SearchControls controls = new SearchControls(); controls.setSearchScope(SUBTREE_SCOPE); NamingEnumeration<SearchResult> renum = context.search(toDC(domainName), "(& (userPrincipalName=" + principalName + ")(objectClass=user))", controls); if (!renum.hasMore()) { System.out.println("Cannot locate user information for " + username); System.exit(1); SearchResult result = renum.next(); Attribute memberOf = result.getAttributes().get("memberOf"); if (memberOf != null) {// null if this user belongs to no group at all for (int i = 0; i < memberOf.size(); i++) { Attributes atts = context.getAttributes(memberOf.get(i).toString(), new String[] { "CN" }); Attribute att = atts.get("CN"); groups.add(new GrantedAuthorityImpl(att.get().toString()));
}); SearchControls constraints = new SearchControls(); if (roleSearchSubtreeBool) { constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); } else { constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE); NamingEnumeration<SearchResult> results = context.search(getLDAPPropertyValue(ROLE_BASE), filter, constraints); while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); if (expandRolesBool) { haveSeenNames.add(result.getNameInNamespace()); pendingNameExpansion.add(result.getNameInNamespace()); String name = pendingNameExpansion.remove(); filter = expandRolesMatchingFormat.format(new String[]{name}); results = context.search(getLDAPPropertyValue(ROLE_BASE), filter, constraints); while (results.hasMore()) { SearchResult result = results.next(); name = result.getNameInNamespace(); if (!haveSeenNames.contains(name)) { Attributes attrs = result.getAttributes(); list = addAttributeValues(getLDAPPropertyValue(ROLE_NAME), attrs, list); haveSeenNames.add(name);
roleNames = new LinkedHashSet<String>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); log.debug("Retrieving group names for user [" + sr.getName() + "]"); Attributes attrs = sr.getAttributes(); NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().equals("memberOf")) {
@Override public boolean process(SearchResult record) throws NamingException { result.add(record.getNameInNamespace()); NamingEnumeration<? extends Attribute> allAttributes = record.getAttributes().getAll(); while(allAttributes.hasMore()) { Attribute attribute = allAttributes.next(); addAllAttributeValuesToResult(attribute.getAll()); } return true; }
void getGroupNames(SearchResult groupResult, Collection<String> groups, Collection<String> groupDNs, boolean doGetDNs) throws NamingException { Attribute groupName = groupResult.getAttributes().get(groupNameAttr); if (groupName == null) { throw new NamingException("The group object does not have " + "attribute '" + groupNameAttr + "'."); } groups.add(groupName.get().toString()); if (doGetDNs) { groupDNs.add(groupResult.getNameInNamespace()); } }
private void forEachAttributeValue(SearchResult entry, String attrId, Consumer<String> action) { NamingEnumeration<?> attributesEnum = null; try { Attribute attribute = entry.getAttributes().get(attrId); if (attribute == null) return; attributesEnum = attribute.getAll(); Collections.list(attributesEnum).stream().map(Object::toString).forEach(action); } catch (NamingException e) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(entry.getNameInNamespace(), e); } finally { if (attributesEnum != null) { try { attributesEnum.close(); } catch (NamingException e) { log.trace("Unable to close attributesEnum", e); } } } }
SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); } else { searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE); searchControls.setReturningAttributes(new String[]{manager.getUsernameField()}); NamingEnumeration answer = ctx.search("", filter, searchControls); while (answer.hasMoreElements()) { String username = (String) ((SearchResult) answer.next()).getAttributes().get( manager.getUsernameField()).get(); answer.close(); } finally { try {
protected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN, String filter) throws NamingException SearchControls constraints = new SearchControls(); constraints.setSearchScope(searchScope); constraints.setTimeLimit(searchTimeLimit); String attrList[] = {distinguishedNameAttribute}; constraints.setReturningAttributes(attrList); if (!results.hasMore()) results.close(); throw PicketBoxMessages.MESSAGES.failedToFindBaseContextDN(baseDN); SearchResult sr = results.next(); String name = sr.getName(); String userDN = null; Attributes attrs = sr.getAttributes(); if (attrs != null) Attribute dn = attrs.get(distinguishedNameAttribute); if (dn != null) userDN = (String) dn.get(); if (sr.isRelative()) userDN = name + ("".equals(baseDN) ? "" : "," + baseDN); else
