Uwe Grawert has uploaded a new change for review.
Change subject: Add support for OpenLDAP as domain provider
......................................................................
Add support for OpenLDAP as domain provider
Change-Id: I7fa5c92088a34d8c3881ce839963a13fe9ca4f84
Signed-off-by: Uwe Grawert <graw...@b1-systems.de>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapQueryMetadataFactoryImpl.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupAttributes.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupContextMapper.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapLdapGuidEncoder.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSE.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEAttributes.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEContextMapper.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUPNLdapQueryExecutionFormatter.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserAttributes.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserContextMapper.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/RootDSEFactory.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
A
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/OpenLdapUserContextMapper.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
15 files changed, 482 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/29/13829/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapQueryMetadataFactoryImpl.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapQueryMetadataFactoryImpl.java
index e24fe1b..d03f5ef 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapQueryMetadataFactoryImpl.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapQueryMetadataFactoryImpl.java
@@ -16,6 +16,7 @@
private static EnumMap<SearchLangageLDAPTokens, String> ipaSearchSyntaxMap;
private static EnumMap<SearchLangageLDAPTokens, String> dsSearchSyntaxMap;
private static EnumMap<SearchLangageLDAPTokens, String>
itdsSearchSyntaxMap;
+ private static EnumMap<SearchLangageLDAPTokens, String>
openLdapSearchSyntaxMap;
@Override
public LdapQueryMetadata getLdapQueryMetadata(LdapProviderType
providerType, LdapQueryData queryData) {
@@ -38,6 +39,7 @@
Map<LdapQueryType, LdapQueryMetadata> ipaHashMap = setIPAMap();
Map<LdapQueryType, LdapQueryMetadata> dsHashMap = setDSMap();
Map<LdapQueryType, LdapQueryMetadata> itdsHashMap = setITDSMap();
+ Map<LdapQueryType, LdapQueryMetadata> openLdapHashMap =
setOpenLdapMap();
Map<LdapQueryType, LdapQueryMetadata> generalHashMap =
setGeneralProviderMap();
queryMetadataMap = new HashMap<LdapProviderType, Map<LdapQueryType,
LdapQueryMetadata>>();
@@ -45,6 +47,7 @@
queryMetadataMap.put(LdapProviderType.ipa, ipaHashMap);
queryMetadataMap.put(LdapProviderType.rhds, dsHashMap);
queryMetadataMap.put(LdapProviderType.itds, itdsHashMap);
+ queryMetadataMap.put(LdapProviderType.openLdap, openLdapHashMap);
queryMetadataMap.put(LdapProviderType.general, generalHashMap);
instance = new LdapQueryMetadataFactoryImpl();
@@ -466,6 +469,104 @@
}
+ private static HashMap<LdapQueryType, LdapQueryMetadata> setOpenLdapMap() {
+ HashMap<LdapQueryType, LdapQueryMetadata> openLdapHashMap = new
HashMap<LdapQueryType, LdapQueryMetadata>();
+ openLdapHashMap.put(LdapQueryType.getGroupByDN, new
LdapQueryMetadataImpl(
+ "(cn=*)",
+ "%1$s",
+ new OpenLdapGroupContextMapper(),
+ SearchControls.OBJECT_SCOPE,
+ OpenLdapGroupContextMapper.GROUP_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getGroupByGuid, new
LdapQueryMetadataImpl(
+ "(entryUUID=%1$s)",
+ "",
+ new OpenLdapGroupContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapGroupContextMapper.GROUP_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getUserByGuid, new
LdapQueryMetadataImpl(
+ "(entryUUID=%1$s)",
+ "",
+ new OpenLdapUserContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapUserContextMapper.USERS_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getGroupByName, new
LdapQueryMetadataImpl(
+ "(&(objectClass=groupOfNames)(cn=%1$s))",
+ "",
+ new OpenLdapGroupContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapGroupContextMapper.GROUP_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getUserByPrincipalName, new
LdapQueryMetadataImpl(
+ "(uid=%1$s)",
+ "",
+ new OpenLdapUserContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapUserContextMapper.USERS_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getUserByName, new
LdapQueryMetadataImpl(
+ "(uid=%1$s)",
+ "",
+ new OpenLdapUserContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapUserContextMapper.USERS_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.rootDSE, new LdapQueryMetadataImpl(
