You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2013/11/08 02:22:14 UTC
svn commit: r1539894 - in /archiva/redback/redback-core/trunk:
redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/
redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/
r...
Author: olamy
Date: Fri Nov 8 01:22:14 2013
New Revision: 1539894
URL: http://svn.apache.org/r1539894
Log:
[MRM-1791] ldap group mapping support for active directory
Added:
archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/user/MockUserManager.java
- copied, changed from r1537759, archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java
Modified:
archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java
archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/resources/spring-context-role-mapper.xml
archiva/redback/redback-core/trunk/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java
Modified: archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java?rev=1539894&r1=1539893&r2=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java (original)
+++ archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java Fri Nov 8 01:22:14 2013
@@ -20,11 +20,17 @@ package org.apache.archiva.redback.commo
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
+
import org.apache.archiva.redback.common.ldap.MappingException;
import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
import org.apache.archiva.redback.common.ldap.connection.LdapException;
+import org.apache.archiva.redback.common.ldap.user.LdapUser;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.configuration.UserConfigurationKeys;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserManagerException;
+import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -45,6 +51,7 @@ import javax.naming.directory.DirContext
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
+
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -76,6 +83,10 @@ public class DefaultLdapRoleMapper
@Named( value = "ldapRoleMapperConfiguration#default" )
private LdapRoleMapperConfiguration ldapRoleMapperConfiguration;
+ @Inject
+ @Named( value = "userManager#default" )
+ private UserManager userManager;
+
//---------------------------
// fields
//---------------------------
@@ -86,6 +97,8 @@ public class DefaultLdapRoleMapper
private String baseDn;
+ private String ldapGroupMember = "uniquemember";
+
private boolean useDefaultRoleName = false;
/**
@@ -112,6 +125,8 @@ public class DefaultLdapRoleMapper
userConf.getBoolean( UserConfigurationKeys.LDAP_GROUPS_USE_ROLENAME, this.useDefaultRoleName );
this.userIdAttribute = userConf.getString( UserConfigurationKeys.LDAP_USER_ID_ATTRIBUTE, this.userIdAttribute );
+
+ this.ldapGroupMember = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_MEMBER, this.ldapGroupMember );
}
public List<String> getAllGroups( DirContext context )
@@ -283,7 +298,7 @@ public class DefaultLdapRoleMapper
{
SearchResult searchResult = namingEnumeration.next();
- Attribute uniqueMemberAttr = searchResult.getAttributes().get( "uniquemember" );
+ Attribute uniqueMemberAttr = searchResult.getAttributes().get( getLdapGroupMember() );
if ( uniqueMemberAttr != null )
{
@@ -335,11 +350,37 @@ public class DefaultLdapRoleMapper
searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+ String dn =null;
+ try
+ {
+ //try to look the user up
+ User user = userManager.findUser(username);
+ if (user instanceof LdapUser)
+ {
+ LdapUser ldapUser = (LdapUser)user;
+ Attribute dnAttribute = ldapUser.getOriginalAttributes().get("distinguishedName");
+ if(dnAttribute!=null)
+ dn = (String)dnAttribute.get();
- String filter =
- new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" ).append(
- "(uniquemember=" ).append( this.userIdAttribute + "=" + username + "," + this.getBaseDn() ).append(
- ")" ).append( ")" ).toString();
+ }
+ }
+ catch (UserNotFoundException e)
+ {
+ log.warn("Failed to look up user "+username+". Computing distinguished name manually",e);
+ }
+ catch (UserManagerException e)
+ {
+ log.warn("Failed to look up user "+username+". Computing distinguished name manually",e);
+ }
+ if(dn==null)
+ {
+ //failed to look up the user directly
