** */
- supportedFeatures("1.3.6.1.4.1.4203.1.3.5", "RFC 4512"),
- /** */
- inheritable("1.3.6.1.4.1.7628.5.4.1", "draft-ietf-ldup-subentry"),
- /** */
- blockInheritance("1.3.6.1.4.1.7628.5.4.2", "draft-ietf-ldup-subentry"),
- /** */
- objectClass("2.5.4.0", "RFC 4512"),
- /** */
- aliasedObjectName("2.5.4.1", "RFC 4512"),
- /** */
- cn("2.5.4.3", "RFC 4519"),
- /** */
- sn("2.5.4.4", "RFC 4519"),
- /** */
- serialNumber("2.5.4.5", "RFC 4519"),
- /** */
- c("2.5.4.6", "RFC 4519"),
- /** */
- l("2.5.4.7", "RFC 4519"),
- /** */
- st("2.5.4.8", "RFC 4519"),
- /** */
- street("2.5.4.9", "RFC 4519"),
- /** */
- o("2.5.4.10", "RFC 4519"),
- /** */
- ou("2.5.4.11", "RFC 4519"),
- /** */
- title("2.5.4.12", "RFC 4519"),
- /** */
- description("2.5.4.13", "RFC 4519"),
- /** */
- searchGuide("2.5.4.14", "RFC 4519"),
- /** */
- businessCategory("2.5.4.15", "RFC 4519"),
- /** */
- postalAddress("2.5.4.16", "RFC 4519"),
- /** */
- postalCode("2.5.4.17", "RFC 4519"),
- /** */
- postOfficeBox("2.5.4.18", "RFC 4519"),
- /** */
- physicalDeliveryOfficeName("2.5.4.19", "RFC 4519"),
- /** */
- telephoneNumber("2.5.4.20", "RFC 4519"),
- /** */
- telexNumber("2.5.4.21", "RFC 4519"),
- /** */
- teletexTerminalIdentifier("2.5.4.22", "RFC 4519"),
- /** */
- facsimileTelephoneNumber("2.5.4.23", "RFC 4519"),
- /** */
- x121Address("2.5.4.24", "RFC 4519"),
- /** */
- internationalISDNNumber("2.5.4.25", "RFC 4519"),
- /** */
- registeredAddress("2.5.4.26", "RFC 4519"),
- /** */
- destinationIndicator("2.5.4.27", "RFC 4519"),
- /** */
- preferredDeliveryMethod("2.5.4.28", "RFC 4519"),
- /** */
- member("2.5.4.31", "RFC 4519"),
- /** */
- owner("2.5.4.32", "RFC 4519"),
- /** */
- roleOccupant("2.5.4.33", "RFC 4519"),
- /** */
- seeAlso("2.5.4.34", "RFC 4519"),
- /** */
- userPassword("2.5.4.35", "RFC 4519"),
- /** */
- userCertificate("2.5.4.36", "RFC 4523"),
- /** */
- cACertificate("2.5.4.37", "RFC 4523"),
- /** */
- authorityRevocationList("2.5.4.38", "RFC 4523"),
- /** */
- certificateRevocationList("2.5.4.39", "RFC 4523"),
- /** */
- crossCertificatePair("2.5.4.40", "RFC 4523"),
- /** */
- name("2.5.4.41", "RFC 4519"),
- /** */
- givenName("2.5.4.42", "RFC 4519"),
- /** */
- initials("2.5.4.43", "RFC 4519"),
- /** */
- generationQualifier("2.5.4.44", "RFC 4519"),
- /** */
- x500UniqueIdentifier("2.5.4.45", "RFC 4519"),
- /** */
- dnQualifier("2.5.4.46", "RFC 4519"),
- /** */
- enhancedSearchGuide("2.5.4.47", "RFC 4519"),
- /** */
- distinguishedName("2.5.4.49", "RFC 4519"),
- /** */
- uniqueMember("2.5.4.50", "RFC 4519"),
- /** */
- houseIdentifier("2.5.4.51", "RFC 4519"),
- /** */
- supportedAlgorithms("2.5.4.52", "RFC 4523"),
- /** */
- deltaRevocationList("2.5.4.53", "RFC 4523"),
- /** */
- createTimestamp("2.5.18.1", "RFC 4512"),
- /** */
- modifyTimestamp("2.5.18.2", "RFC 4512"),
- /** */
- creatorsName("2.5.18.3", "RFC 4512"),
- /** */
- modifiersName("2.5.18.4", "RFC 4512"),
- /** */
- subschemaSubentry("2.5.18.10", "RFC 4512"),
- /** */
- dITStructureRules("2.5.21.1", "RFC 4512"),
- /** */
- dITContentRules("2.5.21.2", "RFC 4512"),
- /** */
- matchingRules("2.5.21.4", "RFC 4512"),
- /** */
- attributeTypes("2.5.21.5", "RFC 4512"),
- /** */
- objectClasses("2.5.21.6", "RFC 4512"),
- /** */
- nameForms("2.5.21.7", "RFC 4512"),
- /** */
- matchingRuleUse("2.5.21.8", "RFC 4512"),
- /** */
- structuralObjectClass("2.5.21.9", "RFC 4512"),
- /** */
- governingStructureRule("2.5.21.10", "RFC 4512"),
- /** */
- carLicense("2.16.840.1.113730.3.1.1", "RFC 2798"),
- /** */
- departmentNumber("2.16.840.1.113730.3.1.2", "RFC 2798"),
- /** */
- employeeNumber("2.16.840.1.113730.3.1.3", "RFC 2798"),
- /** */
- employeeType("2.16.840.1.113730.3.1.4", "RFC 2798"),
- /** */
- changeNumber("2.16.840.1.113730.3.1.5", "draft-good-ldap-changelog"),
- /** */
- targetDN("2.16.840.1.113730.3.1.6", "draft-good-ldap-changelog"),
- /** */
- changeType("2.16.840.1.113730.3.1.7", "draft-good-ldap-changelog"),
- /** */
- changes("2.16.840.1.113730.3.1.8", "draft-good-ldap-changelog"),
- /** */
- newRDN("2.16.840.1.113730.3.1.9", "draft-good-ldap-changelog"),
- /** */
- deleteOldRDN("2.16.840.1.113730.3.1.10", "draft-good-ldap-changelog"),
- /** */
- newSuperior("2.16.840.1.113730.3.1.11", "draft-good-ldap-changelog"),
- /** */
- ref("2.16.840.1.113730.3.1.34", "RFC 3296"),
- /** */
- changelog("2.16.840.1.113730.3.1.35", "draft-good-ldap-changelog"),
- /** */
- preferredLanguage("2.16.840.1.113730.3.1.39", "RFC 2798"),
- /** */
- userSMIMECertificate("2.16.840.1.113730.3.1.40", "RFC 2798"),
