diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java
index 032d87a0..6cf3d859 100644
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java
@@ -193,7 +193,7 @@ public class LdapUserMapper
String nameAttribute = getUserFullNameAttribute();
String passwordAttribute = getPasswordAttribute();
- String userId = ( LdapUtils.getAttributeValue( attributes, userIdAttribute, "username" ) );
+ String userId = LdapUtils.getAttributeValue( attributes, userIdAttribute, "username" );
LdapUser user = new LdapUser( userId );
user.setOriginalAttributes( attributes );
diff --git a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
index 18f8cc9a..d6f0fd93 100644
--- a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
+++ b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
@@ -72,6 +72,12 @@ public interface UserConfigurationKeys
String LDAP_BINDDN = "ldap.config.bind.dn";
+ String LDAP_GROUPS_CLASS = "ldap.config.groups.class";
+
+ String LDAP_GROUPS_BASEDN = "ldap.config.groups.base.dn";
+
+ String LDAP_GROUPS_ROLE_START_KEY = "ldap.config.groups.role.";
+
String APPLICATION_URL = "application.url";
String EMAIL_URL_PATH = "email.url.path";
diff --git a/redback-rbac/redback-rbac-providers/pom.xml b/redback-rbac/redback-rbac-providers/pom.xml
index cd42db3c..4717d9f1 100644
--- a/redback-rbac/redback-rbac-providers/pom.xml
+++ b/redback-rbac/redback-rbac-providers/pom.xml
@@ -31,6 +31,6 @@
redback-rbac-jdo
redback-rbac-memory
redback-rbac-cached
-
+ redback-rbac-ldap
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml
new file mode 100644
index 00000000..0423d7d3
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml
@@ -0,0 +1,107 @@
+
+
+
+
+ 4.0.0
+
+
+ org.apache.archiva.redback
+ redback-rbac-providers
+ 2.1-SNAPSHOT
+
+
+ redback-rbac-ldap
+ bundle
+ Redback :: RBAC Provider :: Ldap
+
+
+
+ org.apache.archiva.redback
+ redback-system
+
+
+ org.apache.archiva.redback
+ redback-authorization-api
+
+
+ org.apache.archiva.redback
+ redback-rbac-model
+
+
+ org.apache.archiva.redback
+ redback-common-ldap
+
+
+ org.apache.archiva.redback.components.cache
+ spring-cache-api
+
+
+ org.apache.archiva.redback.components.cache
+ spring-cache-ehcache
+
+
+ net.sf.ehcache
+ ehcache-core
+
+
+ org.springframework
+ spring-context-support
+
+
+ javax.annotation
+ jsr250-api
+
+
+ org.apache.archiva.redback
+ redback-users-ldap
+ test
+
+
+ org.apache.archiva.redback
+ redback-rbac-tests
+ test
+
+
+ org.hsqldb
+ hsqldb
+ test
+
+
+ org.slf4j
+ slf4j-simple
+ test
+
+
+ org.easytesting
+ fest-assert
+ test
+
+
+
+
+
+
+ org.apache.felix
+ maven-bundle-plugin
+
+
+
+
+
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java
new file mode 100644
index 00000000..ba2e1531
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java
@@ -0,0 +1,306 @@
+package org.apache.archiva.redback.rbac.ldap;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.common.ldap.MappingException;
+import org.apache.archiva.redback.common.ldap.connection.LdapConnection;
+import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
+import org.apache.archiva.redback.common.ldap.connection.LdapException;
+import org.apache.archiva.redback.configuration.UserConfiguration;
+import org.apache.archiva.redback.configuration.UserConfigurationKeys;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.PostConstruct;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author Olivier Lamy
+ * @since 2.1
+ */
+@Service( "ldapRoleMapper#default" )
+public class DefaultLdapRoleMapper
+ implements LdapRoleMapper
+{
+
+ private Logger log = LoggerFactory.getLogger( getClass() );
+
+ @Inject
+ private LdapConnectionFactory ldapConnectionFactory;
+
+ @Inject
+ @Named( value = "userConfiguration#default" )
+ private UserConfiguration userConf;
+
+ //---------------------------
+ // fields
+ //---------------------------
+
+ private String ldapGroupClass = "groupOfUniqueNames";
+
+ private String groupsDn;
+
+ @PostConstruct
+ public void initialize()
+ {
+ this.ldapGroupClass = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass );
+
+ this.groupsDn = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn );
+ }
+
+ public String getLdapGroup( String role )
+ {
+ return userConf.getString( UserConfigurationKeys.LDAP_GROUPS_ROLE_START_KEY + role );
