Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[MRM-2008] Fix for group names with slashes 

Changing the group name retrieval to attribute read. Using CompositeName and
LdapName to retrieve the result. Slashes are treated special in JNDI.
This commit is contained in:
Martin Stockhammer 2020-01-24 21:58:09 +01:00
parent cd9334ce74
commit 4a98784031
5 changed files with 275 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUtils.java
View File

@ -19,10 +19,14 @@ package org.apache.archiva.redback.common.ldap;
* under the License. * under the License.
*/ */
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration; import javax.naming.NamingEnumeration;
import javax.naming.NamingException; import javax.naming.NamingException;
import javax.naming.directory.Attribute; import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes; import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
/** /**
* *
@ -129,4 +133,43 @@ public final class LdapUtils
return null; return null;
} }
/**
* Returns a LDAP name from a given RDN string. The <code>name</code> parameter must be a string
* representation of a composite name (as returned by ldapsearch result getName())
* @param name The string of the RDN (may be escaped)
* @return The LdapName that corresponds to this string
* @throws InvalidNameException If the string cannot be parsed as LDAP name
*/
public static LdapName getLdapNameFromString(final String name) throws InvalidNameException
{
CompositeName coName = new CompositeName( name );
LdapName ldapName = new LdapName( "" );
ldapName.addAll( coName );
return ldapName;
}
/**
* Returns the first RDN value that matches the given type.
* E.g. for the RDN ou=People,dc=test,dc=de, and type dc it will return 'test'.
*
* @param name the ldap name
* @param type the type of the RDN entry
* @return
*/
public static String findFirstRdnValue(LdapName name, String type) {
for ( Rdn rdn : name.getRdns() )
{
if ( rdn.getType( ).equals( type ) )
{
Object val = rdn.getValue( );
if (val!=null) {
return val.toString( );
} else {
return "";
}
}
}
return "";
}
} }

374
redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
View File

@ -48,6 +48,7 @@ import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem; import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls; import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult; import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn; import javax.naming.ldap.Rdn;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
@ -66,7 +67,7 @@ public class DefaultLdapRoleMapper
implements LdapRoleMapper implements LdapRoleMapper
{ {
private Logger log = LoggerFactory.getLogger( getClass() ); private Logger log = LoggerFactory.getLogger( getClass( ) );
@Inject @Inject
@Named( value = "ldapConnectionFactory#configurable" ) @Named( value = "ldapConnectionFactory#configurable" )
@ -96,7 +97,7 @@ public class DefaultLdapRoleMapper
private String baseDn; private String baseDn;
private String ldapGroupMember = "uniqueMember"; private String ldapGroupMemberAttribute = "uniqueMember";
private boolean useDefaultRoleName = false; private boolean useDefaultRoleName = false;
@ -106,13 +107,28 @@ public class DefaultLdapRoleMapper
* possible to user cn=beer or uid=beer or sn=beer etc * possible to user cn=beer or uid=beer or sn=beer etc
* so make it configurable * so make it configurable
*/ */
private String userIdAttribute = "uid"; public static String DEFAULT_USER_ID_ATTRIBUTE = "uid";
private String userIdAttribute = DEFAULT_USER_ID_ATTRIBUTE;
public static String DEFAULT_GROUP_NAME_ATTRIBUTE = "cn";
private String groupNameAttribute = DEFAULT_GROUP_NAME_ATTRIBUTE;
// True, if the member attribute stores the DN, otherwise the userkey is used as entry value
private boolean useDnAsMemberValue = true;
private static final String POSIX_GROUP = "posixGroup";
@PostConstruct @PostConstruct
public void initialize() public void initialize( )
{ {