- /** */
- userPKCS12("2.16.840.1.113730.3.1.216", "RFC 2798"),
- /** */
- displayName("2.16.840.1.113730.3.1.241", "RFC 2798"),
-
- // Sun memberOf
- memberOf("1.2.840.113556.1.2.102", "389 DS memberOf"),
-
- // KERBEROS (partial)
- krbPrincipalName("2.16.840.1.113719.1.301.6.8.1", "Novell Kerberos Schema Definitions"),
-
- // RFC 2985 and RFC 3039 (partial)
- dateOfBirth("1.3.6.1.5.5.7.9.1", "RFC 2985"),
- /** */
- placeOfBirth("1.3.6.1.5.5.7.9.2", "RFC 2985"),
- /** */
- gender("1.3.6.1.5.5.7.9.3", "RFC 2985"),
- /** */
- countryOfCitizenship("1.3.6.1.5.5.7.9.4", "RFC 2985"),
- /** */
- countryOfResidence("1.3.6.1.5.5.7.9.5", "RFC 2985"),
-
- // RFC 2307bis (partial)
- /** */
- uidNumber("1.3.6.1.1.1.1.0", "RFC 2307bis"),
- /** */
- gidNumber("1.3.6.1.1.1.1.1", "RFC 2307bis"),
- /** */
- homeDirectory("1.3.6.1.1.1.1.3", "RFC 2307bis"),
- /** */
- loginShell("1.3.6.1.1.1.1.4", "RFC 2307bis"),
- /** */
- memberUid("1.3.6.1.1.1.1.12", "RFC 2307bis"),
-
- //
- ;
-
- public final static String DN = "dn";
-
- private final String oid, spec;
- private final QName value;
-
- LdapAttrs(String oid, String spec) {
- this.oid = oid;
- this.spec = spec;
- this.value = new ContentName(LDAP_NAMESPACE_URI, name());
- }
-
- public QName qName() {
- return value;
- }
-
- @Override
- public String getID() {
- return oid;
- }
-
- @Override
- public String getSpec() {
- return spec;
- }
-
- @Deprecated
- public String property() {
- return get();
- }
-
- @Deprecated
- public String qualified() {
- return get();
- }
-
- @Override
- public String get() {
- return RuntimeNamespaceContext.getNamespaceContext().getPrefix(LDAP_NAMESPACE_URI) + ":" + name();
- }
-
- @Override
- public final String toString() {
- // must return the name
- return name();
- }
-
- @Override
- public String getNamespace() {
- return LDAP_NAMESPACE_URI;
- }
-
- @Override
- public String getDefaultPrefix() {
- return LDAP_DEFAULT_PREFIX;
- }
-
-}
--- /dev/null
+package org.argeo.api.acr.ldap;
+
+import static org.argeo.api.acr.ArgeoNamespace.LDAP_DEFAULT_PREFIX;
+import static org.argeo.api.acr.ArgeoNamespace.LDAP_NAMESPACE_URI;
+
+import javax.xml.namespace.QName;
+
+import org.argeo.api.acr.ArgeoNamespace;
+import org.argeo.api.acr.ContentName;
+import org.argeo.api.acr.QNamed;
+import org.argeo.api.acr.RuntimeNamespaceContext;
+
+/**
+ * Standard LDAP object classes as per
+ * <a href="https://www.ldap.com/ldap-oid-reference">https://www.ldap.com/ldap-
+ * oid-reference</a>
+ */
+public enum LdapObj implements QNamed, SpecifiedName {
+ account("0.9.2342.19200300.100.4.5", "RFC 4524"),
+ /** */
+ document("0.9.2342.19200300.100.4.6", "RFC 4524"),
+ /** */
+ room("0.9.2342.19200300.100.4.7", "RFC 4524"),
+ /** */
+ documentSeries("0.9.2342.19200300.100.4.9", "RFC 4524"),
+ /** */
+ domain("0.9.2342.19200300.100.4.13", "RFC 4524"),
+ /** */
+ rFC822localPart("0.9.2342.19200300.100.4.14", "RFC 4524"),
+ /** */
+ domainRelatedObject("0.9.2342.19200300.100.4.17", "RFC 4524"),
+ /** */
+ friendlyCountry("0.9.2342.19200300.100.4.18", "RFC 4524"),
+ /** */
+ simpleSecurityObject("0.9.2342.19200300.100.4.19", "RFC 4524"),
+ /** */
+ uidObject("1.3.6.1.1.3.1", "RFC 4519"),
+ /** */
+ extensibleObject("1.3.6.1.4.1.1466.101.120.111", "RFC 4512"),
+ /** */
+ dcObject("1.3.6.1.4.1.1466.344", "RFC 4519"),
+ /** */
+ authPasswordObject("1.3.6.1.4.1.4203.1.4.7", "RFC 3112"),
+ /** */
+ namedObject("1.3.6.1.4.1.5322.13.1.1", "draft-howard-namedobject"),
+ /** */
+ inheritableLDAPSubEntry("1.3.6.1.4.1.7628.5.6.1.1", "draft-ietf-ldup-subentry"),
+ /** */
+ top("2.5.6.0", "RFC 4512"),
+ /** */
+ alias("2.5.6.1", "RFC 4512"),
+ /** */
+ country("2.5.6.2", "RFC 4519"),
+ /** */
+ locality("2.5.6.3", "RFC 4519"),
+ /** */
+ organization("2.5.6.4", "RFC 4519"),
+ /** */
+ organizationalUnit("2.5.6.5", "RFC 4519"),
+ /** */
+ person("2.5.6.6", "RFC 4519"),
+ /** */
+ organizationalPerson("2.5.6.7", "RFC 4519"),
+ /** */
+ organizationalRole("2.5.6.8", "RFC 4519"),
+ /** */
+ groupOfNames("2.5.6.9", "RFC 4519"),
+ /** */
+ residentialPerson("2.5.6.10", "RFC 4519"),
+ /** */
+ applicationProcess("2.5.6.11", "RFC 4519"),
+ /** */
+ device("2.5.6.14", "RFC 4519"),
+ /** */
+ strongAuthenticationUser("2.5.6.15", "RFC 4523"),
+ /** */
+ certificationAuthority("2.5.6.16", "RFC 4523"),
+ // /** Should be certificationAuthority-V2 */
+ // certificationAuthority_V2("2.5.6.16.2", "RFC 4523") {
+ // },
+ /** */
+ groupOfUniqueNames("2.5.6.17", "RFC 4519"),
+ /** */
