@Override public boolean process(SearchResult record) throws NamingException { result.add(record.getNameInNamespace()); return true; } });
/** * convert search result into URI * * @param result * search result to convert to URI */ protected String toUUID(SearchResult result) { String uuid = result.getNameInNamespace(); LOG.debug("retrieved UUID from SearchResult [{}]", uuid); return uuid; }
void getGroupNames(SearchResult groupResult, Collection<String> groups, Collection<String> groupDNs, boolean doGetDNs) throws NamingException { Attribute groupName = groupResult.getAttributes().get(groupNameAttr); if (groupName == null) { throw new NamingException("The group object does not have " + "attribute '" + groupNameAttr + "'."); } groups.add(groupName.get().toString()); if (doGetDNs) { groupDNs.add(groupResult.getNameInNamespace()); } }
@Override public boolean process(SearchResult record) throws NamingException { result.add(record.getNameInNamespace()); NamingEnumeration<? extends Attribute> allAttributes = record.getAttributes().getAll(); while(allAttributes.hasMore()) { Attribute attribute = allAttributes.next(); addAllAttributeValuesToResult(attribute.getAll()); } return true; }
@Override public boolean process(SearchResult record) throws NamingException { actual.add(record.getNameInNamespace()); return actual.size() < 2; } });
private void forEachAttributeValue(SearchResult entry, String attrId, Consumer<String> action) { NamingEnumeration<?> attributesEnum = null; try { Attribute attribute = entry.getAttributes().get(attrId); if (attribute == null) return; attributesEnum = attribute.getAll(); Collections.list(attributesEnum).stream().map(Object::toString).forEach(action); } catch (NamingException e) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(entry.getNameInNamespace(), e); } finally { if (attributesEnum != null) { try { attributesEnum.close(); } catch (NamingException e) { log.trace("Unable to close attributesEnum", e); } } } }
/** * Processes results from a directory query in the context of a given destination type and permission type. This * implementation should not be invoked concurrently. * * @param results * the results to process * @param destinationType * the type of the destination for which the directory results apply * @param permissionType * the type of the permission for which the directory results apply * * @throws Exception * if there is an error processing the results */ protected void processQueryResults(DefaultAuthorizationMap map, NamingEnumeration<SearchResult> results, DestinationType destinationType, PermissionType permissionType) throws Exception { while (results.hasMore()) { SearchResult result = results.next(); AuthorizationEntry entry = null; try { entry = getEntry(map, new LdapName(result.getNameInNamespace()), destinationType); } catch (Exception e) { LOG.error("Policy not applied! Error parsing authorization policy entry under {}", result.getNameInNamespace(), e); continue; } applyACL(entry, result, permissionType); } }
public static SearchResult mockSearchResult(String dn, Attributes attributes) { SearchResult searchResult = mock(SearchResult.class); when(searchResult.getNameInNamespace()).thenReturn(dn); when(searchResult.getAttributes()).thenReturn(attributes); return searchResult; }
private Map<String, Collection<String>> extractSimpleAttributes(SearchResult identityEntry) { if (identityEntry == null) return Collections.emptyMap(); return extractAttributes(mapping -> !mapping.isFilteredOrReference(), mapping -> { Collection<String> identityAttributeValues = new ArrayList<>(); try { valuesFromAttribute(identityEntry, mapping, identityAttributeValues); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(identityEntry.getNameInNamespace(), cause); } return identityAttributeValues; }); }
private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
public boolean login(String username, String password) { try { SearchResult ldapUser = lookupUser(username); if (ldapUser != null) { auth(ldapUser.getNameInNamespace(), password).close(); return true; } } catch (NamingException e) { return false; } return false; }
String value = entry.getNameInNamespace(); if (mapping.getRdn() != null) { value = extractRdn(mapping, value);
private void extractFilteredAttributesFromSearch(LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel) { String referencedDn = referencedEntry != null ? referencedEntry.getNameInNamespace() : null; Set<String> attributes = new HashSet<>(); attributes.add(mapping.getLdapName()); attributes.add(mapping.getReference()); attributes.add(mapping.getRoleRecursionName()); search.setReturningAttributes(attributes); try (Stream<SearchResult> entries = search.search(mapping.searchInIdentityContext() ? identityContext : context)) { entries.forEach(entry -> { try { if (valuesFromAttribute(entry, mapping, identityAttributeValues)) { toSearchInNextLevel.add(entry); } } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }
@Override public List<String> getGroupsForUser(String userId) { String roleContext = getConfigProperty(USER_ROLES_CTX, getConfigProperty(ROLE_CTX)); String roleFilter = getConfigProperty(USER_ROLES_FILTER); String roleAttributeId = getConfigProperty(ROLE_ATTR_ID, DEFAULT_ROLE_ATTR_ID); String userDn = userId; if (!isUserIdDn()) { String userContext = getConfigProperty(USER_CTX); String userFilter = getConfigProperty(USER_FILTER); SearchResult searchResult = ldapSearcher.search(userContext, userFilter, userId).getSingleSearchResult(); userDn = searchResult.getNameInNamespace(); } List<String> result = ldapSearcher.search(roleContext, roleFilter, userDn).getAttributeResults(roleAttributeId); return result.stream().map(r-> unescapeIllegalChars(r)).collect(Collectors.toList()); }
@Override public void engineDeleteEntry(String alias) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); if (result == null) { throw log.ldapKeyStoreFailedToDeleteNonExisting(alias); } context.destroySubcontext(result.getNameInNamespace()); } catch (NamingException e) { throw log.ldapKeyStoreFailedToDelete(alias, e); } finally { returnDirContext(context); } }
@Override public String getEntityForEmail(String email) { String context = getConfigProperty(USER_CTX); String filter = getConfigProperty(EMAIL_FILTER); String attributeId = getConfigProperty(USER_ATTR_ID, DEFAULT_USER_ATTR_ID); LdapSearcher searcher = ldapSearcher.search(context, filter, email); if (searcher.getSearchResults().isEmpty()) { return null; } if (isEntityIdDn()) { return searcher.getSingleSearchResult().getNameInNamespace(); } return searcher.getSingleAttributeResult(attributeId); }
private LdapIdentity getIdentity(DirContext dirContext, Collection<String> returningAttributes, Collection<String> binaryAttributes) throws RealmUnavailableException { log.debugf("Trying to create identity for principal [%s].", name); LdapSearch ldapSearch = createLdapSearchByDn(); if (ldapSearch == null) { // name is not a valid DN, search by name if (identityMapping.searchDn != null) { ldapSearch = new LdapSearch(identityMapping.searchDn, identityMapping.searchRecursive, 0, identityMapping.filterName, name); } else { log.debugf("Identity for principal [%s] not found. The name is not a valid DN and the search base DN is null", name); return null; } } ldapSearch.setReturningAttributes(returningAttributes); ldapSearch.setBinaryAttributes(binaryAttributes); final LdapSearch ldapSearchFinal = ldapSearch; try (Stream<SearchResult> resultsStream = ldapSearch.search(dirContext)) { SearchResult result = resultsStream.findFirst().orElse(null); if (result != null) { LdapIdentity identity = new LdapIdentity(name, ldapSearchFinal.getContext(), result.getNameInNamespace(), result.isRelative() ? null : result.getName(), result); log.debugf("Identity for principal [%s] found at [%s].", name, identity.getDistinguishedName()); return identity; } else { log.debugf("Identity for principal [%s] not found.", name); return null; } } }
List<SearchResult> toSearchInNextLevel = new LinkedList<>(); for(SearchResult entry : toSearch) { final String entryDn = entry != null ? entry.getNameInNamespace() : null; if (mapping.getReference() != null && entry != null) { // reference forEachAttributeValue(entry, mapping.getReference(), value -> {
private void storeAttributes(String alias, List<ModificationItem> items) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); LdapName distinguishName; if (result == null) { // alias not exists yet - create if (createPath == null || createAttributes == null || createRdn == null) throw log.creationNotConfigured(alias); distinguishName = (LdapName) createPath.clone(); distinguishName.add(new Rdn(createRdn, alias)); log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", alias, distinguishName.toString()); context.createSubcontext(distinguishName, createAttributes); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(aliasAttribute, alias))); } else { distinguishName = new LdapName(result.getNameInNamespace()); } context.modifyAttributes(distinguishName, items.toArray(new ModificationItem[items.size()])); } catch (NamingException e) { throw log.ldapKeyStoreFailedToStore(alias, e); } finally { returnDirContext(context); } }
SearchResult searchResult = getSearchResult().next(); Attributes results = searchResult.getAttributes(); results.put( "dn", searchResult.getNameInNamespace() ); return results; } catch ( Exception e ) {