+ }
+
+ public List getAllGroups()
+ throws MappingException
+ {
+ // TODO caching
+ LdapConnection ldapConnection = null;
+
+ NamingEnumeration namingEnumeration = null;
+ try
+ {
+ ldapConnection = ldapConnectionFactory.getConnection();
+
+ DirContext context = ldapConnection.getDirContext();
+
+ SearchControls searchControls = new SearchControls();
+
+ searchControls.setDerefLinkFlag( true );
+ searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+
+ String filter = "objectClass=" + getLdapGroupClass();
+
+ namingEnumeration = context.search( getGroupsDn(), filter, searchControls );
+
+ List allGroups = new ArrayList();
+
+ while ( namingEnumeration.hasMore() )
+ {
+ SearchResult searchResult = namingEnumeration.next();
+
+ String groupName = searchResult.getName();
+ // cn=blabla we only want bla bla
+ groupName = StringUtils.substringAfter( groupName, "=" );
+
+ log.debug( "found groupName: '{}", groupName );
+
+ allGroups.add( groupName );
+
+ }
+
+ return allGroups;
+ }
+ catch ( LdapException e )
+ {
+ throw new MappingException( e.getMessage(), e );
+ }
+ catch ( NamingException e )
+ {
+ throw new MappingException( e.getMessage(), e );
+ }
+
+ finally
+ {
+ if ( ldapConnection != null )
+ {
+ ldapConnection.close();
+ }
+ if ( namingEnumeration != null )
+ {
+ try
+ {
+ namingEnumeration.close();
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "failed to close search results", e );
+ }
+ }
+ }
+ }
+
+ public List getGroupsMember( String group )
+ throws MappingException
+ {
+ // TODO caching
+ LdapConnection ldapConnection = null;
+
+ NamingEnumeration namingEnumeration = null;
+ try
+ {
+ ldapConnection = ldapConnectionFactory.getConnection();
+
+ DirContext context = ldapConnection.getDirContext();
+
+ SearchControls searchControls = new SearchControls();
+
+ searchControls.setDerefLinkFlag( true );
+ searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+
+ String filter = "objectClass=" + getLdapGroupClass();
+
+ namingEnumeration = context.search( "cn=" + group + "," + getGroupsDn(), filter, searchControls );
+
+ List allMembers = new ArrayList();
+
+ while ( namingEnumeration.hasMore() )
+ {
+ SearchResult searchResult = namingEnumeration.next();
+
+ Attribute uniqueMemberAttr = searchResult.getAttributes().get( "uniquemember" );
+
+ if ( uniqueMemberAttr != null )
+ {
+ NamingEnumeration allMembersEnum = (NamingEnumeration) uniqueMemberAttr.getAll();
+ while ( allMembersEnum.hasMore() )
+ {
+ String userName = allMembersEnum.next();
+ // uid=blabla we only want bla bla
+ userName = StringUtils.substringAfter( userName, "=" );
+ userName = StringUtils.substringBefore( userName, "," );
+ log.debug( "found userName for group {}: '{}", group, userName );
+
+ allMembers.add( userName );
+ }
+ close( allMembersEnum );
+ }
+
+
+ }
+
+ return allMembers;
+ }
+ catch ( LdapException e )
+ {
+ throw new MappingException( e.getMessage(), e );
+ }
+ catch ( NamingException e )
+ {
+ throw new MappingException( e.getMessage(), e );
+ }
+
+ finally
+ {
+ if ( ldapConnection != null )
+ {
+ ldapConnection.close();
+ }
+ close( namingEnumeration );
+ }
+ }
+
+ public List getGroups( String username )
+ throws MappingException
+ {
+ // TODO caching and a filter with uid
+ List allGroups = getAllGroups();
+ List userGroups = new ArrayList();
+ for ( String group : allGroups )
+ {
+ List users = getGroupsMember( group );
+ if ( users.contains( username ) )
+ {
+ userGroups.add( group );
+ }
+ }
+ return userGroups;
+ }
+
+ private void close( NamingEnumeration namingEnumeration )
+ {
+ if ( namingEnumeration != null )
+ {
+ try
+ {
+ namingEnumeration.close();
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "fail to close namingEnumeration: {}", e.getMessage() );
+ }
+ }
+ }
+
+ public String getGroupsDn()
+ {
+ return this.groupsDn;
+ }
+
+ public String getLdapGroupClass()
+ {
+ return this.ldapGroupClass;
+ }
+
+ public void addLdapMapping( String role, String ldapGroup )
+ {
+ log.warn( "addLdapMapping not implemented" );
+ }
+
+ public void removeLdapMapping( String role )
+ {
+ log.warn( "removeLdapMapping not implemented" );
+ }
+
+ public Map getLdapGroupMappings()
+ {
+ log.warn( "getLdapGroupMappings not implemented" );