+ userSecurityInformation("2.5.6.18", "RFC 4523"),
+ /** */
+ cRLDistributionPoint("2.5.6.19", "RFC 4523"),
+ /** */
+ pkiUser("2.5.6.21", "RFC 4523"),
+ /** */
+ pkiCA("2.5.6.22", "RFC 4523"),
+ /** */
+ deltaCRL("2.5.6.23", "RFC 4523"),
+ /** */
+ subschema("2.5.20.1", "RFC 4512"),
+ /** */
+ ldapSubEntry("2.16.840.1.113719.2.142.6.1.1", "draft-ietf-ldup-subentry"),
+ /** */
+ changeLogEntry("2.16.840.1.113730.3.2.1", "draft-good-ldap-changelog"),
+ /** */
+ inetOrgPerson("2.16.840.1.113730.3.2.2", "RFC 2798"),
+ /** */
+ referral("2.16.840.1.113730.3.2.6", "RFC 3296"),
+
+ // RFC 2307bis (partial)
+ /** */
+ posixAccount("1.3.6.1.1.1.2.0", "RFC 2307bis"),
+ /** */
+ posixGroup("1.3.6.1.1.1.2.2", "RFC 2307bis"),
+
+ //
+ ;
+
+ private final String oid, spec;
+ private final QName value;
+
+ private LdapObj(String oid, String spec) {
+ this.oid = oid;
+ this.spec = spec;
+ this.value = new ContentName(ArgeoNamespace.LDAP_NAMESPACE_URI, name());
+ }
+
+ public QName qName() {
+ return value;
+ }
+
+ public String getOid() {
+ return oid;
+ }
+
+ public String getSpec() {
+ return spec;
+ }
+
+ @Deprecated
+ public String property() {
+ return get();
+ }
+
+ /** @deprecated use {@link #qName()} instead. */
+ @Deprecated
+ public String get() {
+ return RuntimeNamespaceContext.getNamespaceContext().getPrefix(LDAP_NAMESPACE_URI) + ":" + name();
+ }
+
+ @Override
+ public String getNamespace() {
+ return LDAP_NAMESPACE_URI;
+ }
+
+ @Override
+ public String getDefaultPrefix() {
+ return LDAP_DEFAULT_PREFIX;
+ }
+
+}
+++ /dev/null
-package org.argeo.api.acr.ldap;
-
-import static org.argeo.api.acr.ArgeoNamespace.LDAP_DEFAULT_PREFIX;
-import static org.argeo.api.acr.ArgeoNamespace.LDAP_NAMESPACE_URI;
-
-import java.util.function.Supplier;
-
-import javax.xml.namespace.QName;
-
-import org.argeo.api.acr.ArgeoNamespace;
-import org.argeo.api.acr.ContentName;
-import org.argeo.api.acr.QNamed;
-import org.argeo.api.acr.RuntimeNamespaceContext;
-
-/**
- * Standard LDAP object classes as per
- * <a href="https://www.ldap.com/ldap-oid-reference">https://www.ldap.com/ldap-
- * oid-reference</a>
- */
-public enum LdapObjs implements QNamed, SpecifiedName, Supplier<String> {
- account("0.9.2342.19200300.100.4.5", "RFC 4524"),
- /** */
- document("0.9.2342.19200300.100.4.6", "RFC 4524"),
- /** */
- room("0.9.2342.19200300.100.4.7", "RFC 4524"),
- /** */
- documentSeries("0.9.2342.19200300.100.4.9", "RFC 4524"),
- /** */
- domain("0.9.2342.19200300.100.4.13", "RFC 4524"),
- /** */
- rFC822localPart("0.9.2342.19200300.100.4.14", "RFC 4524"),
- /** */
- domainRelatedObject("0.9.2342.19200300.100.4.17", "RFC 4524"),
- /** */
- friendlyCountry("0.9.2342.19200300.100.4.18", "RFC 4524"),
- /** */
- simpleSecurityObject("0.9.2342.19200300.100.4.19", "RFC 4524"),
- /** */
- uidObject("1.3.6.1.1.3.1", "RFC 4519"),
- /** */
- extensibleObject("1.3.6.1.4.1.1466.101.120.111", "RFC 4512"),
- /** */
- dcObject("1.3.6.1.4.1.1466.344", "RFC 4519"),
- /** */
- authPasswordObject("1.3.6.1.4.1.4203.1.4.7", "RFC 3112"),
- /** */
- namedObject("1.3.6.1.4.1.5322.13.1.1", "draft-howard-namedobject"),
- /** */
- inheritableLDAPSubEntry("1.3.6.1.4.1.7628.5.6.1.1", "draft-ietf-ldup-subentry"),
- /** */
- top("2.5.6.0", "RFC 4512"),
- /** */
- alias("2.5.6.1", "RFC 4512"),
- /** */
- country("2.5.6.2", "RFC 4519"),
- /** */
- locality("2.5.6.3", "RFC 4519"),
- /** */
- organization("2.5.6.4", "RFC 4519"),
- /** */
- organizationalUnit("2.5.6.5", "RFC 4519"),
- /** */
- person("2.5.6.6", "RFC 4519"),
- /** */
- organizationalPerson("2.5.6.7", "RFC 4519"),
- /** */
- organizationalRole("2.5.6.8", "RFC 4519"),
- /** */
- groupOfNames("2.5.6.9", "RFC 4519"),
- /** */
- residentialPerson("2.5.6.10", "RFC 4519"),
- /** */
- applicationProcess("2.5.6.11", "RFC 4519"),
- /** */
- device("2.5.6.14", "RFC 4519"),
- /** */
- strongAuthenticationUser("2.5.6.15", "RFC 4523"),
- /** */
- certificationAuthority("2.5.6.16", "RFC 4523"),
- // /** Should be certificationAuthority-V2 */
- // certificationAuthority_V2("2.5.6.16.2", "RFC 4523") {
- // },
- /** */
- groupOfUniqueNames("2.5.6.17", "RFC 4519"),
- /** */
- userSecurityInformation("2.5.6.18", "RFC 4523"),
- /** */
- cRLDistributionPoint("2.5.6.19", "RFC 4523"),
- /** */
- pkiUser("2.5.6.21", "RFC 4523"),
- /** */
- pkiCA("2.5.6.22", "RFC 4523"),
- /** */
- deltaCRL("2.5.6.23", "RFC 4523"),
- /** */
- subschema("2.5.20.1", "RFC 4512"),
- /** */
- ldapSubEntry("2.16.840.1.113719.2.142.6.1.1", "draft-ietf-ldup-subentry"),
- /** */
