From 3baf51d440cbc04999a092c478c00f0febe7011a Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Thu, 3 Jan 2013 20:50:23 +0000 Subject: [PATCH] baseDn can be different from groups dn git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1428586 13f79535-47bb-0310-9956-ffa450edef68 --- .../rbac/ldap/DefaultLdapRoleMapper.java | 90 +++++++++++++++++++ .../resources/META-INF/spring-context.xml | 79 ---------------- .../redback/rbac/ldap/TestLdapRoleMapper.java | 19 +++- .../src/test/resources/spring-context.xml | 88 ++++++++++++++++++ 4 files changed, 195 insertions(+), 81 deletions(-) diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java index ba2e1531..097136d5 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java @@ -69,12 +69,16 @@ public class DefaultLdapRoleMapper private String groupsDn; + private String baseDn; + @PostConstruct public void initialize() { this.ldapGroupClass = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass ); this.groupsDn = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn ); + + this.baseDn = userConf.getString( UserConfigurationKeys.LDAP_BASEDN, this.baseDn ); } public String getLdapGroup( String role ) @@ -225,6 +229,7 @@ public class DefaultLdapRoleMapper throws MappingException { // TODO caching and a filter with uid + List allGroups = getAllGroups(); List userGroups = new ArrayList(); for ( String group : allGroups ) @@ -236,6 +241,81 @@ public class DefaultLdapRoleMapper } } return userGroups; + /* + List userGroups = new ArrayList(); + + LdapConnection ldapConnection = null; + + NamingEnumeration namingEnumeration = null; + try + { + ldapConnection = ldapConnectionFactory.getConnection(); + + DirContext context = ldapConnection.getDirContext(); + + SearchControls searchControls = new SearchControls(); + + searchControls.setDerefLinkFlag( true ); + searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); + + //String filter = + // "(&(objectClass=" + getLdapGroupClass() + ") (uniquemember=uid" + username + "," + this.getGroupsDn() + // + "))"; + + String filter = + new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" ).append( + "(uniquemember=" ).append( "uid=" + username + "," + this.getBaseDn() ).append( ")" ).append( + ")" ).toString(); + + namingEnumeration = context.search( getGroupsDn(), filter, searchControls ); + + List allMembers = new ArrayList(); + + while ( namingEnumeration.hasMore() ) + { + SearchResult searchResult = namingEnumeration.next(); + + Attribute uniqueMemberAttr = searchResult.getAttributes().get( "uniquemember" ); + + if ( uniqueMemberAttr != null ) + { + NamingEnumeration allMembersEnum = (NamingEnumeration) uniqueMemberAttr.getAll(); + while ( allMembersEnum.hasMore() ) + { + String userName = allMembersEnum.next(); + // uid=blabla we only want bla bla + userName = StringUtils.substringAfter( userName, "=" ); + userName = StringUtils.substringBefore( userName, "," ); + //log.debug( "found group for username {}: '{}", group, userName ); + + allMembers.add( userName ); + } + close( allMembersEnum ); + } + + + } + + return userGroups; + } + catch ( LdapException e ) + { + throw new MappingException( e.getMessage(), e ); + } + catch ( NamingException e ) + { + throw new MappingException( e.getMessage(), e ); + } + + finally + { + if ( ldapConnection != null ) + { + ldapConnection.close(); + } + close( namingEnumeration ); + } + */ } private void close( NamingEnumeration namingEnumeration ) @@ -303,4 +383,14 @@ public class DefaultLdapRoleMapper { this.ldapConnectionFactory = ldapConnectionFactory; } + + public String getBaseDn() + { + return baseDn; + } + + public void setBaseDn( String baseDn ) + { + this.baseDn = baseDn; + } } diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml index dc93717d..411dd240 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml @@ -31,85 +31,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java index cea6565c..fb7cc423 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java @@ -37,6 +37,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import javax.inject.Inject; import javax.inject.Named; +import javax.naming.NameClassPair; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -110,15 +111,27 @@ public class TestLdapRoleMapper passwordEncoder = new SHA1PasswordEncoder(); - groupSuffix = "dc=archiva,dc=apache,dc=org"; + groupSuffix = apacheDs.addSimplePartition( "test", new String[]{ "archiva", "apache", "org" } ).getSuffix(); + log.info( "groupSuffix: {}", groupSuffix ); - suffix = apacheDs.addSimplePartition( "test", new String[]{ "archiva", "apache", "org" } ).getSuffix(); + suffix = "ou=People,dc=archiva,dc=apache,dc=org"; log.info( "DN Suffix: {}", suffix ); apacheDs.startServer(); + BasicAttribute objectClass = new BasicAttribute( "objectClass" ); + objectClass.add( "top" ); + objectClass.add( "organizationalUnit" ); + + Attributes attributes = new BasicAttributes( true ); + attributes.put( objectClass ); + attributes.put( "organizationalUnitName", "foo" ); + //attributes.put( "ou", "People" ); + + apacheDs.getAdminContext().createSubcontext( suffix, attributes ); + clearManyUsers(); makeUsers(); @@ -145,6 +158,8 @@ public class TestLdapRoleMapper context.unbind( createGroupDn( group.getKey() ) ); } + context.unbind( suffix ); + apacheDs.stopServer(); super.tearDown(); diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml index 1540d7b3..4f2d0d65 100755 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml @@ -54,8 +54,96 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file