List<String> getRoles() throws LDAPException { final SearchRequest searchRequest = new SearchRequest( roleBaseDN, ONE, "(uniqueMember=" + userDN + ")", CN); final SearchResult searchResult = ldapInterface.search(searchRequest); return searchResult.getSearchEntries() .stream() .flatMap(entry -> stream(entry.getAttributeValues("CN"))) .collect(toList()); }
private List<NamedRoleInfo> getRoles(SearchResultEntry entry) { List<NamedRoleInfo> auths = new ArrayList<NamedRoleInfo>(); if (null != defaultRole) { NamedRoleInfo defaultAuthority = new NamedRoleInfo(); defaultAuthority.setName(DEFAULT_ROLE_NAME); defaultAuthority.setAuthorizations(defaultRole); auths.add(defaultAuthority); } String[] attributes = entry.getAttributeValues(rolesAttribute); if (null != attributes) { for (String attr : attributes) { List<NamedRoleInfo> auth = namedRoles.get(attr); if (auth != null) { auths.addAll(auth); } } } return auths; }
/** * Verify that the entry identified by {@code dn} has an attribute named {@code attributeName} with * the attribute value(s) {@code attributeName}. * * @param dn The distinguished name. * @param attributeName The attribute name. * @param attributeValue The attribute value(s). * @return {@code true} if an antry identified by {@code dn} exists with an an attribute named {@code attributeName} * that has value(s) {@code attributeValue}. Otherwise, {@code false} is returned. */ public boolean verifyDNHasAttributeValue(final String dn, final String attributeName, final String... attributeValue) { try { final SearchResultEntry entry = connection.getEntry(dn, attributeName); if (entry != null && entry.hasAttribute(attributeName)) { final Set<String> expectedValues = new HashSet<String>(Arrays.asList(attributeValue)); final Set<String> actualValues = new HashSet<String>(Arrays.asList(entry.getAttributeValues(attributeName))); if (actualValues.containsAll(expectedValues)) { actualValues.removeAll(expectedValues); if (actualValues.size() == 0) { return true; } } } } catch (final LDAPException e) { throw new DirectoryTesterException("Error communicating with LDAP directory server", e); } return false; }
} else { for(SearchResultEntry searchResultEntry : searchResultEntries) { String[] groups = searchResultEntry.getAttributeValues("memberOf"); if(null != groups) { for(String group : groups) {
} else { for(SearchResultEntry searchResultEntry : searchResultEntries) { String[] groups = searchResultEntry.getAttributeValues("memberOf"); if(null != groups) { for(String group : groups) {
/** * Verify that the entry identified by {@code dn} is of type {@code objectclass}. * * @param dn The distinguished name. * @param objectclass The type name. * @return {@code true} if an entry identified by {@code dn} exists and has attribute named {@code objectclass}. * Otherwise, {@code false} is returned. */ public boolean verifyDNIsA(final String dn, final String objectclass) { try { final SearchResultEntry entry = connection.getEntry(dn, "objectclass"); return entry != null && entry.hasAttribute("objectclass") && arrayContains(entry.getAttributeValues("objectclass"), objectclass); } catch (final LDAPException e) { throw new DirectoryTesterException("Error communicating with LDAP directory server", e); } }
private LdapAccount accountFromEntry(SearchResultEntry entry) { LdapAccount account = new LdapAccount(); account.setUsername(entry.getAttributeValue("uid")); String[] emails = entry.getAttributeValues("mail"); account.setEmails(emails != null ? new HashSet<>(Arrays.asList(emails)) : Collections.emptySet()); account.setGivenName(entry.getAttributeValue("givenName")); account.setFamilyName(entry.getAttributeValue("sn")); account.setSubject(entry.getAttributeValue("employeeNumber")); account.setName(entry.getAttributeValue("cn")); account.setRole(LdapAccount.Role.valueOf(entry.getAttributeValue("employeeType"))); return account; } }
@Override public Map<String, LdapGroup> getAccountGroups(String accountDN) throws LdapSystemException { Map<String, LdapGroup> result = new HashMap<>(); try (LDAPConnection conn = ldapPool.getConnection()) { String baseDN = config.getLdapGroupsBaseDN(); log.info("Group base DN: " + baseDN); Filter filter = Filter.createANDFilter( Filter.createEqualityFilter("objectClass", config.getLdapGroupsObjectClass()), Filter.createEqualityFilter(config.getLdapGroupsMemberAttr(), accountDN)); SearchResult searchResult = conn.search(baseDN, SUB, filter, GROUP_NAME_ATTR, config.getLdapGroupsMemberAttr(), GROUP_DESC_ATTR); for (SearchResultEntry entry : searchResult.getSearchEntries()) { String dn = entry.getDN(); String name = entry.getAttributeValue(GROUP_NAME_ATTR); String description = entry.getAttributeValue(GROUP_DESC_ATTR); Set<String> members = new HashSet<>(Arrays.asList(entry.getAttributeValues(config.getLdapGroupsMemberAttr()))); result.put(dn, new LdapGroup(name, dn, description, members)); } } catch (LDAPException e) { throw new LdapSystemException(e); } return result; }
/** * Read group from LDAP. If there is no group it returns NULL. * * @param groupName name of gruop * @param conn ldap connection * @return LDAP group or null if there is no group * @throws LDAPException */ protected LdapGroup getGroup(String groupName, LDAPConnection conn) throws LdapSystemException { try { LdapGroup result = null; String baseDN = config.getLdapGroupsBaseDN(); Filter groupFilter = Filter.createEqualityFilter(GROUP_NAME_ATTR, groupName); SearchResultEntry entry = conn.searchForEntry(baseDN, ONE, groupFilter, GROUP_NAME_ATTR, config.getLdapGroupsMemberAttr(), GROUP_DESC_ATTR); if (entry != null) { String dn = entry.getDN(); String name = entry.getAttributeValue(GROUP_NAME_ATTR); String description = entry.getAttributeValue(GROUP_DESC_ATTR); Set<String> members = new HashSet<>(Arrays.asList(entry.getAttributeValues(config.getLdapGroupsMemberAttr()))); result = new LdapGroup(name, dn, description, members); } return result; } catch (LDAPException e) { throw new LdapSystemException(e); } }