this.ldapGroupClass = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass ); this.ldapGroupClass = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass );
if (StringUtils.equalsIgnoreCase( POSIX_GROUP, this.ldapGroupClass )) {
this.useDnAsMemberValue = false;
}
this.useDnAsMemberValue = userConf.getBoolean( UserConfigurationKeys.LDAP_GROUPS_USE_DN_AS_MEMBER_VALUE, this.useDnAsMemberValue );
this.baseDn = userConf.getConcatenatedList( UserConfigurationKeys.LDAP_BASEDN, this.baseDn ); this.baseDn = userConf.getConcatenatedList( UserConfigurationKeys.LDAP_BASEDN, this.baseDn );
this.groupsDn = userConf.getConcatenatedList( UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn ); this.groupsDn = userConf.getConcatenatedList( UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn );
@ -127,11 +143,30 @@ public class DefaultLdapRoleMapper
this.useDefaultRoleName = this.useDefaultRoleName =
userConf.getBoolean( UserConfigurationKeys.LDAP_GROUPS_USE_ROLENAME, this.useDefaultRoleName ); userConf.getBoolean( UserConfigurationKeys.LDAP_GROUPS_USE_ROLENAME, this.useDefaultRoleName );
this.userIdAttribute = userConf.getString( UserConfigurationKeys.LDAP_USER_ID_ATTRIBUTE, this.userIdAttribute ); this.userIdAttribute = userConf.getString( UserConfigurationKeys.LDAP_USER_ID_ATTRIBUTE, DEFAULT_USER_ID_ATTRIBUTE );
this.ldapGroupMember = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_MEMBER, this.ldapGroupMember ); this.ldapGroupMemberAttribute = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_MEMBER, this.ldapGroupMemberAttribute );
this.dnAttr = userConf.getString( UserConfigurationKeys.LDAP_DN_ATTRIBUTE, this.dnAttr ); this.dnAttr = userConf.getString( UserConfigurationKeys.LDAP_DN_ATTRIBUTE, this.dnAttr );
this.groupNameAttribute = userConf.getString( UserConfigurationKeys.LDAP_GROUP_NAME_ATTRIBUTE, DEFAULT_GROUP_NAME_ATTRIBUTE );
}
private String getGroupNameFromResult( SearchResult searchResult ) throws NamingException
{
Attribute gNameAtt = searchResult.getAttributes( ).get( groupNameAttribute );
if ( gNameAtt != null )
{
return gNameAtt.get( ).toString( );
}
else
{
log.error( "Could not get group name from attribute {}. Group DN: {}", groupNameAttribute, searchResult.getNameInNamespace( ) );
return "";
}
} }
public List<String> getAllGroups( DirContext context ) public List<String> getAllGroups( DirContext context )
@ -142,45 +177,43 @@ public class DefaultLdapRoleMapper
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
searchControls.setReturningAttributes( new String[]{ this.getLdapDnAttribute(), "objectClass", groupNameAttribute} );
String filter = "objectClass=" + getLdapGroupClass(); String filter = "objectClass=" + getLdapGroupClass( );
if ( !StringUtils.isEmpty( this.groupFilter ) ) if ( !StringUtils.isEmpty( this.groupFilter ) )
{ {
filter = "(&(" + filter + ")(" + this.groupFilter + "))"; filter = "(&(" + filter + ")(" + this.groupFilter + "))";
} }
namingEnumeration = context.search( getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( getGroupsDn( ), filter, searchControls );
List<String> allGroups = new ArrayList<String>(); List<String> allGroups = new ArrayList<String>( );
while ( namingEnumeration.hasMore() ) while ( namingEnumeration.hasMore( ) )
{ {
SearchResult searchResult = namingEnumeration.next(); SearchResult searchResult = namingEnumeration.next( );
String groupName = getGroupNameFromResult( searchResult );
String groupName = searchResult.getName(); if ( StringUtils.isNotEmpty( groupName ) )
// cn=blabla we only want bla bla {
groupName = StringUtils.substringAfter( groupName, "=" ); log.debug( "Found groupName: '{}", groupName );
allGroups.add( groupName );
log.debug( "found groupName: '{}", groupName ); }
allGroups.add( groupName );
} }
return allGroups; return allGroups;
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
@ -195,7 +228,7 @@ public class DefaultLdapRoleMapper
{ {
try try
{ {