+ StringBuilder builder = new StringBuilder();
+ builder.append(this.userIdAttribute).append("=").append(username).append(",").append(getBaseDn());
+ dn = builder.toString();
+ }
+ String filter = new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" )
+ .append("(").append(getLdapGroupMember()).append("=").append(dn).append(")" ).append( ")" ).toString();
log.debug( "filter: {}", filter );
@@ -351,14 +392,17 @@ public class DefaultLdapRoleMapper
List<String> allMembers = new ArrayList<String>();
- Attribute uniqueMemberAttr = searchResult.getAttributes().get( "uniquemember" );
+ Attribute uniqueMemberAttr = searchResult.getAttributes().get(getLdapGroupMember() );
if ( uniqueMemberAttr != null )
{
NamingEnumeration<String> allMembersEnum = (NamingEnumeration<String>) uniqueMemberAttr.getAll();
while ( allMembersEnum.hasMore() )
{
+
String userName = allMembersEnum.next();
+ //the original dn
+ allMembers.add( userName );
// uid=blabla we only want bla bla
userName = StringUtils.substringAfter( userName, "=" );
userName = StringUtils.substringBefore( userName, "," );
@@ -375,6 +419,13 @@ public class DefaultLdapRoleMapper
userGroups.add( groupName );
}
+ else if ( allMembers.contains( dn ) )
+ {
+ String groupName = searchResult.getName();
+ // cn=blabla we only want bla bla
+ groupName = StringUtils.substringAfter( groupName, "=" );
+ userGroups.add( groupName );
+ }
}
@@ -488,8 +539,7 @@ public class DefaultLdapRoleMapper
attributes.put( "cn", groupName );
// attribute mandatory when created a group so add admin as default member
- // TODO make this default configurable
- BasicAttribute basicAttribute = new BasicAttribute( "uniquemember" );
+ BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() );
basicAttribute.add( this.userIdAttribute + "=admin," + getBaseDn() );
attributes.put( basicAttribute );
@@ -546,10 +596,10 @@ public class DefaultLdapRoleMapper
while ( namingEnumeration.hasMore() )
{
SearchResult searchResult = namingEnumeration.next();
- Attribute attribute = searchResult.getAttributes().get( "uniquemember" );
+ Attribute attribute = searchResult.getAttributes().get( getLdapGroupMember());
if ( attribute == null )
{
- BasicAttribute basicAttribute = new BasicAttribute( "uniquemember" );
+ BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() );
basicAttribute.add( this.userIdAttribute + "=" + username + "," + getBaseDn() );
context.modifyAttributes( "cn=" + groupName + "," + getGroupsDn(), new ModificationItem[]{
new ModificationItem( DirContext.ADD_ATTRIBUTE, basicAttribute ) } );
@@ -617,10 +667,10 @@ public class DefaultLdapRoleMapper
while ( namingEnumeration.hasMore() )
{
SearchResult searchResult = namingEnumeration.next();
- Attribute attribute = searchResult.getAttributes().get( "uniquemember" );
+ Attribute attribute = searchResult.getAttributes().get( getLdapGroupMember() );
if ( attribute != null )
{
- BasicAttribute basicAttribute = new BasicAttribute( "uniquemember" );
+ BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() );
basicAttribute.add( this.userIdAttribute + "=" + username + "," + getGroupsDn() );
context.modifyAttributes( "cn=" + groupName + "," + getGroupsDn(), new ModificationItem[]{
new ModificationItem( DirContext.REMOVE_ATTRIBUTE, basicAttribute ) } );
@@ -751,6 +801,16 @@ public class DefaultLdapRoleMapper
this.baseDn = baseDn;
}
+ public String getLdapGroupMember()
+ {
+ return ldapGroupMember;
+ }
+
+ public void setLdapGroupMember(String ldapGroupMember)
+ {
+ this.ldapGroupMember = ldapGroupMember;
+ }
+
//-------------------
// utils methods
//-------------------
Modified: archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java?rev=1539894&r1=1539893&r2=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java (original)
+++ archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java Fri Nov 8 01:22:14 2013
@@ -64,6 +64,11 @@ public class LdapUserMapper
/**
*
*/
+ String distinguishedNameAttribute = "distinguishedName";
+
+ /**
+ *
+ */
String userBaseDn;
/**
@@ -142,9 +147,19 @@ public class LdapUserMapper
return passwordAttribute;
}
+ public String getDistinguishedNameAttribute()
+ {