- changeLogEntry("2.16.840.1.113730.3.2.1", "draft-good-ldap-changelog"),
- /** */
- inetOrgPerson("2.16.840.1.113730.3.2.2", "RFC 2798"),
- /** */
- referral("2.16.840.1.113730.3.2.6", "RFC 3296"),
-
- // RFC 2307bis (partial)
- /** */
- posixAccount("1.3.6.1.1.1.2.0", "RFC 2307bis"),
- /** */
- posixGroup("1.3.6.1.1.1.2.2", "RFC 2307bis"),
-
- //
- ;
-
- private final String oid, spec;
- private final QName value;
-
- private LdapObjs(String oid, String spec) {
- this.oid = oid;
- this.spec = spec;
- this.value = new ContentName(ArgeoNamespace.LDAP_NAMESPACE_URI, name());
- }
-
- public QName qName() {
- return value;
- }
-
- public String getOid() {
- return oid;
- }
-
- public String getSpec() {
- return spec;
- }
-
- @Deprecated
- public String property() {
- return get();
- }
-
- @Override
- public String get() {
- return RuntimeNamespaceContext.getNamespaceContext().getPrefix(LDAP_NAMESPACE_URI) + ":" + name();
- }
-
- @Override
- public String getNamespace() {
- return LDAP_NAMESPACE_URI;
- }
-
- @Override
- public String getDefaultPrefix() {
- return LDAP_DEFAULT_PREFIX;
- }
-
-}
* A name which has been specified and for which an id has been defined
* (typically an OID).
*/
-public interface SpecifiedName {
+interface SpecifiedName {
/** The name */
String name();
import javax.security.auth.x500.X500Principal;
import org.argeo.api.acr.ContentSession;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.acr.spi.ProvidedRepository;
import org.argeo.api.uuid.MacAddressUuidFactory;
import org.argeo.api.uuid.UuidFactory;
public static void main(String... args) {
Path homePath = Paths.get(System.getProperty("user.home"));
String username = System.getProperty("user.name");
- X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + ",dc=localhost");
+ X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + ",dc=localhost");
Subject subject = new Subject();
subject.getPrincipals().add(principal);
import org.argeo.api.acr.ContentName;
import org.argeo.api.acr.CrAttributeType;
import org.argeo.api.acr.NamespaceUtils;
-import org.argeo.api.acr.ldap.LdapAttrs;
-import org.argeo.api.acr.ldap.LdapObjs;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.acr.spi.ContentProvider;
import org.argeo.api.acr.spi.ProvidedSession;
import org.argeo.cms.acr.AbstractContent;
Set<QName> keys = new TreeSet<>(NamespaceUtils.QNAME_COMPARATOR);
keys: for (Enumeration<String> it = properties.keys(); it.hasMoreElements();) {
String key = it.nextElement();
- if (key.equalsIgnoreCase(LdapAttrs.objectClass.name()))
+ if (key.equalsIgnoreCase(LdapAttr.objectClass.name()))
continue keys;
- if (key.equalsIgnoreCase(LdapAttrs.objectClasses.name()))
+ if (key.equalsIgnoreCase(LdapAttr.objectClasses.name()))
continue keys;
ContentName name = new ContentName(ArgeoNamespace.LDAP_NAMESPACE_URI, key, provider);
keys.add(name);
public List<QName> getContentClasses() {
Dictionary<String, Object> properties = doGetProperties();
List<QName> contentClasses = new ArrayList<>();
- String objectClass = properties.get(LdapAttrs.objectClass.name()).toString();
+ String objectClass = properties.get(LdapAttr.objectClass.name()).toString();
contentClasses.add(new ContentName(ArgeoNamespace.LDAP_NAMESPACE_URI, objectClass, provider));
- String[] objectClasses = properties.get(LdapAttrs.objectClasses.name()).toString().split("\\n");
+ String[] objectClasses = properties.get(LdapAttr.objectClasses.name()).toString().split("\\n");
objectClasses: for (String oc : objectClasses) {
- if (LdapObjs.top.name().equalsIgnoreCase(oc))
+ if (LdapObj.top.name().equalsIgnoreCase(oc))
continue objectClasses;
if (objectClass.equalsIgnoreCase(oc))
continue objectClasses;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.cms.directory.ldap.IpaUtils;
import org.argeo.cms.internal.runtime.CmsContextImpl;
import org.argeo.cms.osgi.useradmin.OsUserUtils;
throw new LoginException("No username available");
String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
- X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+ X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn);
authorizationName = principal.getName();
}
package org.argeo.cms.auth;
-import static org.argeo.api.acr.ldap.LdapAttrs.cn;
+import static org.argeo.api.acr.ldap.LdapAttr.cn;
import java.io.IOException;
import java.security.PrivilegedAction;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.cms.directory.ldap.IpaUtils;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState = null;