namingEnumeration.close(); namingEnumeration.close( );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
@ -225,16 +258,16 @@ public class DefaultLdapRoleMapper
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String filter = "objectClass=" + getLdapGroupClass(); String filter = "objectClass=" + getLdapGroupClass( );
namingEnumeration = context.search( "cn=" + groupName + "," + getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), filter, searchControls );
return namingEnumeration.hasMore(); return namingEnumeration.hasMore( );
} }
catch ( NameNotFoundException e ) catch ( NameNotFoundException e )
{ {
@ -243,11 +276,11 @@ public class DefaultLdapRoleMapper
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
@ -261,14 +294,14 @@ public class DefaultLdapRoleMapper
{ {
List<String> groups = getAllGroups( context ); List<String> groups = getAllGroups( context );
if ( groups.isEmpty() ) if ( groups.isEmpty( ) )
{ {
return Collections.emptyList(); return Collections.emptyList( );
} }
Set<String> roles = new HashSet<String>( groups.size() ); Set<String> roles = new HashSet<String>( groups.size( ) );
Map<String, Collection<String>> mapping = ldapRoleMapperConfiguration.getLdapGroupMappings(); Map<String, Collection<String>> mapping = ldapRoleMapperConfiguration.getLdapGroupMappings( );
for ( String group : groups ) for ( String group : groups )
{ {
@ -293,30 +326,29 @@ public class DefaultLdapRoleMapper
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String filter = "objectClass=" + getLdapGroupClass(); String filter = "objectClass=" + getLdapGroupClass( );
namingEnumeration = context.search( "cn=" + group + "," + getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( groupNameAttribute + "=" + group + "," + getGroupsDn( ), filter, searchControls );
List<String> allMembers = new ArrayList<String>(); List<String> allMembers = new ArrayList<String>( );
while ( namingEnumeration.hasMore() ) while ( namingEnumeration.hasMore( ) )
{ {
SearchResult searchResult = namingEnumeration.next(); SearchResult searchResult = namingEnumeration.next( );
Attribute uniqueMemberAttr = searchResult.getAttributes().get( getLdapGroupMember() ); Attribute uniqueMemberAttr = searchResult.getAttributes( ).get( getLdapGroupMemberAttribute( ) );
if ( uniqueMemberAttr != null ) if ( uniqueMemberAttr != null )
{ {
NamingEnumeration<String> allMembersEnum = (NamingEnumeration<String>) uniqueMemberAttr.getAll(); NamingEnumeration<?> allMembersEnum = uniqueMemberAttr.getAll( );
while ( allMembersEnum.hasMore() ) while ( allMembersEnum.hasMore( ) )
{ {
String userName = allMembersEnum.next(); String userName = allMembersEnum.next( ).toString( );
// uid=blabla we only want bla bla
userName = StringUtils.substringAfter( userName, "=" ); userName = StringUtils.substringAfter( userName, "=" );
userName = StringUtils.substringBefore( userName, "," ); userName = StringUtils.substringBefore( userName, "," );
log.debug( "found userName for group {}: '{}", group, userName ); log.debug( "found userName for group {}: '{}", group, userName );
@ -333,11 +365,11 @@ public class DefaultLdapRoleMapper
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
@ -346,32 +378,39 @@ public class DefaultLdapRoleMapper
} }
} }
private String getUserDnFromId(String userKey) {
return new StringBuilder().append( this.userIdAttribute ).append( "=" ).append( userKey ).append( "," ).append(
getBaseDn( ) ).toString();
}
public List<String> getGroups( String username, DirContext context ) public List<String> getGroups( String username, DirContext context )
throws MappingException throws MappingException
{ {
List<String> userGroups = new ArrayList<String>(); Set<String> userGroups = new HashSet<String>( );
NamingEnumeration<SearchResult> namingEnumeration = null; NamingEnumeration<SearchResult> namingEnumeration = null;
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String groupEntry = null; String groupEntry = null;
try try
{ {
//try to look the user up //try to look the user up