+ return Collections.emptyMap();
+ }
+
+ //---------------------------------
+ // setters for unit tests
+ //---------------------------------
+
+
+ public void setGroupsDn( String groupsDn )
+ {
+ this.groupsDn = groupsDn;
+ }
+
+ public void setLdapGroupClass( String ldapGroupClass )
+ {
+ this.ldapGroupClass = ldapGroupClass;
+ }
+
+ public void setUserConf( UserConfiguration userConf )
+ {
+ this.userConf = userConf;
+ }
+
+ public void setLdapConnectionFactory( LdapConnectionFactory ldapConnectionFactory )
+ {
+ this.ldapConnectionFactory = ldapConnectionFactory;
+ }
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
new file mode 100644
index 00000000..afe54ba5
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
@@ -0,0 +1,475 @@
+package org.apache.archiva.redback.rbac.ldap;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
+import org.apache.archiva.redback.rbac.AbstractRBACManager;
+import org.apache.archiva.redback.rbac.AbstractRole;
+import org.apache.archiva.redback.rbac.AbstractUserAssignment;
+import org.apache.archiva.redback.rbac.Operation;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
+import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author Olivier Lamy
+ * @since 2.1
+ */
+@Service( "rbacManager#ldap" )
+public class LdapRbacManager
+ extends AbstractRBACManager
+ implements RBACManager
+{
+
+ @Inject
+ private LdapConnectionFactory ldapConnectionFactory;
+
+ public Role createRole( String name )
+ {
+ return new MockRole();
+ }
+
+ public Role saveRole( Role role )
+ throws RbacManagerException
+ {
+ return role;
+ }
+
+ public void saveRoles( Collection roles )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public Role getRole( String roleName )
+ throws RbacManagerException
+ {
+ // TODO
+ return null;
+ }
+
+ public List getAllRoles()
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public void removeRole( Role role )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public Permission createPermission( String name )
+ throws RbacManagerException
+ {
+ return new MockPermission();
+ }
+
+ public Permission createPermission( String name, String operationName, String resourceIdentifier )
+ throws RbacManagerException
+ {
+ return new MockPermission();
+ }
+
+ public Permission savePermission( Permission permission )
+ throws RbacManagerException
+ {
+ return permission;
+ }
+
+ public Permission getPermission( String permissionName )
+ throws RbacManagerException
+ {
+ return new MockPermission();
+ }
+
+ public List getAllPermissions()
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public void removePermission( Permission permission )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public Operation createOperation( String name )
+ throws RbacManagerException
+ {
+ return new MockOperation();
+ }
+
+ public Operation saveOperation( Operation operation )
+ throws RbacManagerException
+ {
+ return operation;
+ }
+
+ public Operation getOperation( String operationName )
+ throws RbacManagerException
+ {
+ return new MockOperation();
+ }
+
+ public List getAllOperations()
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public void removeOperation( Operation operation )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public Resource createResource( String identifier )
+ throws RbacManagerException
+ {
+ return new MockResource();
+ }
+
+ public Resource saveResource( Resource resource )
+ throws RbacManagerException
+ {
+ return resource;
+ }
+
+ public Resource getResource( String resourceIdentifier )
+ throws RbacManagerException
+ {
+ // TODO
+ return new MockResource();
+ }
+
+ public List getAllResources()
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public void removeResource( Resource resource )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public UserAssignment createUserAssignment( String principal )
+ throws RbacManagerException
+ {
+ return new MockUserAssignment();
+ }
+
+ public UserAssignment saveUserAssignment( UserAssignment userAssignment )
+ throws RbacManagerException
+ {
+ return userAssignment;
+ }
+
+ public UserAssignment getUserAssignment( String principal )
+ throws RbacManagerException
+ {
+ // TODO
+ return new MockUserAssignment();
+ }
+