- private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttrs.mail.name(),
- LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() });
+ private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(),
+ LdapAttr.uid.name(), LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() });
// private state
// private BundleContext bc;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.cms.CmsConstants;
import org.argeo.cms.CurrentUser;
import org.osgi.service.useradmin.Role;
// CURRENTUSER HELPERS
/** Checks if current user is the same as the passed one */
public static boolean isCurrentUser(User user) {
- String userUsername = getProperty(user, LdapAttrs.DN);
+ String userUsername = getProperty(user, LdapAttr.DN);
LdapName userLdapName = getLdapName(userUsername);
LdapName selfUserName = getCurrentUserLdapName();
return userLdapName.equals(selfUserName);
/** Retrieves the current logged-in user common name */
public final static String getCommonName(User user) {
- return getProperty(user, LdapAttrs.cn.name());
+ return getProperty(user, LdapAttr.cn.name());
}
// OTHER USERS HELPERS
public static String getUserLocalId(String dn) {
LdapName ldapName = getLdapName(dn);
Rdn last = ldapName.getRdn(ldapName.size() - 1);
- if (last.getType().toLowerCase().equals(LdapAttrs.uid.name())
- || last.getType().toLowerCase().equals(LdapAttrs.cn.name()))
+ if (last.getType().toLowerCase().equals(LdapAttr.uid.name())
+ || last.getType().toLowerCase().equals(LdapAttr.cn.name()))
return (String) last.getValue();
else
throw new IllegalArgumentException("Cannot retrieve user local id, non valid dn: " + dn);
}
public static String getUserDisplayName(Role user) {
- String dName = getProperty(user, LdapAttrs.displayName.name());
+ String dName = getProperty(user, LdapAttr.displayName.name());
if (isEmpty(dName))
- dName = getProperty(user, LdapAttrs.cn.name());
+ dName = getProperty(user, LdapAttr.cn.name());
if (isEmpty(dName))
- dName = getProperty(user, LdapAttrs.uid.name());
+ dName = getProperty(user, LdapAttr.uid.name());
if (isEmpty(dName))
dName = getUserLocalId(user.getName());
return dName;
if (user == null)
return null;
else
- return getProperty(user, LdapAttrs.mail.name());
+ return getProperty(user, LdapAttr.mail.name());
}
// LDAP NAMES HELPERS
}
/**
- * Simply retrieves a LDAP name from a {@link LdapAttrs.DN} with no exception
+ * Simply retrieves a LDAP name from a {@link LdapAttr.DN} with no exception
*/
private static LdapName getLdapName(String dn) {
try {
int i = 0;
loop: while (i < rdns.size()) {
Rdn currrRdn = rdns.get(i);
- if (LdapAttrs.uid.name().equals(currrRdn.getType()) || LdapAttrs.cn.name().equals(currrRdn.getType())
- || LdapAttrs.ou.name().equals(currrRdn.getType()))
+ if (LdapAttr.uid.name().equals(currrRdn.getType()) || LdapAttr.cn.name().equals(currrRdn.getType())
+ || LdapAttr.ou.name().equals(currrRdn.getType()))
break loop;
else {
String currVal = (String) currrRdn.getValue();
import javax.naming.ldap.Rdn;
import javax.transaction.xa.XAResource;
-import org.argeo.api.acr.ldap.LdapAttrs;
-import org.argeo.api.acr.ldap.LdapObjs;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.cms.directory.CmsDirectory;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.transaction.WorkControl;
private final boolean scoped;
private List<String> credentialAttributeIds = Arrays
- .asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
+ .asList(new String[] { LdapAttr.userPassword.name(), LdapAttr.authPassword.name() });
private WorkControl transactionControl;
private WorkingCopyXaResource<LdapEntryWorkingCopy> xaResource;
protected void collectGroups(LdapEntry user, List<LdapEntry> allRoles) {
Attributes attrs = user.getAttributes();
// TODO centralize attribute name
- Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
+ Attribute memberOf = attrs.get(LdapAttr.memberOf.name());
// if user belongs to this directory, we only check memberOf
if (memberOf != null && user.getDn().startsWith(getBaseDn())) {
try {
|| wc.getNewData().containsKey(dn))
throw new IllegalArgumentException("Already a hierarchy unit " + path);
BasicAttributes attrs = new BasicAttributes(true);
- attrs.put(LdapAttrs.objectClass.name(), LdapObjs.organizationalUnit.name());
+ attrs.put(LdapAttr.objectClass.name(), LdapObj.organizationalUnit.name());
Rdn nameRdn = dn.getRdn(dn.size() - 1);
// TODO deal with multiple attr RDN
attrs.put(nameRdn.getType(), nameRdn.getValue());
for (int i = 0; i < segments.length; i++) {
String segment = segments[i];
// TODO make attr names configurable ?
