org.ametys.plugins.core.impl.group.directory.ldap

Class LdapGroupDirectory

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.util.CachingComponent<K,V>

org.ametys.core.util.ldap.AbstractLDAPConnector<Object,Object>

org.ametys.plugins.core.impl.group.directory.ldap.LdapGroupDirectory

All Implemented Interfaces:

GroupDirectory, LogEnabled, Disposable, Initializable, Serviceable

public class LdapGroupDirectory
extends AbstractLDAPConnector<Object,Object>
implements GroupDirectory

Use a LDAP server for getting the groups of users

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	LdapGroupDirectory.GroupComparator Group comparator.
private static class	LdapGroupDirectory.LdapGroup Implementation of Group for Ldap group directory

Field Summary

Fields

Modifier and Type	Field and Description
private static LdapGroupDirectory.GroupComparator	__GROUP_COMPARATOR
protected static String	__PARAM_ASSOCIATED_USERDIRECTORY_ID Name of the parameter holding the id of the associated user directory
protected static String	__PARAM_DATASOURCE_ID Name of the parameter holding the datasource id
protected static String	__PARAM_GROUPS_DESCRIPTION_ATTRIBUTE Name of the decription attribute.
protected static String	__PARAM_GROUPS_ID_ATTRIBUTE Name of the id attribute.
protected static String	__PARAM_GROUPS_MEMBER_ATTRIBUTE Name of the member DN attribute.
protected static String	__PARAM_GROUPS_MEMBEROF_ATTRIBUTE Name of the member DN attribute.
protected static String	__PARAM_GROUPS_OBJECT_FILTER Filter for limiting the search.
protected static String	__PARAM_GROUPS_RELATIVE_DN Relative DN for groups.
protected static String	__PARAM_GROUPS_SEARCH_SCOPE The scope used for search.
protected static String	__PARAM_USERS_UID_ATTRIBUTE Name of the user uid attribute.
protected String	_associatedPopulationId The id of the associated user population where the LDAP group will retrieve the users
protected String	_associatedUserDirectoryId The id of the associated user directory where the LDAP group will retrieve the users
private String	_groupDirectoryModelId The id of the GroupDirectoryModel
protected String	_groupsDescriptionAttribute The group description attribute
protected String	_groupsIdAttribute The group id attribute
protected String	_groupsMemberAttribute The attribute which contains the member DN
protected String	_groupsObjectFilter The filter to find groups
protected String	_groupsRelativeDN The group DN relative to baseDN
protected int	_groupsSearchScope The scope used for search.
protected String	_id The id
protected I18nizableText	_label The label
protected int	_pageSize The LDAP search page size.
private Map<String,Object>	_paramValues The map of the values of the parameters
protected UserManager	_userManager The user manager
protected UserPopulationDAO	_userPopulationDAO The DAO for user populations
protected String	_usersMemberOfAttribute The attribute which contains the groups of a user
protected String	_userUidAttribute The user id in 'memberUid' attribute (on groups for retrieving the users of a group).

Fields inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector

__DEFAULT_PAGE_SIZE, _ldapAdminPassword, _ldapAdminRelativeDN, _ldapAliasDerefMode, _ldapAuthenticationMethod, _ldapBaseDN, _ldapFollowReferrals, _ldapUrl, _ldapUseSSL, _pagingSupported

Constructor Summary

Constructors

Constructor and Description
LdapGroupDirectory()

