Class LdapUserDirectory
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.core.util.ldap.AbstractLDAPConnector
org.ametys.plugins.core.impl.user.directory.LdapUserDirectory
- All Implemented Interfaces:
UserDirectory
,Cacheable
,LogEnabled
,Disposable
,Component
,Serviceable
public class LdapUserDirectory
extends AbstractLDAPConnector
implements UserDirectory, Component, Cacheable, Disposable
Use an ldap directory for getting the list of users and also authenticating
them.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.ametys.core.util.Cacheable
Cacheable.SingleCacheConfiguration
-
Field Summary
Modifier and TypeFieldDescriptionprotected int
The LDAP search page size.protected boolean
To know if email is a mandatory attributeprotected String
Name of the email attribute.protected String
Name of the first name attribute.protected String
Name of the last name attribute.protected String
Name of the login attribute.protected String
Filter for limiting the search.protected String
Relative DN for users.protected int
The scope used for search.static final String
Name of the parameter holding the datasource idstatic final String
True to sort the results on the server side, false to get the results unsorted.static final String
Name of the email attribute.static final String
To know if email is a mandatory attributestatic final String
Name of the first name attribute.static final String
Name of the last name attribute.static final String
Name of the login attribute.static final String
Filter for limiting the search.static final String
Relative DN for users.static final String
The scope used for search.Fields inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector
__DEFAULT_PAGE_SIZE, _ldapAdminPassword, _ldapAdminRelativeDN, _ldapAliasDerefMode, _ldapAuthenticationMethod, _ldapBaseDN, _ldapFollowReferrals, _ldapUrl, _ldapUseSSL, _pagingSupported, _serverSideSorting
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected User
_createUser
(Map<String, Object> attributes) Create a new user from LDAP attributesprotected User
_entry2User
(Map<String, Object> attributes) Deprecated._getAttributes
(SearchResult entry) Get attributes from a ldap entry._getPatternFilter
(String pattern) Get the filter from a pattern.protected SearchControls
_getSearchConstraint
(int maxResults) Get constraints for a search.protected Control[]
Get the sort control._internalGetUsers
(Map<String, Map<String, Object>> entries, int count, int offset, String pattern, int possibleErrors) Get the user list.boolean
checkCredentials
(String login, String password) Authenticate a user with its credentialsvoid
dispose()
Returns the instance of the implementation ofAbstractCacheManager
to use.getId()
A unique identifiergetLabel()
Get the label of the CredentialProviderGets the managed caches.Get the values of parameters (from user directory model)Get the id of the population this user directory belongs to.protected String[]
Get the fields to sort by if the search is sortedGet a particular user by his login.getUserByEmail
(String email) Get a particular user by his email (search should be case insensitive).Get the id of theUserDirectoryModel
extension pointGet the distinguished name of an user by his login.getUsers()
Get the list of all users of one directory.Get a list of users from a directory given the parametersvoid
Initialize the user's directory with given parameters' values.boolean
Is the user directory case sensitive for login?void
service
(ServiceManager serviceManager) void
setPopulationId
(String populationId) Set the value of the id of the population this user directory belong to.Methods inherited from class org.ametys.core.util.ldap.AbstractLDAPConnector
_cleanup, _delayedInitialize, _getConfigParameter, _getContextEnv, _getFilter, _getRootContextEnv, _getSearchScope, _hasMoreEntries, _search, _search, _search, _search, _setResultsControls, _testConnectionsPooled, _testPagingSupported, isPagingSupported
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.util.Cacheable
createCaches, getCache, hasComputableSize, isCachingEnabled, removeCaches
-
Field Details
-
PARAM_DATASOURCE_ID
Name of the parameter holding the datasource id- See Also:
-
PARAM_USERS_RELATIVE_DN
Relative DN for users.- See Also:
-
PARAM_USERS_OBJECT_FILTER
Filter for limiting the search.- See Also:
-
PARAM_USERS_SEARCH_SCOPE
The scope used for search.- See Also:
-
PARAM_USERS_LOGIN_ATTRIBUTE
Name of the login attribute.- See Also:
-
PARAM_USERS_FIRSTNAME_ATTRIBUTE
Name of the first name attribute.- See Also:
-
PARAM_USERS_LASTNAME_ATTRIBUTE
Name of the last name attribute.- See Also:
-
PARAM_USERS_EMAIL_ATTRIBUTE
Name of the email attribute.- See Also:
-
PARAM_USERS_EMAIL_IS_MANDATORY
To know if email is a mandatory attribute- See Also:
-
PARAM_SERVER_SIDE_SORTING
True to sort the results on the server side, false to get the results unsorted.- See Also:
-
_usersRelativeDN
Relative DN for users. -
_usersObjectFilter
Filter for limiting the search. -
_usersSearchScope
The scope used for search. -
_usersLoginAttribute
Name of the login attribute. -
_usersFirstnameAttribute
Name of the first name attribute. -
_usersLastnameAttribute
Name of the last name attribute. -
_usersEmailAttribute
Name of the email attribute. -
_userEmailIsMandatory
To know if email is a mandatory attribute -
_pageSize
The LDAP search page size.
-
-
Constructor Details
-
LdapUserDirectory
public LdapUserDirectory()
-
-
Method Details
-
getId
Description copied from interface:UserDirectory
A unique identifier- Specified by:
getId
in interfaceUserDirectory
- Returns:
- The non-null and non-empty identifier
-
getLabel
Description copied from interface:UserDirectory
Get the label of the CredentialProvider- Specified by:
getLabel
in interfaceUserDirectory
- Returns:
- The optionnal label
-
isCaseSensitive
Description copied from interface:UserDirectory
Is the user directory case sensitive for login?- Specified by:
isCaseSensitive
in interfaceUserDirectory
- Returns:
- true is the user directory is case sensitive
-
service
- Specified by:
service
in interfaceServiceable
- Overrides:
service
in classAbstractLDAPConnector
- Throws:
ServiceException
-
dispose
- Specified by:
dispose
in interfaceDisposable
-
getCacheManager
Description copied from interface:Cacheable
Returns the instance of the implementation ofAbstractCacheManager
to use.