- String attr = getDirectory().getRealm().isPresent()/* IPA */ ? LdapAttrs.cn.name()
- : LdapAttrs.ou.name();
+ String attr = getDirectory().getRealm().isPresent()/* IPA */ ? LdapAttr.cn.name()
+ : LdapAttr.ou.name();
if (parentRdn != null) {
if (getUserBaseRdn().equals(parentRdn))
- attr = LdapAttrs.uid.name();
+ attr = LdapAttr.uid.name();
else if (getGroupBaseRdn().equals(parentRdn))
- attr = LdapAttrs.cn.name();
+ attr = LdapAttr.cn.name();
else if (getSystemRoleBaseRdn().equals(parentRdn))
- attr = LdapAttrs.cn.name();
+ attr = LdapAttr.cn.name();
}
Rdn rdn = new Rdn(attr, segment);
name.add(rdn);
return !name.startsWith(baseDn);
}
- protected static boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
+ protected static boolean hasObjectClass(Attributes attrs, LdapObj objectClass) {
return hasObjectClass(attrs, objectClass.name());
}
protected static boolean hasObjectClass(Attributes attrs, String objectClass) {
try {
- Attribute attr = attrs.get(LdapAttrs.objectClass.name());
+ Attribute attr = attrs.get(LdapAttr.objectClass.name());
NamingEnumeration<?> en = attr.getAll();
while (en.hasMore()) {
String v = en.next().toString();
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
/** LDAP authPassword field according to RFC 3112 */
public class AuthPassword implements CallbackHandler {
public static AuthPassword matchAuthValue(Attributes attributes, char[] value) {
try {
- Attribute authPassword = attributes.get(LdapAttrs.authPassword.name());
+ Attribute authPassword = attributes.get(LdapAttr.authPassword.name());
if (authPassword != null) {
NamingEnumeration<?> values = authPassword.getAll();
while (values.hasMore()) {
}
public static boolean remove(Attributes attributes, AuthPassword value) {
- Attribute authPassword = attributes.get(LdapAttrs.authPassword.name());
+ Attribute authPassword = attributes.get(LdapAttr.authPassword.name());
return authPassword.remove(value.toAuthPassword());
}
import javax.naming.directory.BasicAttribute;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapAttrs;
-import org.argeo.api.acr.ldap.LdapObjs;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.cms.directory.DirectoryDigestUtils;
/** An entry in an LDAP (or LDIF) directory. */
// Regular password
// byte[] hashedPassword = hash(password, DigestUtils.PASSWORD_SCHEME_PBKDF2_SHA256);
- if (hasCredential(LdapAttrs.userPassword.name(), DirectoryDigestUtils.charsToBytes(password)))
+ if (hasCredential(LdapAttr.userPassword.name(), DirectoryDigestUtils.charsToBytes(password)))
return true;
return false;
}
throw new IllegalStateException("Cannot initialise attribute dictionary", e);
}
if (!credentials)
- effectiveKeys.add(LdapAttrs.objectClasses.name());
+ effectiveKeys.add(LdapAttr.objectClasses.name());
}
@Override
@Override
public Object get(Object key) {
try {
- Attribute attr = !key.equals(LdapAttrs.objectClasses.name()) ? getAttributes().get(key.toString())
- : getAttributes().get(LdapAttrs.objectClass.name());
+ Attribute attr = !key.equals(LdapAttr.objectClasses.name()) ? getAttributes().get(key.toString())
+ : getAttributes().get(LdapAttr.objectClass.name());
if (attr == null)
return null;
Object value = attr.get();
if (value instanceof byte[]) {
- if (key.equals(LdapAttrs.userPassword.name()))
+ if (key.equals(LdapAttr.userPassword.name()))
// TODO other cases (certificates, images)
return value;
value = new String((byte[]) value, StandardCharsets.UTF_8);
if (attr.size() == 1)
return value;
// special case for object class
- if (key.equals(LdapAttrs.objectClass.name())) {
+ if (key.equals(LdapAttr.objectClass.name())) {
// TODO support multiple object classes
NamingEnumeration<?> en = attr.getAll();
String first = null;
attrs: while (en.hasMore()) {
String v = en.next().toString();
- if (v.equalsIgnoreCase(LdapObjs.top.name()))
+ if (v.equalsIgnoreCase(LdapObj.top.name()))
continue attrs;
if (first == null)
first = v;
// TODO persist to other sources (like PKCS12)
char[] password = DirectoryDigestUtils.bytesToChars(value);
byte[] hashedPassword = sha1hash(password);
- return put(LdapAttrs.userPassword.name(), hashedPassword);
+ return put(LdapAttr.userPassword.name(), hashedPassword);
}
if (key.startsWith("X-")) {
- return put(LdapAttrs.authPassword.name(), value);
+ return put(LdapAttr.authPassword.name(), value);
}
// start editing
startEditing();
// object classes special case.