+ public List getAllUserAssignments()
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public List getUserAssignmentsForRoles( Collection roleNames )
+ throws RbacManagerException
+ {
+ // TODO
+ return Collections.emptyList();
+ }
+
+ public void removeUserAssignment( UserAssignment userAssignment )
+ throws RbacManagerException
+ {
+ // no op
+ }
+
+ public void eraseDatabase()
+ {
+ // no op
+ }
+
+ //-------------------------------
+ // Mock classes
+ //-------------------------------
+
+ private static class MockRole
+ extends AbstractRole
+ implements Role
+ {
+ public void addPermission( Permission permission )
+ {
+ // no op
+ }
+
+ public void addChildRoleName( String name )
+ {
+ // no op
+ }
+
+ public List getChildRoleNames()
+ {
+ return Collections.emptyList();
+ }
+
+ public String getDescription()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public List getPermissions()
+ {
+ return Collections.emptyList();
+ }
+
+ public boolean isAssignable()
+ {
+ return false;
+ }
+
+ public void removePermission( Permission permission )
+ {
+ // no op
+ }
+
+ public void setAssignable( boolean assignable )
+ {
+ // no op
+ }
+
+ public void setChildRoleNames( List names )
+ {
+ // no op
+ }
+
+ public void setDescription( String description )
+ {
+ // no op
+ }
+
+ public void setName( String name )
+ {
+ // no op
+ }
+
+ public void setPermissions( List permissions )
+ {
+ //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ public boolean isPermanent()
+ {
+ return false;
+ }
+
+ public void setPermanent( boolean permanent )
+ {
+ // no op
+ }
+ }
+
+ private static class MockPermission
+ implements Permission
+ {
+ public String getDescription()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public Operation getOperation()
+ {
+ return null;
+ }
+
+ public Resource getResource()
+ {
+ return null;
+ }
+
+ public void setDescription( String description )
+ {
+ // no op
+ }
+
+ public void setName( String name )
+ {
+ // no op
+ }
+
+ public void setOperation( Operation operation )
+ {
+ // no op
+ }
+
+ public void setResource( Resource resource )
+ {
+ // no op
+ }
+
+ public boolean isPermanent()
+ {
+ return false;
+ }
+
+ public void setPermanent( boolean permanent )
+ {
+ // no op
+ }
+ }
+
+ private static class MockOperation
+ implements Operation
+ {
+ public String getDescription()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public void setDescription( String description )
+ {
+ // no op
+ }
+
+ public void setName( String name )
+ {
+ // no op
+ }
+
+ public boolean isPermanent()
+ {
+ return false;
+ }
+
+ public void setPermanent( boolean permanent )
+ {
+ // no op
+ }
+ }
+
+ private static class MockResource
+ implements Resource
+ {
+ public String getIdentifier()
+ {
+ return null;
+ }
+
+ public boolean isPattern()
+ {
+ return false;
+ }
+
+ public void setIdentifier( String identifier )
+ {
+ // no op
+ }
+
+ public void setPattern( boolean pattern )
+ {
+ // no op
+ }
+
+ public boolean isPermanent()
+ {
+ return false;
+ }
+
+ public void setPermanent( boolean permanent )
+ {
+ // no op
+ }
+ }
+
+ private static class MockUserAssignment
+ extends AbstractUserAssignment
+ implements UserAssignment
+ {
+ public String getPrincipal()
+ {
+ return null;
+ }
+
+ public List getRoleNames()
+ {
+ return Collections.emptyList();
+ }
+
+ public void setPrincipal( String principal )
+ {
+ // no op
+ }
+
+ public void setRoleNames( List roles )
+ {
+ // no op
+ }
+
+ public boolean isPermanent()
+ {
+ return false;
+ }
+
+ public void setPermanent( boolean permanent )
+ {
+ // no op
+ }
+ }
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java
new file mode 100644
index 00000000..949e9b5a
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java
@@ -0,0 +1,96 @@
+package org.apache.archiva.redback.rbac.ldap;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.common.ldap.MappingException;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * will map ldap group to redback role
+ *
+ * @author Olivier Lamy
+ * @since 2.1
+ */
+public interface LdapRoleMapper
+{
+ /**
+ * @param role redback role
+ * @return corresponding LDAP group
+ */
+ String getLdapGroup( String role )
+ throws MappingException;
+
+ // for continuum ?