Method Summary

Modifier and Type	Method and Description
protected String	_getGroupId(SearchResult groupEntry) Get a group id from attributes of a ldap group entry.
protected Set<String>	_getGroupIdsOfUser(Attributes userAttrs, DirContext context) Get group ids from attributes of a ldap user entry.
protected String	_getRelativeDn(String dn) If the given DN is absolute, return the relative DN.
protected SearchControls	_getSearchConstraint() Get constraints for a search.
protected Group	_getUserGroup(SearchResult entry) Get an UserGroup from attributes of a ldap entry.
private Set<String>	_getUserGroupsFromMemberAttr(UserIdentity userIdentity, LdapUserDirectory userDirectory)
private Set<String>	_getUserGroupsFromMemberofAttr(UserIdentity userIdentity, String usersRelativeDN, LdapUserDirectory associatedUserDirectory)
protected UserIdentity	_getUserInLdapFromDn(String ldapDn) Gets a user according to its DN
protected UserIdentity	_getUserInLdapFromUid(String ldapUid) Gets a user according to its UID
private SearchControls	_getUserSearchConstraint(String[] returningAttributes)
protected Set<UserIdentity>	_getUsersFromMembersOfAttr(String groupId) Gets all users of a group from the 'runtime.groups.ldap.memberof' attribute on the users
protected Map<String,Object>	_group2JSON(Group group, boolean users) Get group as JSON object
Group	getGroup(String groupID) Returns a particular group.
String	getGroupDirectoryModelId() Get the id of the GroupDirectoryModel extension point
Set<Group>	getGroups() Returns all groups.
String	getId() Get the id of the group directory.
I18nizableText	getLabel() Get the label of the group directory.
Map<String,Object>	getParameterValues() Get the values of parameters (from group directory model)
Set<String>	getUserGroups(UserIdentity userIdentity) Get all groups a particular user is in.
Map<String,Object>	group2JSON(String id, boolean withUsers) Get group
List<Map<String,Object>>	groups2JSON(int count, int offset, Map parameters, boolean withUsers) Get groups
void	init(String groupDirectoryModelId, Map<String,Object> paramValues) Initialize the group directory with given parameter values.
void	service(ServiceManager serviceManager)
void	setId(String id) Set the id of the group directory.
void	setLabel(I18nizableText label) Set the label of the group directory.

Methods inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector

_cleanup, _delayedInitialize, _getConfigParameter, _getContextEnv, _getFilter, _getRootContextEnv, _getSearchScope, _hasMoreEntries, _search, _search, _setPagingIfSupported, _testConnectionsPooled, _testPagingSupported, isPagingSupported

Methods inherited from class org.ametys.core.util.CachingComponent

addObjectInCache, clearCache, dispose, getObjectFromCache, initialize, isCacheEnabled, removeObjectFromCache

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

__PARAM_DATASOURCE_ID

protected static final String __PARAM_DATASOURCE_ID

Name of the parameter holding the datasource id

See Also:

Constant Field Values

__PARAM_ASSOCIATED_USERDIRECTORY_ID

protected static final String __PARAM_ASSOCIATED_USERDIRECTORY_ID

Name of the parameter holding the id of the associated user directory

See Also:

Constant Field Values

__PARAM_GROUPS_RELATIVE_DN

protected static final String __PARAM_GROUPS_RELATIVE_DN

Relative DN for groups.

See Also:

Constant Field Values

__PARAM_GROUPS_OBJECT_FILTER

protected static final String __PARAM_GROUPS_OBJECT_FILTER

Filter for limiting the search.

See Also:

Constant Field Values

__PARAM_GROUPS_SEARCH_SCOPE

protected static final String __PARAM_GROUPS_SEARCH_SCOPE

The scope used for search.

See Also:

Constant Field Values

__PARAM_GROUPS_ID_ATTRIBUTE

protected static final String __PARAM_GROUPS_ID_ATTRIBUTE

Name of the id attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_DESCRIPTION_ATTRIBUTE

protected static final String __PARAM_GROUPS_DESCRIPTION_ATTRIBUTE

Name of the decription attribute.

See Also:

Constant Field Values

__PARAM_USERS_UID_ATTRIBUTE

protected static final String __PARAM_USERS_UID_ATTRIBUTE

Name of the user uid attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_MEMBER_ATTRIBUTE

protected static final String __PARAM_GROUPS_MEMBER_ATTRIBUTE

Name of the member DN attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_MEMBEROF_ATTRIBUTE

protected static final String __PARAM_GROUPS_MEMBEROF_ATTRIBUTE

Name of the member DN attribute.