+ "(objectClass=*)",
+ "",
+ new OpenLdapRootDSEContextMapper(),
+ SearchControls.OBJECT_SCOPE,
+ OpenLdapRootDSEContextMapper.ROOTDSE_ATTRIBUTE_FILTER,
+ new SimpleLdapQueryExecutionFormatter(),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getGroupsByGroupNames, new
LdapQueryMetadataImpl(
+ "(&(objectClass=groupOfNames)(cn=%1$s))",
+ "",
+ new OpenLdapGroupContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapGroupContextMapper.GROUP_ATTRIBUTE_FILTER,
+ new MultipleLdapQueryExecutionFormatter("(|", ")"),
+ new OpenLdapLdapGuidEncoder()));
+ openLdapHashMap.put(LdapQueryType.getUsersByUserGuids, new
LdapQueryMetadataImpl(
+ "(uid=%1$s)",
+ "",
+ new OpenLdapUserContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapUserContextMapper.USERS_ATTRIBUTE_FILTER,
+ new MultipleLdapQueryExecutionFormatter("(|", ")"),
+ new OpenLdapLdapGuidEncoder()));
+ LdapQueryMetadataImpl OpenLdapSearchUsersMetadata = new
LdapQueryMetadataImpl(
+ "this string is replaced by user input meta-query",
+ "",
+ new OpenLdapUserContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapUserContextMapper.USERS_ATTRIBUTE_FILTER,
+ new SearchQueryFotmatter(openLdapSearchSyntaxMap),
+ new OpenLdapLdapGuidEncoder());
+ openLdapHashMap.put(LdapQueryType.searchUsers,
OpenLdapSearchUsersMetadata);
+
+ LdapQueryMetadataImpl OpenLdapSearchGroupsMetadata = new
LdapQueryMetadataImpl(
+ "this string is replaced by user input meta-query",
+ "",
+ new OpenLdapGroupContextMapper(),
+ SearchControls.SUBTREE_SCOPE,
+ OpenLdapGroupContextMapper.GROUP_ATTRIBUTE_FILTER,
+ new SearchQueryFotmatter(openLdapSearchSyntaxMap),
+ new OpenLdapLdapGuidEncoder());
+ openLdapHashMap.put(LdapQueryType.searchGroups,
OpenLdapSearchGroupsMetadata);
+
+ return openLdapHashMap;
+
+ }
+
private static void prepareQueryFormatters() {
activeDirectorySearchSyntaxMap = new EnumMap<SearchLangageLDAPTokens,
String>(SearchLangageLDAPTokens.class);
activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$GIVENNAME,
"givenname");
@@ -500,5 +601,13 @@
itdsSearchSyntaxMap.put(SearchLangageLDAPTokens.$LDAP_GROUP_CATEGORY,
"objectClass=groupOfUniqueNames");
itdsSearchSyntaxMap.put(SearchLangageLDAPTokens.$CN, "cn");
itdsSearchSyntaxMap.put(SearchLangageLDAPTokens.$USER_ACCOUNT_NAME,
"uid");
+
+ openLdapSearchSyntaxMap = new EnumMap<SearchLangageLDAPTokens,
String>(SearchLangageLDAPTokens.class);
+ openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$GIVENNAME,
"givenname");
+
openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$USER_ACCOUNT_TYPE,
"&(objectClass=person)");
+ openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$PRINCIPAL_NAME,
"uid");
+
openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$LDAP_GROUP_CATEGORY,
"objectClass=groupOfNames");
+ openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$CN, "cn");
+
openLdapSearchSyntaxMap.put(SearchLangageLDAPTokens.$USER_ACCOUNT_NAME, "uid");
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupAttributes.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupAttributes.java
new file mode 100644
index 0000000..dfd9211
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupAttributes.java
@@ -0,0 +1,6 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+public enum OpenLdapGroupAttributes {
+ entryuuid,
+ memberof
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupContextMapper.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupContextMapper.java
new file mode 100644
index 0000000..2089162
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapGroupContextMapper.java
@@ -0,0 +1,64 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapGroupAttributes.entryuuid;
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapGroupAttributes.memberof;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
+import org.ovirt.engine.core.compat.Guid;
+import org.ovirt.engine.core.utils.log.Log;
+import org.ovirt.engine.core.utils.log.LogFactory;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
+
+public class OpenLdapGroupContextMapper implements ContextMapper {
+
+ private static Log log = LogFactory.getLog(LdapBrokerImpl.class);
+
+ public final static String[] GROUP_ATTRIBUTE_FILTER = { memberof.name(),
entryuuid.name() };
+
+ @Override
+ public Object mapFromContext(Object ctx) {
+ if (ctx == null) {
+ return null;
+ }
+
+ DirContextAdapter searchResult = (DirContextAdapter) ctx;
+ Attributes attributes = searchResult.getAttributes();
+
+ if (attributes == null) {
+ return null;
+ }
+