NamingEnumeration namingEnum = null; SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(_dnOnly); ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); ctls.setCountLimit(1); namingEnum = ctx.search(baseDN, filter, ctls); if (namingEnum.hasMore()) { SearchResult res = (SearchResult)namingEnum.next(); CompositeName compDN = new CompositeName(res.getName()); String ldapDN = compDN.get(0); sb.append(ldapDN); if (res.isRelative()) { sb.append(","); sb.append(baseDN); if (namingEnum != null) { try { namingEnum.close(); } catch(Exception ex) {
SearchControls constraints = new SearchControls(); if (subTreeSearch) { constraints.setSearchScope (SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE); constraints.setReturningAttributes(new String[] { usernameField }); NamingEnumeration answer = ctx.search("", princSearchFilter, new String[] {LdapManager.sanitizeSearchFilter(principal)}, constraints); Log.debug("LdapAuthorizationMapping: ... search finished"); if (answer == null || !answer.hasMoreElements()) { Log.debug("LdapAuthorizationMapping: Username based on principal '" + principal + "' not found."); return principal; Attributes atrs = ((SearchResult)answer.next()).getAttributes(); Attribute usernameAttribute = atrs.get(usernameField); username = (String) usernameAttribute.get(); try { if (ctx != null) { ctx.close();
SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE); constraints.setReturningAttributes(new String[] { groupNameField }); NamingEnumeration<SearchResult> answer = ctx.search("", filter, constraints); if (answer == null || !answer.hasMoreElements()) { if (debug) { Log.debug("LdapManager: Group DN based on groupname '" + groupname + "' not found."); String groupDN = answer.next().getName(); if (answer.hasMoreElements()) { if (debug) { Log.debug("LdapManager: Search for groupDN based on groupname '" + groupname + "' found multiple " + try { ctx.close(); } catch (Exception ignored) {
SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); controls.setCountLimit(0); controls.setReturningAttributes(getAttributes()); NamingEnumeration<SearchResult> results = context.search(getSearchBase(), getSearchFilter(), controls); if (results != null && results.hasMore()) { SearchResult result = results.next(); NamingEnumeration<? extends Attribute> attribs = result.getAttributes().getAll(); while(attribs.hasMore()) { Attribute attrib = attribs.nextElement(); LDAPAttribute attribute = new LDAPAttribute(attrib.getID()); NamingEnumeration<?> vals = attrib.getAll(); while(vals.hasMore()) { Object val = vals.nextElement();
NamingEnumeration<SearchResult> results = c.search(userbaseDN, userSearchFilter, new Object[]{user}, SEARCH_CONTROLS); if (!results.hasMoreElements()) { if (LOG.isDebugEnabled()) { LOG.debug("doGetGroups(" + user + ") returned no groups because the " + SearchResult result = results.nextElement(); Attribute groupDNAttr = result.getAttributes().get(memberOfAttr); if (groupDNAttr == null) { throw new NamingException("The user object does not have '" + memberOfAttr + "' attribute." + "Returned user object: " + result.toString()); NamingEnumeration groupEnumeration = groupDNAttr.getAll(); while (groupEnumeration.hasMore()) { String groupDN = groupEnumeration.next().toString(); groups.add(getRelativeDistinguishedName(groupDN));
@Override public Enumeration<String> engineAliases() { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return null; } try { NamingEnumeration<SearchResult> results = context.search(searchPath, filterIterate, null, createSearchControl(new String[]{aliasAttribute})); // TODO pagination List<String> aliases = new LinkedList<>(); while (results.hasMore()) { Attribute attribute = results.next().getAttributes().get(aliasAttribute); if (attribute != null) aliases.add((String) attribute.get()); } return Collections.enumeration(aliases); } catch (NamingException e) { throw log.ldapKeyStoreFailedToIterateAliases(e); } finally { returnDirContext(context); } }
public void eachEntry(Search search, Closure closure) throws NamingException { WithContext<Object> action = ctx -> { SearchControls ctls = new SearchControls(); ctls.setSearchScope(search.getScope().getValue()); ctls.setReturningAttributes(search.getAttrs()); ctls.setReturningObjFlag(true); NamingEnumeration<SearchResult> results = ctx.search(search.getBase(), search.getFilter(), search .getFilterArgs(), ctls); while (results != null && results.hasMore()) { SearchResult sr = results.next(); String dn = sr.getNameInNamespace(); Attributes attrs = sr.getAttributes(); NamingEnumeration<? extends Attribute> en = attrs.getAll(); Map<String, Object> map = new LinkedHashMap<>(); map.put("dn", dn); while (en.hasMore()) { Attribute attr = en.next(); String key = attr.getID(); map.put(key, attr.get(0).toString()); } closure.call(map); } return null; }; performWithContext(action); }