User user = userManager.findUser( username ); User user = userManager.findUser( username );
if ( user instanceof LdapUser ) if ( user != null && user instanceof LdapUser )
{ {
LdapUser ldapUser = LdapUser.class.cast( user ); LdapUser ldapUser = (LdapUser) user ;
Attribute dnAttribute = ldapUser.getOriginalAttributes().get( getLdapDnAttribute() ); Attribute dnAttribute = ldapUser.getOriginalAttributes( ).get( getLdapDnAttribute( ) );
if ( dnAttribute != null ) if ( dnAttribute != null )
{ {
groupEntry = String.class.cast( dnAttribute.get() ); groupEntry = dnAttribute.get( ).toString();
} }
} }
@ -387,82 +426,47 @@ public class DefaultLdapRoleMapper
if ( groupEntry == null ) if ( groupEntry == null )
{ {
//failed to look up the user's groupEntry directly //failed to look up the user's groupEntry directly
StringBuilder builder = new StringBuilder();
String posixGroup = "posixGroup"; if ( this.useDnAsMemberValue )
if ( posixGroup.equals( getLdapGroupClass() ) )
{ {
builder.append( username ); groupEntry = getUserDnFromId( username );
} }
else else
{ {
builder.append( this.userIdAttribute ).append( "=" ).append( username ).append( "," ).append( groupEntry = username;
getBaseDn() );
} }
groupEntry = builder.toString();
} }
String filter = String filter =
new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" ).append( new StringBuilder( ).append( "(&" ).append( "(objectClass=" + getLdapGroupClass( ) + ")" ).append(
"(" ).append( getLdapGroupMember() ).append( "=" ).append( Rdn.escapeValue(groupEntry) ).append( ")" ).append( "(" ).append( getLdapGroupMemberAttribute( ) ).append( "=" ).append( Rdn.escapeValue( groupEntry ) ).append( ")" ).append(
")" ).toString(); ")" ).toString( );
log.debug( "filter: {}", filter ); log.debug( "filter: {}", filter );
namingEnumeration = context.search( getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( getGroupsDn( ), filter, searchControls );
while ( namingEnumeration.hasMore() ) while ( namingEnumeration.hasMore( ) )
{ {
SearchResult searchResult = namingEnumeration.next(); SearchResult groupSearchResult = namingEnumeration.next( );
String groupName = getGroupNameFromResult( groupSearchResult );
List<String> allMembers = new ArrayList<String>(); if (StringUtils.isNotEmpty( groupName )) {
Attribute uniqueMemberAttr = searchResult.getAttributes().get( getLdapGroupMember() );
if ( uniqueMemberAttr != null )
{
NamingEnumeration<String> allMembersEnum = (NamingEnumeration<String>) uniqueMemberAttr.getAll();
while ( allMembersEnum.hasMore() )
{
String userName = allMembersEnum.next();
//the original dn
allMembers.add( userName );
// uid=blabla we only want bla bla
userName = StringUtils.substringAfter( userName, "=" );
userName = StringUtils.substringBefore( userName, "," );
allMembers.add( userName );
}
close( allMembersEnum );
}
if ( allMembers.contains( username ) )
{
String groupName = searchResult.getName();
// cn=blabla we only want bla bla
groupName = StringUtils.substringAfter( groupName, "=" );
userGroups.add( groupName );
}
else if ( allMembers.contains( groupEntry ) )
{
String groupName = searchResult.getName();
// cn=blabla we only want bla bla
groupName = StringUtils.substringAfter( groupName, "=" );
userGroups.add( groupName ); userGroups.add( groupName );
} }
} }
return userGroups; return new ArrayList( userGroups );
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
{ {
@ -475,9 +479,9 @@ public class DefaultLdapRoleMapper
{ {
List<String> groups = getGroups( username, context ); List<String> groups = getGroups( username, context );
Map<String, Collection<String>> rolesMapping = ldapRoleMapperConfiguration.getLdapGroupMappings(); Map<String, Collection<String>> rolesMapping = ldapRoleMapperConfiguration.getLdapGroupMappings( );
Set<String> roles = new HashSet<String>( groups.size() ); Set<String> roles = new HashSet<String>( groups.size( ) );
for ( String group : groups ) for ( String group : groups )
{ {
