Package org.ametys.plugins.core.impl.group.directory.ldap

Class LdapGroupDirectory

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.util.ldap.AbstractLDAPConnector

org.ametys.plugins.core.impl.group.directory.ldap.LdapGroupDirectory

All Implemented Interfaces:

GroupDirectory, Cacheable, LogEnabled, Disposable, Serviceable

public class LdapGroupDirectory
extends AbstractLDAPConnector
implements GroupDirectory, Cacheable, Disposable

Use a LDAP server for getting the groups of users

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static class	LdapGroupDirectory.GroupComparator	Group comparator.
private static class	LdapGroupDirectory.LdapGroup	Implementation of Group for Ldap group directory

Nested classes/interfaces inherited from interface org.ametys.core.util.Cacheable

Cacheable.SingleCacheConfiguration

Field Summary

Fields

Modifier and Type	Field	Description
private static LdapGroupDirectory.GroupComparator	__GROUP_COMPARATOR
private static String	__LDAP_GROUPDIRECTORY_GROUP_BY_ID_CACHE_NAME_PREFIX
private static String	__LDAP_GROUPDIRECTORY_GROUPS_BY_USER_CACHE_NAME_PREFIX
private static String	__LDAP_GROUPDIRECTORY_USERS_BY_GROUP_CACHE_NAME_PREFIX
protected static String	__PARAM_ASSOCIATED_USERDIRECTORY_ID	Name of the parameter holding the id of the associated user directory
protected static String	__PARAM_DATASOURCE_ID	Name of the parameter holding the datasource id
protected static String	__PARAM_GROUPS_DESCRIPTION_ATTRIBUTE	Name of the decription attribute.
protected static String	__PARAM_GROUPS_ID_ATTRIBUTE	Name of the id attribute.
protected static String	__PARAM_GROUPS_MEMBER_ATTRIBUTE	Name of the member DN attribute.
protected static String	__PARAM_GROUPS_MEMBEROF_ATTRIBUTE	Name of the member DN attribute.
protected static String	__PARAM_GROUPS_OBJECT_FILTER	Filter for limiting the search.
protected static String	__PARAM_GROUPS_RELATIVE_DN	Relative DN for groups.
protected static String	__PARAM_GROUPS_SEARCH_SCOPE	The scope used for search.
protected static String	__PARAM_USERS_UID_ATTRIBUTE	Name of the user uid attribute.
protected String	_associatedPopulationId	The id of the associated user population where the LDAP group will retrieve the users
protected String	_associatedUserDirectoryId	The id of the associated user directory where the LDAP group will retrieve the users
private AbstractCacheManager	_cacheManager
private String	_groupDirectoryModelId	The id of the GroupDirectoryModel
private Pattern	_groupExtractionPattern
protected String	_groupsDescriptionAttribute	The group description attribute
protected String	_groupsIdAttribute	The group id attribute
protected String	_groupsMemberAttribute	The attribute which contains the member DN
protected String	_groupsObjectFilter	The filter to find groups
protected String	_groupsRelativeDN	The group DN relative to baseDN
protected int	_groupsSearchScope	The scope used for search.
protected String	_id	The id
protected I18nizableText	_label	The label
protected int	_pageSize	The LDAP search page size.
private Map<String,Object>	_paramValues	The map of the values of the parameters
private String	_uniqueCacheSuffix
protected UserManager	_userManager	The user manager
protected UserPopulationDAO	_userPopulationDAO	The DAO for user populations
protected String	_usersMemberOfAttribute	The attribute which contains the groups of a user
protected String	_userUidAttribute	The user id in 'memberUid' attribute (on groups for retrieving the users of a group).
private static Group	NULLGROUP	Unique instance of group to mean a null result in the cache

Fields inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector

__DEFAULT_PAGE_SIZE, _ldapAdminPassword, _ldapAdminRelativeDN, _ldapAliasDerefMode, _ldapAuthenticationMethod, _ldapBaseDN, _ldapFollowReferrals, _ldapUrl, _ldapUseSSL, _pagingSupported, _serverSideSorting