- if (key.equals(LdapAttrs.objectClasses.name())) {
- Attribute attribute = new BasicAttribute(LdapAttrs.objectClass.name());
+ if (key.equals(LdapAttr.objectClasses.name())) {
+ Attribute attribute = new BasicAttribute(LdapAttr.objectClass.name());
String[] objectClasses = value.toString().split("\n");
for (String objectClass : objectClasses) {
if (objectClass.trim().equals(""))
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.cms.dns.DnsBrowser;
import org.argeo.cms.runtime.DirectoryConf;
public final static String IPA_ACCOUNTS_BASE = "cn=accounts";
- private final static String KRB_PRINCIPAL_NAME = LdapAttrs.krbPrincipalName.name().toLowerCase();
+ private final static String KRB_PRINCIPAL_NAME = LdapAttr.krbPrincipalName.name().toLowerCase();
public final static String IPA_USER_DIRECTORY_CONFIG = DirectoryConf.userBase + "=" + IPA_USER_BASE + "&"
+ DirectoryConf.groupBase + "=" + IPA_GROUP_BASE + "&" + DirectoryConf.systemRoleBase + "=" + IPA_ROLE_BASE
StringJoiner sj = new StringJoiner(",");
for (int i = 0; i < dcs.length; i++) {
String dc = dcs[i];
- sj.add(LdapAttrs.dc.name() + '=' + dc.toLowerCase());
+ sj.add(LdapAttr.dc.name() + '=' + dc.toLowerCase());
}
return IPA_ACCOUNTS_BASE + ',' + sj.toString();
}
String baseDn = domainToBaseDn(kname[1]);
String dn;
if (!username.contains("/"))
- dn = LdapAttrs.uid + "=" + username + "," + IPA_USER_BASE + "," + baseDn;
+ dn = LdapAttr.uid + "=" + username + "," + IPA_USER_BASE + "," + baseDn;
else
dn = KRB_PRINCIPAL_NAME + "=" + kerberosName + "," + IPA_SERVICE_BASE + "," + baseDn;
try {
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.cms.transaction.WorkingCopy;
/** A synchronized wrapper for a single {@link InitialLdapContext}. */
Hashtable<String, Object> connEnv = new Hashtable<String, Object>();
connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
connEnv.put(Context.PROVIDER_URL, url);
- connEnv.put("java.naming.ldap.attributes.binary", LdapAttrs.userPassword.name());
+ connEnv.put("java.naming.ldap.attributes.binary", LdapAttr.userPassword.name());
// use pooling in order to avoid connection timeout
// connEnv.put("com.sun.jndi.ldap.connect.pool", "true");
// connEnv.put("com.sun.jndi.ldap.connect.pool.timeout", 300000);
package org.argeo.cms.directory.ldap;
-import static org.argeo.api.acr.ldap.LdapAttrs.objectClass;
+import static org.argeo.api.acr.ldap.LdapAttr.objectClass;
import java.util.ArrayList;
import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.argeo.api.acr.ldap.LdapAttrs;
-import org.argeo.api.acr.ldap.LdapObjs;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.cms.directory.HierarchyUnit;
/** A user admin based on a LDAP server. */
if (getDirectory().getGroupBaseRdn().equals(technicalRdn)) {
if (attrs.size() == 0) {// exists but not accessible
attrs = new BasicAttributes();
- attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
- attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
+ attrs.put(LdapAttr.objectClass.name(), LdapObj.top.name());
+ attrs.put(LdapAttr.objectClass.name(), getDirectory().getGroupObjectClass());
}
res = newGroup(name);
} else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) {
if (attrs.size() == 0) {// exists but not accessible
attrs = new BasicAttributes();
- attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
- attrs.put(LdapAttrs.objectClass.name(), getDirectory().getGroupObjectClass());
+ attrs.put(LdapAttr.objectClass.name(), LdapObj.top.name());
+ attrs.put(LdapAttr.objectClass.name(), getDirectory().getGroupObjectClass());
}
res = newGroup(name);
} else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) {
if (attrs.size() == 0) {// exists but not accessible
attrs = new BasicAttributes();
- attrs.put(LdapAttrs.objectClass.name(), LdapObjs.top.name());
- attrs.put(LdapAttrs.objectClass.name(), getDirectory().getUserObjectClass());
+ attrs.put(LdapAttr.objectClass.name(), LdapObj.top.name());
+ attrs.put(LdapAttr.objectClass.name(), getDirectory().getUserObjectClass());
}
res = newUser(name);
} else {
String structuralFilter = functionalOnly ? ""
: "(" + getDirectory().getUserBaseRdn() + ")(" + getDirectory().getGroupBaseRdn() + ")("
+ getDirectory().getSystemRoleBaseRdn() + ")";
- String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass
- + "=" + LdapObjs.organization.name() + ")" + structuralFilter + ")";
+ String searchFilter = "(|(" + objectClass + "=" + LdapObj.organizationalUnit.name() + ")(" + objectClass
+ + "=" + LdapObj.organization.name() + ")" + structuralFilter + ")";
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
/** An LDAP entry. */
public interface LdapEntry {
* backend.
*/
public static void addObjectClasses(Dictionary<String, Object> properties, Collection<String> objectClasses) {
- String value = properties.get(LdapAttrs.objectClasses.name()).toString();
+ String value = properties.get(LdapAttr.objectClasses.name()).toString();
Set<String> currentObjectClasses = new TreeSet<>(Arrays.asList(value.toString().split("\n")));
currentObjectClasses.addAll(objectClasses);
StringJoiner values = new StringJoiner("\n");
currentObjectClasses.forEach((s) -> values.add(s));
- properties.put(LdapAttrs.objectClasses.name(), values.toString());
+ properties.put(LdapAttr.objectClasses.name(), values.toString());
}
public static Object getLocalized(Dictionary<String, Object> properties, String key, Locale locale) {
package org.argeo.cms.directory.ldap;
-import static org.argeo.api.acr.ldap.LdapAttrs.objectClass;
-import static org.argeo.api.acr.ldap.LdapObjs.inetOrgPerson;
+import static org.argeo.api.acr.ldap.LdapAttr.objectClass;
+import static org.argeo.api.acr.ldap.LdapObj.inetOrgPerson;
import java.io.File;
import java.io.FileOutputStream;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapObjs;
+import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.osgi.framework.Filter;
import org.osgi.framework.FrameworkUtil;
} else if (objectClass.toLowerCase().equals(getDirectory().getGroupObjectClass().toLowerCase())) {
entries.put(key, newGroup(key));
break objectClasses;
- } else if (objectClass.equalsIgnoreCase(LdapObjs.organizationalUnit.name())) {