@ -504,26 +508,26 @@ public class DefaultLdapRoleMapper
{ {
try try
{ {
namingEnumeration.close(); namingEnumeration.close( );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
log.warn( "fail to close namingEnumeration: {}", e.getMessage() ); log.warn( "fail to close namingEnumeration: {}", e.getMessage( ) );
} }
} }
} }
public String getGroupsDn() public String getGroupsDn( )
{ {
return this.groupsDn; return this.groupsDn;
} }
public String getLdapGroupClass() public String getLdapGroupClass( )
{ {
return this.ldapGroupClass; return this.ldapGroupClass;
} }
public String getLdapDnAttribute() public String getLdapDnAttribute( )
{ {
return this.dnAttr; return this.dnAttr;
} }
@ -564,16 +568,16 @@ public class DefaultLdapRoleMapper
objectClass.add( "top" ); objectClass.add( "top" );
objectClass.add( "groupOfUniqueNames" ); objectClass.add( "groupOfUniqueNames" );
attributes.put( objectClass ); attributes.put( objectClass );
attributes.put( "cn", groupName ); attributes.put( this.groupNameAttribute, groupName );
// attribute mandatory when created a group so add admin as default member // attribute mandatory when created a group so add admin as default member
BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() ); BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMemberAttribute( ) );
basicAttribute.add( this.userIdAttribute + "=admin," + getBaseDn() ); basicAttribute.add( this.userIdAttribute + "=admin," + getBaseDn( ) );
attributes.put( basicAttribute ); attributes.put( basicAttribute );
try try
{ {
String dn = "cn=" + groupName + "," + this.groupsDn; String dn = this.groupNameAttribute + "=" + groupName + "," + this.groupsDn;
context.createSubcontext( dn, attributes ); context.createSubcontext( dn, attributes );
@ -588,12 +592,12 @@ public class DefaultLdapRoleMapper
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
} }
@ -612,31 +616,31 @@ public class DefaultLdapRoleMapper
NamingEnumeration<SearchResult> namingEnumeration = null; NamingEnumeration<SearchResult> namingEnumeration = null;
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String filter = "objectClass=" + getLdapGroupClass(); String filter = "objectClass=" + getLdapGroupClass( );
namingEnumeration = context.search( "cn=" + groupName + "," + getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( this.groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), filter, searchControls );
while ( namingEnumeration.hasMore() ) if ( namingEnumeration.hasMore() )
{ {
SearchResult searchResult = namingEnumeration.next(); SearchResult searchResult = namingEnumeration.next( );
Attribute attribute = searchResult.getAttributes().get( getLdapGroupMember() ); Attribute attribute = searchResult.getAttributes( ).get( getLdapGroupMemberAttribute( ) );
if ( attribute == null ) if ( attribute == null )
{ {
BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() ); BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMemberAttribute( ) );
basicAttribute.add( this.userIdAttribute + "=" + username + "," + getBaseDn() ); basicAttribute.add( this.userIdAttribute + "=" + username + "," + getBaseDn( ) );
context.modifyAttributes( "cn=" + groupName + "," + getGroupsDn(), new ModificationItem[]{ context.modifyAttributes( this.groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), new ModificationItem[]{
new ModificationItem( DirContext.ADD_ATTRIBUTE, basicAttribute ) } ); new ModificationItem( DirContext.ADD_ATTRIBUTE, basicAttribute )} );
} }
else else
{ {
attribute.add( this.userIdAttribute + "=" + username + "," + getBaseDn() ); attribute.add( this.userIdAttribute + "=" + username + "," + getBaseDn( ) );
context.modifyAttributes( "cn=" + groupName + "," + getGroupsDn(), new ModificationItem[]{ context.modifyAttributes( this.groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), new ModificationItem[]{
new ModificationItem( DirContext.REPLACE_ATTRIBUTE, attribute ) } ); new ModificationItem( DirContext.REPLACE_ATTRIBUTE, attribute )} );