Constructor Summary

Constructors

Constructor	Description
LdapGroupDirectory()

Method Summary

Modifier and Type	Method	Description
private I18nizableText	_buildI18n(String i18nKey)
private boolean	_filterMatchingGroup(Group group, String pattern)
protected String	_getGroupId(SearchResult groupEntry)	Get a group id from attributes of a ldap group entry.
protected Set<String>	_getGroupIdsOfUser(Attributes userAttrs, DirContext context)	Get group ids from attributes of a ldap user entry.
protected String	_getRelativeDn(String dn)	If the given DN is absolute, return the relative DN.
protected SearchControls	_getSearchConstraint()	Get constraints for a search.
protected Group	_getUserGroup(SearchResult entry)	Get an UserGroup from attributes of a ldap entry.
private Set<String>	_getUserGroupsFromMemberAttr(UserIdentity userIdentity, LdapUserDirectory userDirectory)
private Set<String>	_getUserGroupsFromMemberofAttr(UserIdentity userIdentity, String usersRelativeDN, LdapUserDirectory associatedUserDirectory)
protected UserIdentity	_getUserInLdapFromDn(String ldapDn)	Gets a user according to its DN
protected UserIdentity	_getUserInLdapFromUid(String ldapUid)	Gets a user according to its UID
private SearchControls	_getUserSearchConstraint(String[] returningAttributes)
protected Set<UserIdentity>	_getUsersFromMembersOfAttr(String groupId)	Gets all users of a group from the 'runtime.groups.ldap.memberof' attribute on the users
protected Map<String,Object>	_group2JSON(Group group, boolean users)	Get group as JSON object
void	dispose()
private Cache<String,Group>	getCacheGroupById()
private Cache<UserIdentity,Set<String>>	getCacheGroupsByUser()
AbstractCacheManager	getCacheManager()	Returns the instance of the implementation of AbstractCacheManager to use.
private Cache<GroupIdentity,Set<UserIdentity>>	getCacheUsersByGroup()
Group	getGroup(String groupID)	Returns a particular group.
String	getGroupDirectoryModelId()	Get the id of the GroupDirectoryModel extension point
Set<Group>	getGroups()	Returns all groups.
List<Group>	getGroups(int count, int offset, Map parameters)	Get groups
String	getId()	Get the id of the group directory.
I18nizableText	getLabel()	Get the label of the group directory.
Collection<Cacheable.SingleCacheConfiguration>	getManagedCaches()	Gets the managed caches.
Map<String,Object>	getParameterValues()	Get the values of parameters (from group directory model)
protected String[]	getSortByFields()	Get the fields to sort by if the search is sorted
private String	getUniqueCacheIdSuffix()
Set<String>	getUserGroups(UserIdentity userIdentity)	Get all groups a particular user is in.
void	init(String groupDirectoryModelId, Map<String,Object> paramValues)	Initialize the group directory with given parameter values.
void	service(ServiceManager serviceManager)
void	setId(String id)	Set the id of the group directory.
void	setLabel(I18nizableText label)	Set the label of the group directory.

Methods inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector

_cleanup, _delayedInitialize, _getConfigParameter, _getContextEnv, _getFilter, _getRootContextEnv, _getSearchScope, _hasMoreEntries, _search, _search, _search, _search, _setResultsControls, _testConnectionsPooled, _testPagingSupported, isPagingSupported

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ametys.core.util.Cacheable

createCaches, getCache, hasComputableSize, isCachingEnabled, removeCaches

Field Detail

__PARAM_DATASOURCE_ID

protected static final String __PARAM_DATASOURCE_ID

Name of the parameter holding the datasource id

See Also:

Constant Field Values

__PARAM_ASSOCIATED_USERDIRECTORY_ID

protected static final String __PARAM_ASSOCIATED_USERDIRECTORY_ID

Name of the parameter holding the id of the associated user directory

See Also:

Constant Field Values

__PARAM_GROUPS_RELATIVE_DN

protected static final String __PARAM_GROUPS_RELATIVE_DN

Relative DN for groups.