+ } else if (objectClass.equalsIgnoreCase(LdapObj.organizationalUnit.name())) {
// TODO skip if it does not contain groups or users
hierarchy.put(key, new LdapHierarchyUnit(getDirectory(), key));
break objectClasses;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
/** Basic LDIF parser. */
public class LdifParser {
Object attributeValue = isBase64 ? Base64.getDecoder().decode(cleanValueStr) : cleanValueStr;
// manage DN attributes
- if (attributeId.equals(LdapAttrs.DN) || isLastLine) {
+ if (attributeId.equals(LdapAttr.DN) || isLastLine) {
if (currentDn != null) {
//
// ADD
}
}
- if (attributeId.equals(LdapAttrs.DN))
+ if (attributeId.equals(LdapAttr.DN))
try {
currentDn = new LdapName(attributeValue.toString());
currentAttributes = new BasicAttributes(true);
package org.argeo.cms.directory.ldap;
-import static org.argeo.api.acr.ldap.LdapAttrs.DN;
-import static org.argeo.api.acr.ldap.LdapAttrs.member;
-import static org.argeo.api.acr.ldap.LdapAttrs.objectClass;
-import static org.argeo.api.acr.ldap.LdapAttrs.uniqueMember;
+import static org.argeo.api.acr.ldap.LdapAttr.DN;
+import static org.argeo.api.acr.ldap.LdapAttr.member;
+import static org.argeo.api.acr.ldap.LdapAttr.objectClass;
+import static org.argeo.api.acr.ldap.LdapAttr.uniqueMember;
import java.io.IOException;
import java.io.OutputStream;
package org.argeo.cms.internal.runtime;
-import static org.argeo.api.acr.ldap.LdapAttrs.cn;
-import static org.argeo.api.acr.ldap.LdapAttrs.description;
-import static org.argeo.api.acr.ldap.LdapAttrs.owner;
+import static org.argeo.api.acr.ldap.LdapAttr.cn;
+import static org.argeo.api.acr.ldap.LdapAttr.description;
+import static org.argeo.api.acr.ldap.LdapAttr.owner;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import javax.xml.namespace.QName;
import org.argeo.api.acr.NamespaceUtils;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.acr.ldap.NamingUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
// private Map<String, String> serviceProperties;
private WorkTransaction userTransaction;
- private final String[] knownProps = { LdapAttrs.cn.name(), LdapAttrs.sn.name(), LdapAttrs.givenName.name(),
- LdapAttrs.uid.name() };
+ private final String[] knownProps = { LdapAttr.cn.name(), LdapAttr.sn.name(), LdapAttr.givenName.name(),
+ LdapAttr.uid.name() };
// private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
// .synchronizedMap(new LinkedHashMap<>());
@Override
public CmsUser getUserFromLocalId(String localId) {
- CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
+ CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttr.uid.name(), localId);
if (user == null)
- user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
+ user = (CmsUser) getUserAdmin().getUser(LdapAttr.cn.name(), localId);
return user;
}
@Override
public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
try {
- String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
+ String dn = LdapAttr.cn.name() + "=" + commonName + "," + groups.getBase();
CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
@Override
public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole) {
try {
- String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
+ String dn = LdapAttr.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
String dn = null;
if (Role.GROUP == type)
- dn = LdapAttrs.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
else if (Role.USER == type)
- dn = LdapAttrs.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
else
throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
return dn;
}
public String addSharedSecret(String email, int hours) {
- User user = (User) userAdmin.getUser(LdapAttrs.mail.name(), email);
+ User user = (User) userAdmin.getUser(LdapAttr.mail.name(), email);
try {
userTransaction.begin();
String uuid = UUID.randomUUID().toString();
package org.argeo.cms.osgi.useradmin;
-import static org.argeo.api.acr.ldap.LdapAttrs.objectClass;
-import static org.argeo.api.acr.ldap.LdapObjs.extensibleObject;
-import static org.argeo.api.acr.ldap.LdapObjs.inetOrgPerson;
-import static org.argeo.api.acr.ldap.LdapObjs.organizationalPerson;
-import static org.argeo.api.acr.ldap.LdapObjs.person;
-import static org.argeo.api.acr.ldap.LdapObjs.top;
+import static org.argeo.api.acr.ldap.LdapAttr.objectClass;
+import static org.argeo.api.acr.ldap.LdapObj.extensibleObject;
+import static org.argeo.api.acr.ldap.LdapObj.inetOrgPerson;
+import static org.argeo.api.acr.ldap.LdapObj.organizationalPerson;
+import static org.argeo.api.acr.ldap.LdapObj.person;
+import static org.argeo.api.acr.ldap.LdapObj.top;
import java.net.URI;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.List;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
final static String extractDisplayName(User user) {
Dictionary<String, Object> props = user.getProperties();
- Object displayName = props.get(LdapAttrs.displayName.name());
+ Object displayName = props.get(LdapAttr.displayName.name());
if (displayName == null)
- displayName = props.get(LdapAttrs.cn.name());
+ displayName = props.get(LdapAttr.cn.name());
if (displayName == null)
- displayName = props.get(LdapAttrs.uid.name());
+ displayName = props.get(LdapAttr.uid.name());
if (displayName == null)
displayName = user.getName();
if (displayName == null)
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.argeo.cms.directory.ldap.AbstractLdapDirectoryDao;
public OsUserDirectory(AbstractLdapDirectory directory) {
super(directory);
try {
- osUserDn = new LdapName(LdapAttrs.uid.name() + "=" + osUsername + "," + directory.getUserBaseRdn() + ","
+ osUserDn = new LdapName(LdapAttr.uid.name() + "=" + osUsername + "," + directory.getUserBaseRdn() + ","
+ directory.getBaseDn());
// Attributes attributes = new BasicAttributes();
// attributes.put(LdapAttrs.uid.name(), osUsername);
package org.argeo.cms.osgi.useradmin;
-import static org.argeo.api.acr.ldap.LdapAttrs.description;
-import static org.argeo.api.acr.ldap.LdapAttrs.owner;
+import static org.argeo.api.acr.ldap.LdapAttr.description;
+import static org.argeo.api.acr.ldap.LdapAttr.owner;
import java.security.Principal;
import java.time.Instant;