+ if (attributes.get(entryuuid.name()) == null) {
+ return null;
+ }
+
+ try {
+ List<String> memberOf = new ArrayList<String>();
+ Attribute att = attributes.get(memberof.name());
+ if (att != null) {
+ NamingEnumeration<?> groupsNames = att.getAll();
+ while (groupsNames.hasMoreElements()) {
+ memberOf.add((String) groupsNames.nextElement());
+ }
+ }
+
+ String objectGuid = (String)
attributes.get(entryuuid.name()).get(0);
+
+ String distinguishedName = searchResult.getNameInNamespace();
+ distinguishedName =
LdapBrokerUtils.hadleNameEscaping(distinguishedName);
+ GroupSearchResult groupSearchResult =
+ new
GroupSearchResult(Guid.createGuidFromString(objectGuid), memberOf,
distinguishedName);
+ return groupSearchResult;
+ } catch (Exception ex) {
+ log.error("Failed populating group", ex);
+ return null;
+ }
+ }
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapLdapGuidEncoder.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapLdapGuidEncoder.java
new file mode 100644
index 0000000..b10e499
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapLdapGuidEncoder.java
@@ -0,0 +1,12 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+import org.ovirt.engine.core.compat.Guid;
+
+public class OpenLdapLdapGuidEncoder implements LdapGuidEncoder {
+
+ @Override
+ public String encodeGuid(Guid guid) {
+ return guid.toString();
+ }
+
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSE.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSE.java
new file mode 100644
index 0000000..2466054
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSE.java
@@ -0,0 +1,35 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
+
+public class OpenLdapRootDSE implements RootDSE {
+
+ private String defaultNamingContext;
+
+ public OpenLdapRootDSE() {
+ }
+
+ public OpenLdapRootDSE(String defaultNamingContext) {
+ this.defaultNamingContext = defaultNamingContext;
+ }
+
+ public OpenLdapRootDSE(Attributes rootDseRecords) throws NamingException {
+ Attribute namingContexts =
rootDseRecords.get(OpenLdapRootDSEAttributes.namingContexts.name());
+ if ( namingContexts != null ) {
+ this.defaultNamingContext = namingContexts.get(0).toString();
+ }
+ }
+
+ @Override
+ public void setDefaultNamingContext(String defaultNamingContext) {
+ this.defaultNamingContext = defaultNamingContext;
+ }
+
+ @Override
+ public String getDefaultNamingContext() {
+ return defaultNamingContext;
+ }
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEAttributes.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEAttributes.java
new file mode 100644
index 0000000..645687a
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEAttributes.java
@@ -0,0 +1,5 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+public enum OpenLdapRootDSEAttributes {
+ namingContexts
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEContextMapper.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEContextMapper.java
new file mode 100644
index 0000000..6e75309
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapRootDSEContextMapper.java
@@ -0,0 +1,44 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapRootDSEAttributes.namingContexts;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
+import org.ovirt.engine.core.utils.log.Log;
+import org.ovirt.engine.core.utils.log.LogFactory;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
+
+public class OpenLdapRootDSEContextMapper implements ContextMapper {
+
+ private static Log log =
LogFactory.getLog(OpenLdapRootDSEContextMapper.class);
+
+ public final static String[] ROOTDSE_ATTRIBUTE_FILTER = {
namingContexts.name() };
+
+ @Override
+ public Object mapFromContext(Object ctx) {
+
+ DirContextAdapter searchResult = (DirContextAdapter) ctx;
+ Attributes attributes = searchResult.getAttributes();
+
+ if (attributes == null) {
+ return null;
+ }
+
+ Attribute att = attributes.get(namingContexts.name());
+
+ if (att != null) {
+ try {
+ return (att.get(0));
+ } catch (NamingException e) {
+ log.error("Failed getting naming contexts from root DSE", e);
+ return null;
+ }
+ } else {
+ return null;
+ }
+ }
+
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUPNLdapQueryExecutionFormatter.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUPNLdapQueryExecutionFormatter.java
new file mode 100644
index 0000000..1e38f3c
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUPNLdapQueryExecutionFormatter.java
@@ -0,0 +1,41 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+/**
+ * OpenLdap doesn't have a UPN, so this formatter practically adjusts the
query to search by user name instead of UPN
+ */