See Also:

Constant Field Values

__PARAM_GROUPS_OBJECT_FILTER

protected static final String __PARAM_GROUPS_OBJECT_FILTER

Filter for limiting the search.

See Also:

Constant Field Values

__PARAM_GROUPS_SEARCH_SCOPE

protected static final String __PARAM_GROUPS_SEARCH_SCOPE

The scope used for search.

See Also:

Constant Field Values

__PARAM_GROUPS_ID_ATTRIBUTE

protected static final String __PARAM_GROUPS_ID_ATTRIBUTE

Name of the id attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_DESCRIPTION_ATTRIBUTE

protected static final String __PARAM_GROUPS_DESCRIPTION_ATTRIBUTE

Name of the decription attribute.

See Also:

Constant Field Values

__PARAM_USERS_UID_ATTRIBUTE

protected static final String __PARAM_USERS_UID_ATTRIBUTE

Name of the user uid attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_MEMBER_ATTRIBUTE

protected static final String __PARAM_GROUPS_MEMBER_ATTRIBUTE

Name of the member DN attribute.

See Also:

Constant Field Values

__PARAM_GROUPS_MEMBEROF_ATTRIBUTE

protected static final String __PARAM_GROUPS_MEMBEROF_ATTRIBUTE

Name of the member DN attribute.

See Also:

Constant Field Values

__GROUP_COMPARATOR

private static final LdapGroupDirectory.GroupComparator __GROUP_COMPARATOR

__LDAP_GROUPDIRECTORY_GROUP_BY_ID_CACHE_NAME_PREFIX

private static final String __LDAP_GROUPDIRECTORY_GROUP_BY_ID_CACHE_NAME_PREFIX

__LDAP_GROUPDIRECTORY_GROUPS_BY_USER_CACHE_NAME_PREFIX

private static final String __LDAP_GROUPDIRECTORY_GROUPS_BY_USER_CACHE_NAME_PREFIX

__LDAP_GROUPDIRECTORY_USERS_BY_GROUP_CACHE_NAME_PREFIX

private static final String __LDAP_GROUPDIRECTORY_USERS_BY_GROUP_CACHE_NAME_PREFIX

NULLGROUP

private static final Group NULLGROUP

Unique instance of group to mean a null result in the cache

_userManager

protected UserManager _userManager

The user manager

_userPopulationDAO

protected UserPopulationDAO _userPopulationDAO

The DAO for user populations

_groupsRelativeDN

protected String _groupsRelativeDN

The group DN relative to baseDN

_groupsObjectFilter

protected String _groupsObjectFilter

The filter to find groups

_groupsSearchScope

protected int _groupsSearchScope

The scope used for search.

_groupsIdAttribute

protected String _groupsIdAttribute

The group id attribute

_groupsDescriptionAttribute

protected String _groupsDescriptionAttribute

The group description attribute

_pageSize

protected int _pageSize

The LDAP search page size.

_groupsMemberAttribute

protected String _groupsMemberAttribute

The attribute which contains the member DN

_associatedUserDirectoryId

protected String _associatedUserDirectoryId

The id of the associated user directory where the LDAP group will retrieve the users

_associatedPopulationId

protected String _associatedPopulationId

The id of the associated user population where the LDAP group will retrieve the users

_userUidAttribute

protected String _userUidAttribute

The user id in 'memberUid' attribute (on groups for retrieving the users of a group).