+ //String getLdapGroup( String role, String resource );
+
+
+ /**
+ * @return all LDAP groups
+ */
+ List getAllGroups()
+ throws MappingException;
+
+
+ /**
+ * @return the base dn which contains all ldap groups
+ */
+ String getGroupsDn();
+
+ /**
+ * @return the class used for group usually groupOfUniqueNames
+ */
+ String getLdapGroupClass();
+
+ /**
+ * @param group ldap group
+ * @return uids of group members
+ * @throws MappingException
+ */
+ List getGroupsMember( String group )
+ throws MappingException;
+
+ List getGroups( String username )
+ throws MappingException;
+
+ /**
+ * add mapping redback role <-> ldap group
+ *
+ * @param role redback role
+ * @param ldapGroup ldap group
+ */
+ void addLdapMapping( String role, String ldapGroup )
+ throws MappingException;
+
+ /**
+ * remove a mapping
+ *
+ * @param role redback role
+ */
+ void removeLdapMapping( String role )
+ throws MappingException;
+
+ /**
+ * @return Map of corresponding Redback role (key) and LDAP group (value)
+ */
+ Map getLdapGroupMappings()
+ throws MappingException;
+
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml
new file mode 100644
index 00000000..dc93717d
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java
new file mode 100644
index 00000000..c556cfd4
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java
@@ -0,0 +1,85 @@
+package org.apache.archiva.redback.rbac.ldap;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.fest.assertions.Assertions;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.List;
+
+/**
+ * @author Olivier Lamy
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+@DirtiesContext( classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD )
+public class TestLdapRoleMapper
+ extends TestCase
+{
+
+ Logger log = LoggerFactory.getLogger( getClass() );
+
+ @Inject
+ @Named( value = "ldapRoleMapper#test" )
+ LdapRoleMapper ldapRoleMapper;
+
+
+ @Test
+ public void getAllGroups()
+ throws Exception
+ {
+ List allGroups = ldapRoleMapper.getAllGroups();
+
+ log.info( "allGroups: {}", allGroups );
+
+ Assertions.assertThat( allGroups ).isNotNull().isNotEmpty().contains( "archiva-admin",
+ "internal-repo-manager" );
+ }
+
+ @Test
+ public void getGroupsMember()
+ throws Exception
+ {
+ List users = ldapRoleMapper.getGroupsMember( "archiva-admin" );
+
+ log.info( "users for archiva-admin: {}", users );
+
+ Assertions.assertThat( users ).isNotNull().isNotEmpty().contains( "admin", "user.7" );
+ }
+
+ @Test
+ public void getGroups()
+ throws Exception
+ {
+ List roles = ldapRoleMapper.getGroups( "admin" );
+
+ log.info( "roles for admin: {}", roles );
+
+ Assertions.assertThat( roles ).isNotNull().isNotEmpty().contains( "archiva-admin", "internal-repo-manager" );
+ }
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml
new file mode 100755
index 00000000..403f4195
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml
@@ -0,0 +1,50 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file