} }
return true; return true;
} }
@ -645,11 +649,11 @@ public class DefaultLdapRoleMapper
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
@ -658,7 +662,7 @@ public class DefaultLdapRoleMapper
{ {
try try
{ {
namingEnumeration.close(); namingEnumeration.close( );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
@ -683,25 +687,25 @@ public class DefaultLdapRoleMapper
try try
{ {
SearchControls searchControls = new SearchControls(); SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true ); searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String filter = "objectClass=" + getLdapGroupClass(); String filter = "objectClass=" + getLdapGroupClass( );
namingEnumeration = context.search( "cn=" + groupName + "," + getGroupsDn(), filter, searchControls ); namingEnumeration = context.search( groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), filter, searchControls );
while ( namingEnumeration.hasMore() ) if ( namingEnumeration.hasMore() )
{ {
SearchResult searchResult = namingEnumeration.next(); SearchResult searchResult = namingEnumeration.next( );
Attribute attribute = searchResult.getAttributes().get( getLdapGroupMember() ); Attribute attribute = searchResult.getAttributes( ).get( getLdapGroupMemberAttribute( ) );
if ( attribute != null ) if ( attribute != null )
{ {
BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMember() ); BasicAttribute basicAttribute = new BasicAttribute( getLdapGroupMemberAttribute( ) );
basicAttribute.add( this.userIdAttribute + "=" + username + "," + getGroupsDn() ); basicAttribute.add( this.userIdAttribute + "=" + username + "," + getGroupsDn( ) );
context.modifyAttributes( "cn=" + groupName + "," + getGroupsDn(), new ModificationItem[]{ context.modifyAttributes( groupNameAttribute + "=" + groupName + "," + getGroupsDn( ), new ModificationItem[]{
new ModificationItem( DirContext.REMOVE_ATTRIBUTE, basicAttribute ) } ); new ModificationItem( DirContext.REMOVE_ATTRIBUTE, basicAttribute )} );
} }
return true; return true;
} }
@ -710,11 +714,11 @@ public class DefaultLdapRoleMapper
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
finally finally
@ -723,7 +727,7 @@ public class DefaultLdapRoleMapper
{ {
try try
{ {
namingEnumeration.close(); namingEnumeration.close( );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
@ -733,33 +737,58 @@ public class DefaultLdapRoleMapper
} }
} }
public void removeAllRoles( DirContext context ) public void removeAllRoles( DirContext context )
throws MappingException throws MappingException
{ {
//all mapped roles //all mapped roles
Collection<String> groups = ldapRoleMapperConfiguration.getLdapGroupMappings().keySet(); Collection<String> groups = ldapRoleMapperConfiguration.getLdapGroupMappings( ).keySet( );
try try
{ {
for ( String groupName : groups ) for ( String groupName : groups )
{ {
removeGroupByName( context, groupName );
String dn = "cn=" + groupName + "," + this.groupsDn;
context.unbind( dn );
log.debug( "deleted group with dn:'{}", dn );
} }
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
}
}
private void removeGroupByName( DirContext context, String groupName ) throws NamingException
{
NamingEnumeration<SearchResult> namingEnumeration = null;
try
{
SearchControls searchControls = new SearchControls( );
searchControls.setDerefLinkFlag( true );
searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
String filter = "(&(objectClass=" + getLdapGroupClass( ) + ")(" + groupNameAttribute + "=" + Rdn.escapeValue( groupName ) + "))";
// String filter = "(&(objectClass=" + getLdapGroupClass( ) + "))";
namingEnumeration = context.search( getGroupsDn( ), filter, searchControls );
// We delete only the first found group
if ( namingEnumeration != null && namingEnumeration.hasMore( ) )
{
SearchResult result = namingEnumeration.next( );
String dn = result.getNameInNamespace( );
context.unbind( new LdapName( dn ) );
log.debug( "Deleted group with dn:'{}", dn );