+ return distinguishedNameAttribute;
+ }
+
+ public void setDistinguishedNameAttribute(String distinguishedNameAttribute)
+ {
+ this.distinguishedNameAttribute = distinguishedNameAttribute;
+ }
+
public String[] getUserAttributeNames()
{
- return new String[]{ emailAttribute, fullNameAttribute, passwordAttribute, userIdAttribute };
+ return new String[]{ emailAttribute, fullNameAttribute, passwordAttribute, userIdAttribute, distinguishedNameAttribute };
}
public int getMaxResultCount()
@@ -303,7 +318,7 @@ public class LdapUserMapper
public String[] getReturningAttributes()
{
return new String[]{ getUserIdAttribute(), getEmailAttribute(), getFullNameAttribute(),
- getPasswordAttribute() };
+ getPasswordAttribute(), getDistinguishedNameAttribute() };
}
public UserConfiguration getUserConf()
Copied: archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/user/MockUserManager.java (from r1537759, archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java)
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/user/MockUserManager.java?p2=archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/user/MockUserManager.java&p1=archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java&r1=1537759&r2=1539894&rev=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java (original)
+++ archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/user/MockUserManager.java Fri Nov 8 01:22:14 2013
@@ -1,4 +1,4 @@
-package org.apache.archiva.redback.system;
+package org.apache.archiva.redback.common.ldap.user;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
@@ -24,13 +24,16 @@ import org.apache.archiva.redback.users.
import org.apache.archiva.redback.users.UserManagerListener;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.users.UserQuery;
+import org.springframework.stereotype.Service;
import java.util.List;
/**
* @author Olivier Lamy
*/
-public class MockUserManager implements UserManager
+@Service( "userManager#mock" )
+public class MockUserManager
+ implements UserManager
{
public boolean isReadOnly()
{
Modified: archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/resources/spring-context-role-mapper.xml
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/resources/spring-context-role-mapper.xml?rev=1539894&r1=1539893&r2=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/resources/spring-context-role-mapper.xml (original)
+++ archiva/redback/redback-core/trunk/redback-common/redback-common-ldap/src/test/resources/spring-context-role-mapper.xml Fri Nov 8 01:22:14 2013
@@ -29,6 +29,7 @@
<context:property-placeholder system-properties-mode="OVERRIDE"/>
<alias name="userConfiguration#redback" alias="userConfiguration#default"/>
+ <alias name="userManager#mock" alias="userManager#default"/>
<bean name="commons-configuration" class="org.apache.archiva.redback.components.registry.commons.CommonsConfigurationRegistry"
init-method="initialize">
Modified: archiva/redback/redback-core/trunk/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java?rev=1539894&r1=1539893&r2=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java (original)
+++ archiva/redback/redback-core/trunk/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java Fri Nov 8 01:22:14 2013
@@ -82,6 +82,8 @@ public interface UserConfigurationKeys
String LDAP_GROUPS_BASEDN = "ldap.config.groups.base.dn";
+ String LDAP_GROUPS_MEMBER = "ldap.config.groups.member";
+
String LDAP_GROUPS_ROLE_START_KEY = "ldap.config.groups.role.";
String LDAP_GROUPS_USE_ROLENAME = "ldap.config.groups.use.rolename";
Modified: archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java?rev=1539894&r1=1539893&r2=1539894&view=diff
==============================================================================
--- archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java (original)
+++ archiva/redback/redback-core/trunk/redback-system/src/test/java/org/apache/archiva/redback/system/MockUserManager.java Fri Nov 8 01:22:14 2013
@@ -30,7 +30,8 @@ import java.util.List;
/**
* @author Olivier Lamy
*/
-public class MockUserManager implements UserManager
+public class MockUserManager
+ implements UserManager
{
public boolean isReadOnly()
{