+public class OpenLdapUPNLdapQueryExecutionFormatter extends
SimpleLdapQueryExecutionFormatter {
+
+ /**
+ * Put the user name instead of the UPN in the filter
+ */
+ protected String getFilter(LdapQueryMetadata queryMetadata) {
+ String userPrincipalName =
(String)queryMetadata.getQueryData().getFilterParameters()[0];
+ String userName = userPrincipalName.split("@")[0];
+ return String.format(queryMetadata.getFilter(), userName);
+ }
+
+ @Override
+ protected String getDisplayFilter(LdapQueryMetadata queryMetadata) {
+ return getFilter(queryMetadata);
+ }
+
+ @Override
+ public LdapQueryExecution format(LdapQueryMetadata queryMetadata) {
+
+ String filter = getFilter(queryMetadata);
+
+ String baseDN =
+ String.format(queryMetadata.getBaseDN(),
+
getEncodedParameters(queryMetadata.getQueryData().getBaseDNParameters(),
+ queryMetadata.getLdapGuidEncoder()));
+
+ return new LdapQueryExecution(filter,
+ getDisplayFilter(queryMetadata),
+ baseDN,
+ queryMetadata.getContextMapper(),
+ queryMetadata.getSearchScope(),
+ queryMetadata.getReturningAttributes(),
+ queryMetadata.getQueryData().getDomain());
+ }
+
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserAttributes.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserAttributes.java
new file mode 100644
index 0000000..2e12840
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserAttributes.java
@@ -0,0 +1,11 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+public enum OpenLdapUserAttributes {
+ entryuuid,
+ givenname,
+ title,
+ mail,
+ sn,
+ memberof,
+ uid
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserContextMapper.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserContextMapper.java
new file mode 100644
index 0000000..34af868
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/OpenLdapUserContextMapper.java
@@ -0,0 +1,109 @@
+package org.ovirt.engine.core.bll.adbroker;
+
+import static org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.uid;
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.givenname;
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.entryuuid;
+import static org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.mail;
+import static
org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.memberof;
+import static org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.sn;
+import static org.ovirt.engine.core.bll.adbroker.OpenLdapUserAttributes.title;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
+
+import org.ovirt.engine.core.common.businessentities.LdapUser;
+import org.ovirt.engine.core.compat.Guid;
+import org.ovirt.engine.core.utils.log.Log;
+import org.ovirt.engine.core.utils.log.LogFactory;
+
+public class OpenLdapUserContextMapper implements ContextMapper {
+
+ private static Log log = LogFactory.getLog(LdapBrokerImpl.class);
+
+ public final static String[] USERS_ATTRIBUTE_FILTER = { entryuuid.name(),
+ givenname.name(), uid.name(), title.name(), mail.name(),
memberof.name(),
+ sn.name() };
+
+ @Override
+ public Object mapFromContext(Object ctx) {
+
+ if (ctx == null) {
+ return null;
+ }
+
+ DirContextAdapter searchResult = (DirContextAdapter) ctx;
+ Attributes attributes = searchResult.getAttributes();
+
+ if (attributes == null) {
+ return null;
+ }
+
+ LdapUser user;
+ user = new LdapUser();
+
+ // user's Guid
+ String objectGuid;
+ try {
+ objectGuid = (String)attributes.get(entryuuid.name()).get(0);
+ user.setUserId(Guid.createGuidFromString(objectGuid));
+
+ // Getting other string properties
+ Attribute att = attributes.get(uid.name());
+ if (att != null) {
+ user.setUserName((String) att.get(0));
+ } else {
+ return null;
+ }
+
+ att = attributes.get(givenname.name());
+ if (att != null) {
+ user.setName((String) att.get(0));
+ }
+ att = attributes.get(sn.name());
+ if (att != null) {
+ user.setSurName((String) att.get(0));
+ }
+ att = attributes.get(title.name());
+ if (att != null) {
+ user.setTitle((String) att.get(0));
+ }
+
+ att = attributes.get(mail.name());
+ if (att != null) {
+ user.setEmail((String) att.get(0));
+ }
+
+ att = attributes.get(memberof.name());
+ if (att != null) {
+ NamingEnumeration<?> groupsNames = att.getAll();
+ List<String> memberOf = new ArrayList<String>();
+ while (groupsNames.hasMoreElements()) {
+ memberOf.add((String) groupsNames.nextElement());
+ }
+ user.setMemberof(memberOf);
+ } else {
+ // In case the attribute is null, an empty list is set
+ // in the "memberOf" field in order to avoid a
+ // NullPointerException
+ // while traversing on the groups list in
+ // LdapBrokerCommandBase.ProceedGroupsSearchResult