_usersMemberOfAttribute

protected String _usersMemberOfAttribute

The attribute which contains the groups of a user

_id

protected String _id

The id

_label

protected I18nizableText _label

The label

_groupDirectoryModelId

private String _groupDirectoryModelId

The id of the GroupDirectoryModel

_paramValues

private Map<String,Object> _paramValues

The map of the values of the parameters

_groupExtractionPattern

private Pattern _groupExtractionPattern

_uniqueCacheSuffix

private final String _uniqueCacheSuffix

_cacheManager

private AbstractCacheManager _cacheManager

Constructor Detail

LdapGroupDirectory

public LdapGroupDirectory()

Method Detail

getId

public String getId()

Description copied from interface: GroupDirectory

Get the id of the group directory.

Specified by:

getId in interface GroupDirectory

Returns:

The id of the group directory

getLabel

public I18nizableText getLabel()

Description copied from interface: GroupDirectory

Get the label of the group directory.

Specified by:

getLabel in interface GroupDirectory

Returns:

The label of the group directory

setId

public void setId(String id)

Description copied from interface: GroupDirectory

Set the id of the group directory.

Specified by:

setId in interface GroupDirectory

Parameters:

id - The id

setLabel

public void setLabel(I18nizableText label)

Description copied from interface: GroupDirectory

Set the label of the group directory.

Specified by:

setLabel in interface GroupDirectory

Parameters:

label - The label

getGroupDirectoryModelId

public String getGroupDirectoryModelId()

Description copied from interface: GroupDirectory

Get the id of the GroupDirectoryModel extension point

Specified by:

getGroupDirectoryModelId in interface GroupDirectory

Returns:

the id of extension point

getParameterValues

public Map<String,Object> getParameterValues()

Description copied from interface: GroupDirectory

Get the values of parameters (from group directory model)

Specified by:

getParameterValues in interface GroupDirectory

Returns:

the parameters' values

service

public void service(ServiceManager serviceManager)
             throws ServiceException

Specified by:

service in interface Serviceable

Overrides:

service in class AbstractLDAPConnector

Throws:

ServiceException

dispose

public void dispose()

Specified by:

dispose in interface Disposable

getCacheManager

public AbstractCacheManager getCacheManager()

Description copied from interface: Cacheable

Returns the instance of the implementation of AbstractCacheManager to use.
This is not meant to be called manually.

Specified by:

getCacheManager in interface Cacheable

Returns:

The AbstractCacheManager to bind

getManagedCaches

public Collection<Cacheable.SingleCacheConfiguration> getManagedCaches()

Description copied from interface: Cacheable

Gets the managed caches.
This is meant to be implemented in order to describe the managed caches and automatically create and remove the corresponding caches in Cacheable.createCaches() and Cacheable.removeCaches() default methods.
This is not meant to be called manually.

Specified by:

getManagedCaches in interface Cacheable

Returns:

A collection of Cacheable.SingleCacheConfigurations to manage

_buildI18n

private I18nizableText _buildI18n(String i18nKey)

getCacheGroupById

private Cache<String,Group> getCacheGroupById()

getCacheGroupsByUser

private Cache<UserIdentity,Set<String>> getCacheGroupsByUser()

getCacheUsersByGroup

private Cache<GroupIdentity,Set<UserIdentity>> getCacheUsersByGroup()

getUniqueCacheIdSuffix

private String getUniqueCacheIdSuffix()

init

public void init(String groupDirectoryModelId,
                 Map<String,Object> paramValues)
          throws Exception

Description copied from interface: GroupDirectory

Initialize the group directory with given parameter values.

Specified by:

init in interface GroupDirectory

Parameters:

groupDirectoryModelId - The id of group directory extension point

paramValues - The parameters' values

Throws:

Exception - If an error occured

getGroup

public Group getGroup(String groupID)

Description copied from interface: GroupDirectory

Returns a particular group.

Specified by:

getGroup in interface GroupDirectory

Parameters:

groupID - The id of the group.

Returns:

The group or null if the group does not exist.

getGroups

public Set<Group> getGroups()

Description copied from interface: GroupDirectory

Returns all groups.

Specified by:

getGroups in interface GroupDirectory

Returns:

The groups as a Set of UserGroup, empty if an error occurs.

getUserGroups

public Set<String> getUserGroups(UserIdentity userIdentity)

Description copied from interface: GroupDirectory

Get all groups a particular user is in.