See Also:

Constant Field Values

__GROUP_COMPARATOR

private static final LdapGroupDirectory.GroupComparator __GROUP_COMPARATOR

_userManager

protected UserManager _userManager

The user manager

_userPopulationDAO

protected UserPopulationDAO _userPopulationDAO

The DAO for user populations

_groupsRelativeDN

protected String _groupsRelativeDN

The group DN relative to baseDN

_groupsObjectFilter

protected String _groupsObjectFilter

The filter to find groups

_groupsSearchScope

protected int _groupsSearchScope

The scope used for search.

_groupsIdAttribute

protected String _groupsIdAttribute

The group id attribute

_groupsDescriptionAttribute

protected String _groupsDescriptionAttribute

The group description attribute

_pageSize

protected int _pageSize

The LDAP search page size.

_groupsMemberAttribute

protected String _groupsMemberAttribute

The attribute which contains the member DN

_associatedUserDirectoryId

protected String _associatedUserDirectoryId

The id of the associated user directory where the LDAP group will retrieve the users

_associatedPopulationId

protected String _associatedPopulationId

The id of the associated user population where the LDAP group will retrieve the users

_userUidAttribute

protected String _userUidAttribute

The user id in 'memberUid' attribute (on groups for retrieving the users of a group).

_usersMemberOfAttribute

protected String _usersMemberOfAttribute

The attribute which contains the groups of a user

_id

protected String _id

The id

_label

protected I18nizableText _label

The label

_groupDirectoryModelId

private String _groupDirectoryModelId

The id of the GroupDirectoryModel

_paramValues

private Map<String,Object> _paramValues

The map of the values of the parameters

Constructor Detail

LdapGroupDirectory

public LdapGroupDirectory()

Method Detail

getId

public String getId()

Description copied from interface: GroupDirectory

Get the id of the group directory.

Specified by:

getId in interface GroupDirectory

Returns:

The id of the group directory

getLabel

public I18nizableText getLabel()

Description copied from interface: GroupDirectory

Get the label of the group directory.

Specified by:

getLabel in interface GroupDirectory

Returns:

The label of the group directory

setId

public void setId(String id)

Description copied from interface: GroupDirectory

Set the id of the group directory.

Specified by:

setId in interface GroupDirectory

Parameters:

id - The id

setLabel

public void setLabel(I18nizableText label)

Description copied from interface: GroupDirectory

Set the label of the group directory.

Specified by:

setLabel in interface GroupDirectory

Parameters:

label - The label

getGroupDirectoryModelId

public String getGroupDirectoryModelId()

Description copied from interface: GroupDirectory

Get the id of the GroupDirectoryModel extension point

Specified by:

getGroupDirectoryModelId in interface GroupDirectory

Returns:

the id of extension point

getParameterValues

public Map<String,Object> getParameterValues()

Description copied from interface: GroupDirectory

Get the values of parameters (from group directory model)

Specified by:

getParameterValues in interface GroupDirectory

Returns:

the parameters' values

service

public void service(ServiceManager serviceManager)
             throws ServiceException

Specified by:

service in interface Serviceable

Overrides:

service in class AbstractLDAPConnector<Object,Object>

Throws:

ServiceException

init

public void init(String groupDirectoryModelId,
                 Map<String,Object> paramValues)
          throws Exception

Description copied from interface: GroupDirectory

Initialize the group directory with given parameter values.

Specified by:

init in interface GroupDirectory

Parameters:

groupDirectoryModelId - The id of group directory extension point

paramValues - The parameters' values

Throws:

Exception - If an error occured

getGroup

public Group getGroup(String groupID)

Description copied from interface: GroupDirectory

Returns a particular group.

Specified by:

getGroup in interface GroupDirectory

Parameters:

groupID - The id of the group.

Returns:

The group or null if the group does not exist.

getGroups

public Set<Group> getGroups()

Description copied from interface: GroupDirectory

Returns all groups.

Specified by:

getGroups in interface GroupDirectory

Returns:

The groups as a Set of UserGroup, empty if an error occurs.

getUserGroups

public Set<String> getUserGroups(UserIdentity userIdentity)

Description copied from interface: GroupDirectory

Get all groups a particular user is in.