NamingEnumeration<SearchResult> results = context.search(getLDAPPropertyValue(USER_BASE), filter, constraints); SearchResult result = results.next(); if (results.hasMore()) { if (result.isRelative()) { log.debug("LDAP returned a relative name: {}", result.getName()); NameParser parser = context.getNameParser(""); Name contextName = parser.parse(context.getNameInNamespace()); Name baseName = parser.parse(getLDAPPropertyValue(USER_BASE)); Name entryName = parser.parse(result.getName()); Name name = contextName.addAll(baseName); name = name.addAll(entryName); dn = name.toString(); } else { log.debug("LDAP returned an absolute name: {}", result.getName()); URI uri = new URI(result.getName()); String path = uri.getPath(); Attributes attrs = result.getAttributes(); if (attrs == null) { throw new FailedLoginException("User found, but LDAP entry malformed: " + username);
/** * convert search result into URI * * @param result * search result to convert to URI */ protected URI toURI(SearchResult result) throws Exception { Attributes attributes = result.getAttributes(); String address = (String) attributes.get("iphostnumber").get(); String port = (String) attributes.get("ipserviceport").get(); String protocol = (String) attributes.get("ipserviceprotocol").get(); URI connectorURI = new URI("static:(" + protocol + "://" + address + ":" + port + ")"); LOG.debug("retrieved URI from SearchResult [{}]", connectorURI); return connectorURI; }
private List<Map<String, Object>> search(String base, String filter) { try { SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); sc.setDerefLinkFlag(false); NamingEnumeration results = getBaseContext().search(base, filter, sc); List<Map<String, Object>> result = new ArrayList<>(); while (results.hasMore()) { Map<String, Object> item = new HashMap<>(); result.add(item); SearchResult oneRes = (SearchResult) results.next(); NamingEnumeration<? extends Attribute> fields = (oneRes.getAttributes().getAll()); for (Attribute a = fields.next(); fields.hasMore(); a = fields.next()) { item.put(a.getID(), a.get()); } } return result; } catch (Exception e) { throw new RuntimeException("Search failed: searchBase=" + base + " filter=" + filter, e); } }
Attribute memberAttribute = result.getAttributes().get(permissionGroupMemberAttribute); NamingEnumeration<?> memberAttributeEnum = memberAttribute.getAll(); memberAttributes = context.getAttributes(memberDn, new String[] { "objectClass", groupNameAttribute, userNameAttribute }); } catch (NamingException e) { LOG.error("Policy not applied! Unknown member {} in policy entry {}", new Object[]{ memberDn, result.getNameInNamespace() }, e); continue; Attribute name = memberAttributes.get(groupNameAttribute); if (name == null) { LOG.error("Policy not applied! Group {} does not have name attribute {} under entry {}", new Object[]{ memberDn, groupNameAttribute, result.getNameInNamespace() }); break; principalName = (String) name.get(); Attribute name = memberAttributes.get(userNameAttribute); if (name == null) { LOG.error("Policy not applied! User {} does not have name attribute {} under entry {}", new Object[]{ memberDn, userNameAttribute, result.getNameInNamespace() }); break; LOG.error("Policy not applied! Can't determine type of member {} under entry {}", memberDn, result.getNameInNamespace()); } else if (principalName != null) { DefaultAuthorizationMap map = this.map.get(); applyAcl(entry, permissionType, members); } catch (Exception e) { LOG.error("Policy not applied! Error adding principals to ACL under {}", result.getNameInNamespace(), e);
private Set<String> getGroupMembershipsIntersectingWithRestrictedGroups(AutoclosingLdapContext context, String userName) throws NamingException { userName = userNameBaseOnGroupClass(userName); final String filter = String.format("(&(%s=%s)(objectClass=%s))", configuration.getGroupMembershipAttribute(), userName, configuration.getGroupClassName()); final NamingEnumeration<SearchResult> result = context.search(configuration.getGroupFilter(), filter, new SearchControls()); ImmutableSet.Builder<String> overlappingGroups = ImmutableSet.builder(); try { while (result.hasMore()) { SearchResult next = result.next(); if (next.getAttributes() != null && next.getAttributes().get(configuration.getGroupNameAttribute()) != null) { String group = (String) next.getAttributes().get(configuration.getGroupNameAttribute()).get(0); if (configuration.getRestrictToGroups().isEmpty() || configuration.getRestrictToGroups().contains(group)) { overlappingGroups.add(group); } } } return overlappingGroups.build(); } finally { result.close(); } }