Specified by:

getUserGroups in interface GroupDirectory

Parameters:

userIdentity - The identity of the user

Returns:

The groups as a Set of String (group ID), empty if the login does not match.

_getUserGroupsFromMemberofAttr

private Set<String> _getUserGroupsFromMemberofAttr(UserIdentity userIdentity,
                                                   String usersRelativeDN,
                                                   LdapUserDirectory associatedUserDirectory)

_getUserGroupsFromMemberAttr

private Set<String> _getUserGroupsFromMemberAttr(UserIdentity userIdentity,
                                                 LdapUserDirectory userDirectory)

_getGroupId

protected String _getGroupId(SearchResult groupEntry)

Get a group id from attributes of a ldap group entry.

Parameters:

groupEntry - The ldap group entry to get attributes from.

Returns:

The group id as a String.

Throws:

IllegalArgumentException - If a needed attribute is missing.

_getGroupIdsOfUser

protected Set<String> _getGroupIdsOfUser(Attributes userAttrs,
                                         DirContext context)
                                  throws NamingException

Get group ids from attributes of a ldap user entry.

Parameters:

userAttrs - The attributes of a ldap user entry

context - The context

Returns:

The group ids as a Set of String.

Throws:

NamingException - If a naming exception was encountered while retrieving the group DNs

IllegalArgumentException - If a needed attribute is missing.

getGroups

public List<Group> getGroups(int count,
                             int offset,
                             Map parameters)

Description copied from interface: GroupDirectory

Get groups

Specified by:

getGroups in interface GroupDirectory

Parameters:

count - The maximum number of groups to sax. (-1 to sax all)

offset - The offset to start with, first is 0.

parameters - Parameters for saxing user list differently, see implementation.

Returns:

The matching groups

_filterMatchingGroup

private boolean _filterMatchingGroup(Group group,
                                     String pattern)

_getUserGroup

protected Group _getUserGroup(SearchResult entry)

Get an UserGroup from attributes of a ldap entry.

Parameters:

entry - The ldap entry to get attributes from.

Returns:

The group as an UserGroup.

Throws:

IllegalArgumentException - If a needed attribute is missing.

_getRelativeDn

protected String _getRelativeDn(String dn)

If the given DN is absolute, return the relative DN. Otherwise, return the given DN.

Parameters:

dn - The absolute or relative DN

Returns:

The relative DN

_getUserInLdapFromDn

protected UserIdentity _getUserInLdapFromDn(String ldapDn)

Gets a user according to its DN

Parameters:

ldapDn - The DN of the user in the LDAP

Returns:

A user

_getUserInLdapFromUid

protected UserIdentity _getUserInLdapFromUid(String ldapUid)

Gets a user according to its UID

Parameters:

ldapUid - The UID of the user in the LDAP

Returns:

A user

_getUsersFromMembersOfAttr

protected Set<UserIdentity> _getUsersFromMembersOfAttr(String groupId)

Gets all users of a group from the 'runtime.groups.ldap.memberof' attribute on the users

Parameters:

groupId - The id of the group

Returns:

The users of the given group, only by looking at the 'runtime.groups.ldap.memberof' attribute on the users

_getUserSearchConstraint

private SearchControls _getUserSearchConstraint(String[] returningAttributes)

_getSearchConstraint

protected SearchControls _getSearchConstraint()

Get constraints for a search.

Returns:

The constraints as a SearchControls.

_group2JSON

protected Map<String,Object> _group2JSON(Group group,
                                               boolean users)

Get group as JSON object

Parameters:

group - the group

users - true to get users' group

Returns:

the group as JSON object

getSortByFields

protected String[] getSortByFields()

Description copied from class: AbstractLDAPConnector

Get the fields to sort by if the search is sorted

Overrides:

getSortByFields in class AbstractLDAPConnector

Returns:

The list of fields to sort by