Specified by:

getUserGroups in interface GroupDirectory

Parameters:

userIdentity - The identity of the user

Returns:

The groups as a Set of String (group ID), empty if the login does not match.

_getUserGroupsFromMemberofAttr

private Set<String> _getUserGroupsFromMemberofAttr(UserIdentity userIdentity,
                                                   String usersRelativeDN,
                                                   LdapUserDirectory associatedUserDirectory)

_getUserGroupsFromMemberAttr

private Set<String> _getUserGroupsFromMemberAttr(UserIdentity userIdentity,
                                                 LdapUserDirectory userDirectory)

_getGroupId

protected String _getGroupId(SearchResult groupEntry)

Get a group id from attributes of a ldap group entry.

Parameters:

groupEntry - The ldap group entry to get attributes from.

Returns:

The group id as a String.

Throws:

IllegalArgumentException - If a needed attribute is missing.

_getGroupIdsOfUser

protected Set<String> _getGroupIdsOfUser(Attributes userAttrs,
                                         DirContext context)
                                  throws NamingException

Get group ids from attributes of a ldap user entry.

Parameters:

userAttrs - The attributes of a ldap user entry

context - The context

Returns:

The group ids as a Set of String.

Throws:

NamingException - If a naming exception was encountered while retrieving the group DNs

IllegalArgumentException - If a needed attribute is missing.

groups2JSON

public List<Map<String,Object>> groups2JSON(int count,
                                            int offset,
                                            Map parameters,
                                            boolean withUsers)

Description copied from interface: GroupDirectory

Get groups

Specified by:

groups2JSON in interface GroupDirectory

Parameters:

count - The maximum number of groups to sax. (-1 to sax all)

offset - The offset to start with, first is 0.

parameters - Parameters for saxing user list differently, see implementation.

withUsers - true to also have the users of the groups

Returns:

The matching groups as a json object

group2JSON

public Map<String,Object> group2JSON(String id,
                                     boolean withUsers)

Description copied from interface: GroupDirectory

Get group

Specified by:

group2JSON in interface GroupDirectory

Parameters:

id - The group's id

withUsers - true to also have the users of the group

Returns:

The matching group as a json object

_getUserGroup

protected Group _getUserGroup(SearchResult entry)

Get an UserGroup from attributes of a ldap entry.

Parameters:

entry - The ldap entry to get attributes from.

Returns:

The group as an UserGroup.

Throws:

IllegalArgumentException - If a needed attribute is missing.

_getRelativeDn

protected String _getRelativeDn(String dn)

If the given DN is absolute, return the relative DN. Otherwise, return the given DN.

Parameters:

dn - The absolute or relative DN

Returns:

The relative DN

_getUserInLdapFromDn

protected UserIdentity _getUserInLdapFromDn(String ldapDn)

Gets a user according to its DN

Parameters:

ldapDn - The DN of the user in the LDAP

Returns:

A user

_getUserInLdapFromUid

protected UserIdentity _getUserInLdapFromUid(String ldapUid)

Gets a user according to its UID

Parameters:

ldapUid - The UID of the user in the LDAP

Returns:

A user

_getUsersFromMembersOfAttr

protected Set<UserIdentity> _getUsersFromMembersOfAttr(String groupId)

Gets all users of a group from the 'runtime.groups.ldap.memberof' attribute on the users

Parameters:

groupId - The id of the group

Returns:

The users of the given group, only by looking at the 'runtime.groups.ldap.memberof' attribute on the users

_getUserSearchConstraint

private SearchControls _getUserSearchConstraint(String[] returningAttributes)

_getSearchConstraint

protected SearchControls _getSearchConstraint()

Get constraints for a search.

Returns:

The constraints as a SearchControls.

_group2JSON

protected Map<String,Object> _group2JSON(Group group,
                                         boolean users)

Get group as JSON object

Parameters:

group - the group

users - true to get users' group

Returns:

the group as JSON object