+
+ user.setMemberof(new ArrayList<String>());
+ }
+ } catch (NamingException e) {
+ log.error("Failed populating user",e);
+ return null;
+ }
+
+ return user;
+ }
+
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/RootDSEFactory.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/RootDSEFactory.java
index 67d9a51..44c11ba 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/RootDSEFactory.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/RootDSEFactory.java
@@ -18,6 +18,8 @@
return new RHDSRootDSE(rootDseRecords);
case itds:
return new ITDSRootDSE(rootDseRecords);
+ case openLdap:
+ return new OpenLdapRootDSE(rootDseRecords);
case general:
default:
return new GeneralRootDSE(rootDseRecords);
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java
index 67f54dd..96e3cfd 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java
@@ -5,6 +5,7 @@
ipa("389 Project"),
rhds("Red Hat"),
itds("IBM Tivoli Directory Server"),
+ openLdap("OpenLDAP"),
general("Deprecated - for auto-detection usages"); // for rootDSE purpose
private String vendorName;
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
index 01294c6..60033ff 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
@@ -21,8 +21,10 @@
* @return
*/
public static SearchControls createSearchControls() {
+ String[] returnAttributes = {NAMING_CONTEXTS_RESULT_ATTRIBUTE,
DEFAULT_NAMING_CONTEXT_RESULT_ATTRIBUTE};
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.OBJECT_SCOPE);
+ searchControls.setReturningAttributes(returnAttributes);
// Added this in order to prevent a warning saying: "the returning obj
flag wasn't set, setting it to true"
searchControls.setReturningObjFlag(true);
return searchControls;
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/OpenLdapUserContextMapper.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/OpenLdapUserContextMapper.java
new file mode 100644
index 0000000..ee54708
--- /dev/null
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/OpenLdapUserContextMapper.java
@@ -0,0 +1,34 @@
+package org.ovirt.engine.core.utils.ipa;
+
+import static
org.ovirt.engine.core.utils.kerberos.InstallerConstants.ERROR_PREFIX;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
+
+public class OpenLdapUserContextMapper implements ContextMapper {
+ @Override
+ public Object mapFromContext(Object ctx) {
+
+ if (ctx == null) {
+ return null;
+ }
+
+ DirContextAdapter searchResult = (DirContextAdapter) ctx;
+ Attributes attributes = searchResult.getAttributes();
+
+ if (attributes == null) {
+ return null;
+ }
+
+ try {
+ return attributes.get("uid").get(0);
+ } catch (NamingException e) {
+ System.err.println(ERROR_PREFIX + "Failed getting user GUID");
+ return null;
+ }
+ }
+
+}
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
index 201fb1d..af42b2d 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
@@ -94,7 +94,7 @@
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Adding all the three attributes possible, as RHDS
doesn't return the nsUniqueId by default
- controls.setReturningAttributes(new String[]{"nsUniqueId",
"ipaUniqueId","objectGuid","uniqueIdentifier"});
+ controls.setReturningAttributes(new String[]{"nsUniqueId",
"ipaUniqueId","objectGuid","uniqueIdentifier","entryuuid"});
// Added this in order to prevent a warning saying: "the
returning obj flag wasn't set, setting it to true"
controls.setReturningObjFlag(true);
currentLdapServer = ldapQueryPath.toString();
@@ -195,6 +195,9 @@
} else if (ldapProviderType.equals(LdapProviderType.itds)) {
String uniqueId = (String)
sr.getAttributes().get("uniqueIdentifier").get();
guidString += uniqueId;
+ } else if (ldapProviderType.equals(LdapProviderType.openLdap)) {
+ String uniqueId = (String)
sr.getAttributes().get("entryUUID").get();
+ guidString += uniqueId;
} else {
Object objectGuid = sr.getAttributes().get("objectGUID").get();
byte[] guid = (byte[]) objectGuid;
@@ -218,6 +221,9 @@
} else if (ldapProviderType.equals(LdapProviderType.itds)) {
userName = userName.split("@")[0];
query = "(&(objectClass=person)(uid=" + userName + "))";
+ } else if (ldapProviderType.equals(LdapProviderType.openLdap)) {
+ userName = userName.split("@")[0];
+ query = "(uid=" + userName + ")";
}
else {
StringBuilder queryBase = new
StringBuilder("(&(sAMAccountType=805306368)(");
--
To view, visit http://gerrit.ovirt.org/13829
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7fa5c92088a34d8c3881ce839963a13fe9ca4f84
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Uwe Grawert <graw...@b1-systems.de>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