}
}
finally
{
closeNamingEnumeration( namingEnumeration );
} }
} }
@ -768,25 +797,24 @@ public class DefaultLdapRoleMapper
{ {
String groupName = findGroupName( roleName ); String groupName = findGroupName( roleName );
if (StringUtils.isEmpty( groupName )) {
log.warn( "No group for the given role found: role={}", roleName );
return;
}
try try
{ {
String dn = "cn=" + groupName + "," + this.groupsDn; removeGroupByName( context, groupName );
context.unbind( dn );
log.info( "deleted group with dn:'{}", dn );
} }
catch ( LdapException e ) catch ( LdapException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
catch ( NamingException e ) catch ( NamingException e )
{ {
throw new MappingException( e.getMessage(), e ); throw new MappingException( e.getMessage( ), e );
} }
} }
@ -819,7 +847,7 @@ public class DefaultLdapRoleMapper
this.ldapConnectionFactory = ldapConnectionFactory; this.ldapConnectionFactory = ldapConnectionFactory;
} }
public String getBaseDn() public String getBaseDn( )
{ {
return baseDn; return baseDn;
} }
@ -829,14 +857,14 @@ public class DefaultLdapRoleMapper
this.baseDn = baseDn; this.baseDn = baseDn;
} }
public String getLdapGroupMember() public String getLdapGroupMemberAttribute( )
{ {
return ldapGroupMember; return ldapGroupMemberAttribute;
} }
public void setLdapGroupMember( String ldapGroupMember ) public void setLdapGroupMemberAttribute( String ldapGroupMemberAttribute )
{ {
this.ldapGroupMember = ldapGroupMember; this.ldapGroupMemberAttribute = ldapGroupMemberAttribute;
} }
//------------------- //-------------------
@ -846,20 +874,20 @@ public class DefaultLdapRoleMapper
protected String findGroupName( String role ) protected String findGroupName( String role )
throws MappingException throws MappingException
{ {
Map<String, Collection<String>> mapping = ldapRoleMapperConfiguration.getLdapGroupMappings(); Map<String, Collection<String>> mapping = ldapRoleMapperConfiguration.getLdapGroupMappings( );
for ( Map.Entry<String, Collection<String>> entry : mapping.entrySet() ) for ( Map.Entry<String, Collection<String>> entry : mapping.entrySet( ) )
{ {
if ( entry.getValue().contains( role ) ) if ( entry.getValue( ).contains( role ) )
{ {
return entry.getKey(); return entry.getKey( );
} }
} }
return null; return null;
} }
public String getUserIdAttribute() public String getUserIdAttribute( )
{ {
return userIdAttribute; return userIdAttribute;
} }
@ -869,7 +897,7 @@ public class DefaultLdapRoleMapper
this.userIdAttribute = userIdAttribute; this.userIdAttribute = userIdAttribute;
} }
public boolean isUseDefaultRoleName() public boolean isUseDefaultRoleName( )
{ {
return useDefaultRoleName; return useDefaultRoleName;
} }

30
redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
View File

@ -88,7 +88,7 @@ public class TestLdapRoleMapper
LdapConnectionFactory ldapConnectionFactory; LdapConnectionFactory ldapConnectionFactory;
List<String> roleNames = List<String> roleNames =
Arrays.asList( "Archiva System Administrator", "Internal Repo Manager", "Internal Repo Observer" ); Arrays.asList( "Archiva System Administrator", "Internal Repo Manager", "Internal Repo Observer", "Ldap Group Test Role" );
LdapConnection ldapConnection; LdapConnection ldapConnection;
@ -109,6 +109,7 @@ public class TestLdapRoleMapper
usersPerGroup.put( "internal-repo-manager", Arrays.asList( "admin", "user.9" ) ); usersPerGroup.put( "internal-repo-manager", Arrays.asList( "admin", "user.9" ) );
usersPerGroup.put( "internal-repo-observer", Arrays.asList( "admin", "user.7", "user.8" ) ); usersPerGroup.put( "internal-repo-observer", Arrays.asList( "admin", "user.7", "user.8" ) );
usersPerGroup.put( "archiva-admin", Arrays.asList( "admin", "user.7" ) ); usersPerGroup.put( "archiva-admin", Arrays.asList( "admin", "user.7" ) );
usersPerGroup.put( "archiva/group-with-slash", Arrays.asList( "user.8", "user.9" ) );
users = new ArrayList<String>( 4 ); users = new ArrayList<String>( 4 );
