You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2011/05/06 08:22:56 UTC
svn commit: r1100090 -
/incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
Author: kwright
Date: Fri May 6 06:22:56 2011
New Revision: 1100090
URL: http://svn.apache.org/viewvc?rev=1100090&view=rev
Log:
More work on CONNECTORS-195. Map from login name (sAMAccountName) to common name (cn).
Modified:
incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
Modified: incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: http://svn.apache.org/viewvc/incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=1100090&r1=1100089&r2=1100090&view=diff
==============================================================================
--- incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java (original)
+++ incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java Fri May 6 06:22:56 2011
@@ -203,13 +203,13 @@ public class ActiveDirectoryAuthority ex
protected AuthorizationResponse getAuthorizationResponseUncached(String userName)
throws ManifoldCFException
{
- getSession();
+ //Specify the Base for the search
+ String searchBase = parseUser(userName);
+ if (searchBase == null)
+ return userNotFoundResponse;
//specify the LDAP search filter
String searchFilter = "(objectClass=user)";
-
- //Specify the Base for the search
- String searchBase = parseUser(userName);
//Create the search controls for finding the access tokens
SearchControls searchCtls = new SearchControls();
@@ -218,11 +218,12 @@ public class ActiveDirectoryAuthority ex
searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
//Specify the attributes to return
- String returnedAtts[] = {"tokenGroups","objectSid"};
+ String returnedAtts[]={"tokenGroups","objectSid"};
searchCtls.setReturningAttributes(returnedAtts);
try
{
+ getSession();
//Search for tokens. Since every user *must* have a SID, the no user detection should be safe.
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
@@ -559,7 +560,7 @@ public class ActiveDirectoryAuthority ex
}
/** Parse a user name into an ldap search base. */
- protected static String parseUser(String userName)
+ protected String parseUser(String userName)
throws ManifoldCFException
{
//String searchBase = "CN=Administrator,CN=Users,DC=qa-ad-76,DC=metacarta,DC=com";
@@ -568,24 +569,113 @@ public class ActiveDirectoryAuthority ex
throw new ManifoldCFException("Username is in unexpected form (no @): '"+userName+"'");
String userPart = userName.substring(0,index);
String domainPart = userName.substring(index+1);
- // Start the search base assembly
- StringBuffer sb = new StringBuffer();
- sb.append("CN=").append(userPart).append(",CN=Users");
+
+ //Build the DN searchBase from domain part
+ StringBuffer domainsb = new StringBuffer();
int j = 0;
while (true)
{
+ if (j > 0)
+ domainsb.append(",");
+
int k = domainPart.indexOf(".",j);
if (k == -1)
{
- sb.append(",DC=").append(domainPart.substring(j));
+ domainsb.append("DC=").append(ldapEscape(domainPart.substring(j)));
break;
}
- sb.append(",DC=").append(domainPart.substring(j,k));
+ domainsb.append("DC=").append(ldapEscape(domainPart.substring(j,k)));
j = k+1;
}
+
+ //Get CN Attribute (for this method we are using DomainPart as a searchBase ie: DC=qa-ad-76,DC=metacarta,DC=com")
+ String userCN = getCnAttribute(userPart, domainsb.toString());
+ if (userCN == null)
+ return null;
+
+ // Start the final search base assembly for object scope
+ StringBuffer sb = new StringBuffer();
+ sb.append("CN=").append(ldapEscape(userCN)).append(",CN=Users,");
+ sb.append(domainsb);
return sb.toString();
}
+
+ /** Obtain the CN Attribute for a given user logon name.
+ *@param userName (Domain Logon Name) is the user name or identifier.
+ *@param searchBase (Full Domain Name for the search ie: DC=qa-ad-76,DC=metacarta,DC=com)
+ *@return CN Attribute for given domain user logon name. (User Domain Logon Name MAY not be same as the CN Name (ie. display name))
+ * (Should throws an exception if user is not found.)
+ */
+ protected String getCnAttribute(String userName, String searchBase)
+ throws ManifoldCFException
+ {
+ getSession();
+ //First we need to make sure we have the correct CN attribute for username (logon name may not be CN name)
+ String returnedAtts[] = {"cn"};
+ String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName + "))";
+ SearchControls searchCtls = new SearchControls();
+ searchCtls.setReturningAttributes(returnedAtts);
+ //Specify the search scope
+ searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+ searchCtls.setReturningAttributes(returnedAtts);
+ try
+ {
+ NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
+ while (answer.hasMoreElements())
+ {
+ SearchResult sr = (SearchResult)answer.next();
+ Attributes attrs = sr.getAttributes();
+ if (attrs != null)
+ {
+ String cn = attrs.get("cn").toString();
+ cn = cleanUpCnAttribute(cn);
+ return cn;
+ }
+ }
+ return null;
+ }
+ catch (NamingException e)
+ {
+ throw new ManifoldCFException(e.getMessage(),e);
+ }
+ }
+
+ /** Clean-up CN Attribute from prefix cn, :
+ *@param cnAttribute
+ *@return String
+ */
+ protected static String cleanUpCnAttribute(String cnAttribute)
+ {
+ //Remove cn:
+ int index = cnAttribute.indexOf(":");
+ if (index > 0)
+ cnAttribute = cnAttribute.substring(index+1,cnAttribute.length()-(index-2)).trim();
+ return cnAttribute;
+ }
+
+ /** LDAP escape a string.
+ */
+ protected static String ldapEscape(String input)
+ {
+ //Add escape sequence to all commas
+ StringBuffer sb = new StringBuffer();
+ int index = 0;
+ while (true)
+ {
+ int oldIndex = index;
+ index = input.indexOf(",",oldIndex);
+ if (index == -1)
+ {
+ sb.append(input.substring(oldIndex));
+ break;
+ }
+ sb.append(input.substring(oldIndex,index)).append("\\,");
+ index++;
+ }
+ return sb.toString();
+ }
+
/** Convert a binary SID to a string */
protected static String sid2String(byte[] SID)
{