This is not meant to be called manually.- Specified by:
getCacheManager
in interfaceCacheable
- Returns:
- The
AbstractCacheManager
to bind
-
getManagedCaches
Description copied from interface:Cacheable
Gets the managed caches.
This is meant to be implemented in order to describe the managed caches and automatically create and remove the corresponding caches inCacheable.createCaches()
andCacheable.removeCaches()
default methods.
This is not meant to be called manually.- Specified by:
getManagedCaches
in interfaceCacheable
- Returns:
- A collection of
Cacheable.SingleCacheConfiguration
s to manage
-
init
public void init(String id, String udModelId, Map<String, Object> paramValues, String label) throws ExceptionDescription copied from interface:UserDirectory
Initialize the user's directory with given parameters' values.- Specified by:
init
in interfaceUserDirectory
- Parameters:
id
- The non-null and non-empty unique identifierudModelId
- The id of user directory extension pointparamValues
- The parameters' valueslabel
- The optional label- Throws:
Exception
- If an error occurred
-
setPopulationId
Description copied from interface:UserDirectory
Set the value of the id of the population this user directory belong to.- Specified by:
setPopulationId
in interfaceUserDirectory
- Parameters:
populationId
- The id of the population the user directory belongs to.
-
getPopulationId
Description copied from interface:UserDirectory
Get the id of the population this user directory belongs to.- Specified by:
getPopulationId
in interfaceUserDirectory
- Returns:
- The id of the population
-
getParameterValues
Description copied from interface:UserDirectory
Get the values of parameters (from user directory model)- Specified by:
getParameterValues
in interfaceUserDirectory
- Returns:
- the parameters' values
-
getUserDirectoryModelId
Description copied from interface:UserDirectory
Get the id of theUserDirectoryModel
extension point- Specified by:
getUserDirectoryModelId
in interfaceUserDirectory
- Returns:
- the id of extension point
-
getUsers
Description copied from interface:UserDirectory
Get the list of all users of one directory.- Specified by:
getUsers
in interfaceUserDirectory
- Returns:
- list of users as Collection of
User
s, empty if a problem occurs.
-
getUsers
Description copied from interface:UserDirectory
Get a list of users from a directory given the parameters- Specified by:
getUsers
in interfaceUserDirectory
- Parameters:
count
- The limit of users to retrieveoffset
- The number of result to ignore before starting to collect users.parameters
- A map of additional parameters, see implementation.- Returns:
- The list of retrieved
User
-
getUserByEmail
Description copied from interface:UserDirectory
Get a particular user by his email (search should be case insensitive).- Specified by:
getUserByEmail
in interfaceUserDirectory
- Parameters:
email
- Email of the user to get. Cannot be null.- Returns:
- User's information as a
User
instance or null if the user email does not exist. - Throws:
NotUniqueUserException
- If many users match this email
-
getUser
Description copied from interface:UserDirectory
Get a particular user by his login.- Specified by:
getUser
in interfaceUserDirectory
- Parameters:
login
- Login of the user to get. Cannot be null.- Returns:
- User's information as a
User
instance or null if the user login does not exist.
-
checkCredentials
Description copied from interface:UserDirectory
Authenticate a user with its credentials- Specified by:
checkCredentials
in interfaceUserDirectory
- Parameters:
login
- The login to check. Cannot be null.password
- The password to check.- Returns:
- true if the user is authenticated, false otherwise.
-
getUserDN
Get the distinguished name of an user by his login.- Parameters:
login
- Login of the user.- Returns:
- The dn of the user, or null if there is no match or if multiple matches.
-
_createUser
Create a new user from LDAP attributes- Parameters:
attributes
- the LDAP attributes- Returns:
- the user
-
_internalGetUsers
protected List<User> _internalGetUsers(Map<String, Map<String, Object>> entries, int count, int offset, String pattern, int possibleErrors) Get the user list.- Parameters:
entries
- Where to store entriescount
- The maximum number of users to sax. Cannot be 0. Can be -1 to all.offset
- The results to ignorepattern
- The pattern to match.possibleErrors
- This number will be added to count to set the max of the request, but count results will still be returned. The difference stands for errors.- Returns:
- the final offset
-
_getSortControls
Get the sort control.- Returns:
- the sort controls. May be empty if a small error occurs
-
_getPatternFilter
Get the filter from a pattern.- Parameters:
pattern
- The pattern to match.- Returns:
- The result as a Map containing the filter and the parameters.
-
_getSearchConstraint
Get constraints for a search.- Parameters:
maxResults
- The maximum number of items that will be retrieve (0 means all)- Returns:
- The constraints as a SearchControls.
-
_entry2User
Deprecated.Get the User corresponding to an user ldap entry- Parameters:
attributes
- The ldap attributes of the entry to sax.- Returns:
- the JSON representation
-
_getAttributes
Get attributes from a ldap entry.- Parameters:
entry
- The ldap entry to get attributes from.- Returns:
- The attributes in a map.
- Throws:
NamingException
- If an error with attributes occurred
-
getSortByFields
Description copied from class:AbstractLDAPConnector
Get the fields to sort by if the search is sorted- Overrides:
getSortByFields
in classAbstractLDAPConnector
- Returns:
- The list of fields to sort by
-