users.add( "admin" ); users.add( "admin" );
@ -161,7 +162,12 @@ public class TestLdapRoleMapper
for ( Map.Entry<String, List<String>> group : usersPerGroup.entrySet() ) for ( Map.Entry<String, List<String>> group : usersPerGroup.entrySet() )
{ {
context.unbind( createGroupDn( group.getKey() ) ); try
{
context.unbind( createGroupDn( group.getKey( ) ) );
} catch (Exception ex) {
// Ignore
}
} }
context.unbind( suffix ); context.unbind( suffix );
@ -298,7 +304,7 @@ public class TestLdapRoleMapper
log.info( "allGroups: {}", allGroups ); log.info( "allGroups: {}", allGroups );
assertThat( allGroups ).isNotNull().isNotEmpty().contains( "archiva-admin", assertThat( allGroups ).isNotNull().isNotEmpty().contains( "archiva/group-with-slash", "archiva-admin",
"internal-repo-manager" ); "internal-repo-manager" );
} }
@ -331,7 +337,7 @@ public class TestLdapRoleMapper
groups = ldapRoleMapper.getGroups( "user.8", getDirContext() ); groups = ldapRoleMapper.getGroups( "user.8", getDirContext() );
assertThat( groups ).isNotNull().isNotEmpty().hasSize( 1 ).contains( "internal-repo-observer" ); assertThat( groups ).isNotNull().isNotEmpty().hasSize( 2 ).contains( "internal-repo-observer", "archiva/group-with-slash" );
groups = ldapRoleMapper.getGroups( "user.7", getDirContext() ); groups = ldapRoleMapper.getGroups( "user.7", getDirContext() );
@ -362,7 +368,7 @@ public class TestLdapRoleMapper
log.info( "roles for user.8: {}", roles ); log.info( "roles for user.8: {}", roles );
assertThat( roles ).isNotNull().isNotEmpty().hasSize( 1 ).contains( "Internal Repo Observer" ); assertThat( roles ).isNotNull().isNotEmpty().hasSize( 2 ).contains( "Internal Repo Observer" );
} }
@ -380,5 +386,19 @@ public class TestLdapRoleMapper
assertFalse( ldapRoleMapper.hasRole( getDirContext(), "Australian wine is good but not as French! " ) ); assertFalse( ldapRoleMapper.hasRole( getDirContext(), "Australian wine is good but not as French! " ) );
} }
@Test
public void removeRole() throws Exception
{
assertTrue( ldapRoleMapper.getAllGroups( getDirContext( ) ).contains( "archiva-admin" ) );
ldapRoleMapper.removeRole( "Archiva System Administrator", getDirContext() );
assertFalse( ldapRoleMapper.getAllGroups( getDirContext( ) ).contains( "archiva-admin" ) );
}
@Test
public void removeAllRoles() throws Exception
{
assertEquals( 4, ldapRoleMapper.getAllGroups( getDirContext( ) ).size() );
ldapRoleMapper.removeAllRoles( getDirContext() );
assertEquals( 0, ldapRoleMapper.getAllGroups( getDirContext( ) ).size() );
}
} }

3
redback-common/redback-common-ldap/src/test/security.properties
View File

@ -16,4 +16,5 @@
# under the License. # under the License.
ldap.config.groups.role.archiva-admin=Archiva System Administrator ldap.config.groups.role.archiva-admin=Archiva System Administrator
ldap.config.groups.role.internal-repo-manager=Internal Repo Manager ldap.config.groups.role.internal-repo-manager=Internal Repo Manager
ldap.config.groups.role.internal-repo-observer=Internal Repo Observer ldap.config.groups.role.internal-repo-observer=Internal Repo Observer
ldap.config.groups.role.archiva/group-with-slash=Ldap Group Test Role

4
redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
View File

@ -92,10 +92,14 @@ public interface UserConfigurationKeys
String LDAP_GROUPS_USE_ROLENAME = "ldap.config.groups.use.rolename"; String LDAP_GROUPS_USE_ROLENAME = "ldap.config.groups.use.rolename";
String LDAP_GROUPS_USE_DN_AS_MEMBER_VALUE = "ldap.config.groups.useDnAsMemberValue";
String LDAP_WRITABLE = "ldap.config.writable"; String LDAP_WRITABLE = "ldap.config.writable";
String LDAP_USER_ID_ATTRIBUTE = "ldap.config.user.attribute"; String LDAP_USER_ID_ATTRIBUTE = "ldap.config.user.attribute";
String LDAP_GROUP_NAME_ATTRIBUTE = "ldap.config.groups.name.attribute";
String APPLICATION_URL = "application.url"; String APPLICATION_URL = "application.url";
String EMAIL_URL_PATH = "email.url.path"; String EMAIL_URL_PATH = "email.url.path";