Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +10 −15 Original line number Diff line number Diff line Loading @@ -114,7 +114,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "(groupdn = \"ldap:///<ACTUAL_GROUP>\");)"; private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " + "(version 3.0;acl \"Group Public\";" + "allow (read,compare,search)userdn=\"ldap:///anyone\";)"; "allow (read,compare,search)userdn=\"ldap:///all\";)"; private LdapUserDAO<T> userPersist; Loading Loading @@ -327,7 +327,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO Filter filter = Filter.createANDFilter( Filter.createEqualityFilter("cn", groupID), Filter.createNOTFilter( Filter.createEqualityFilter("nsaccountlock", "true"))); Filter.createEqualityFilter("nsaccountlock", "TRUE"))); SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, Loading Loading @@ -379,7 +379,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO User<X500Principal> user; try { user = userPersist.getMember(memberDN); user = userPersist.getMember(memberDN, false); } catch (UserNotFoundException e) { Loading @@ -391,8 +391,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else if (memberDN.isDescendantOf(config.getGroupsDN(), false)) { Group memberGroup = getGroup(memberDN); ldapGroup.getGroupMembers().add(memberGroup); ldapGroup.getGroupMembers().add(new Group(memberDN.getRDNString().replace("cn=", ""))); } else { Loading @@ -412,10 +411,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // TODO it's gotta be a better way to do this. String grRead = aci.substring( aci.indexOf("ldap:///")); grRead = grRead.substring(grRead.indexOf("cn"), grRead.lastIndexOf('"')); grRead = grRead.substring(grRead.indexOf("cn=") + 3, grRead.indexOf(',')); Group groupRead = getGroup(new DN(grRead)); Group groupRead = new Group(grRead.trim()); ldapGroup.groupRead = groupRead; } else if (aci.contains("Group Write")) Loading @@ -423,10 +422,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // TODO it's gotta be a better way to do this. String grWrite = aci.substring( aci.indexOf("ldap:///")); grWrite = grWrite.substring(grWrite.indexOf("cn"), grWrite.lastIndexOf('"')); grWrite = grWrite.substring(grWrite.indexOf("cn=") + 3, grWrite.indexOf(',')); Group groupWrite = getGroup(new DN(grWrite)); Group groupWrite = getGroup(grWrite.trim()); ldapGroup.groupWrite = groupWrite; } else if (aci.equals(PUB_GROUP_ACI)) Loading @@ -446,10 +445,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // access control throw new TransientException("Error getting the group", e1); } catch (UserNotFoundException e2) { throw new RuntimeException("BUG - owner or member not found", e2); } } /** Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +26 −7 Original line number Diff line number Diff line Loading @@ -129,7 +129,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } searchField = "(" + searchField + "=" + userID.getName() + ")"; searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))"; SearchResultEntry searchResult = null; try Loading Loading @@ -335,11 +335,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO /** * Returns a member user identified by the X500Principal only. * @param userDN * @param bindAsSubject - true if Ldap commands executed as subject * (proxy authorization) or false if they are executed as the user * in the connection. * @return * @throws UserNotFoundException * @throws LDAPException */ User<X500Principal> getMember(DN userDN) User<X500Principal> getMember(DN userDN, boolean bindAsSubject) throws UserNotFoundException, LDAPException { Filter filter = Loading @@ -352,9 +355,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO (String[]) this.attribType.values().toArray( new String[this.attribType.values().size()])); if (bindAsSubject) { searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); } SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); Loading @@ -372,6 +378,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return user; } /** * Returns a member user identified by the X500Principal only. * @param userDN * @return * @throws UserNotFoundException * @throws LDAPException */ User<X500Principal> getMember(DN userDN) throws UserNotFoundException, LDAPException { return getMember(userDN, true); } DN getUserDN(User<? extends Principal> user) throws LDAPException, UserNotFoundException { Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -87,7 +87,7 @@ public class LdapDAOTest { static String server = "mach275.cadc.dao.nrc.ca"; static int port = 389; static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot"; static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -70,10 +70,10 @@ public class LdapGroupDAOTest static int port = 389; static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; // static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; // static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; //static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net"; //static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net"; static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca"; static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca"; Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ public class LdapUserDAOTest static String server = "mach275.cadc.dao.nrc.ca"; static int port = 389; static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot"; static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +10 −15 Original line number Diff line number Diff line Loading @@ -114,7 +114,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "(groupdn = \"ldap:///<ACTUAL_GROUP>\");)"; private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " + "(version 3.0;acl \"Group Public\";" + "allow (read,compare,search)userdn=\"ldap:///anyone\";)"; "allow (read,compare,search)userdn=\"ldap:///all\";)"; private LdapUserDAO<T> userPersist; Loading Loading @@ -327,7 +327,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO Filter filter = Filter.createANDFilter( Filter.createEqualityFilter("cn", groupID), Filter.createNOTFilter( Filter.createEqualityFilter("nsaccountlock", "true"))); Filter.createEqualityFilter("nsaccountlock", "TRUE"))); SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, Loading Loading @@ -379,7 +379,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO User<X500Principal> user; try { user = userPersist.getMember(memberDN); user = userPersist.getMember(memberDN, false); } catch (UserNotFoundException e) { Loading @@ -391,8 +391,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else if (memberDN.isDescendantOf(config.getGroupsDN(), false)) { Group memberGroup = getGroup(memberDN); ldapGroup.getGroupMembers().add(memberGroup); ldapGroup.getGroupMembers().add(new Group(memberDN.getRDNString().replace("cn=", ""))); } else { Loading @@ -412,10 +411,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // TODO it's gotta be a better way to do this. String grRead = aci.substring( aci.indexOf("ldap:///")); grRead = grRead.substring(grRead.indexOf("cn"), grRead.lastIndexOf('"')); grRead = grRead.substring(grRead.indexOf("cn=") + 3, grRead.indexOf(',')); Group groupRead = getGroup(new DN(grRead)); Group groupRead = new Group(grRead.trim()); ldapGroup.groupRead = groupRead; } else if (aci.contains("Group Write")) Loading @@ -423,10 +422,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // TODO it's gotta be a better way to do this. String grWrite = aci.substring( aci.indexOf("ldap:///")); grWrite = grWrite.substring(grWrite.indexOf("cn"), grWrite.lastIndexOf('"')); grWrite = grWrite.substring(grWrite.indexOf("cn=") + 3, grWrite.indexOf(',')); Group groupWrite = getGroup(new DN(grWrite)); Group groupWrite = getGroup(grWrite.trim()); ldapGroup.groupWrite = groupWrite; } else if (aci.equals(PUB_GROUP_ACI)) Loading @@ -446,10 +445,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // access control throw new TransientException("Error getting the group", e1); } catch (UserNotFoundException e2) { throw new RuntimeException("BUG - owner or member not found", e2); } } /** Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +26 −7 Original line number Diff line number Diff line Loading @@ -129,7 +129,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } searchField = "(" + searchField + "=" + userID.getName() + ")"; searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))"; SearchResultEntry searchResult = null; try Loading Loading @@ -335,11 +335,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO /** * Returns a member user identified by the X500Principal only. * @param userDN * @param bindAsSubject - true if Ldap commands executed as subject * (proxy authorization) or false if they are executed as the user * in the connection. * @return * @throws UserNotFoundException * @throws LDAPException */ User<X500Principal> getMember(DN userDN) User<X500Principal> getMember(DN userDN, boolean bindAsSubject) throws UserNotFoundException, LDAPException { Filter filter = Loading @@ -352,9 +355,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO (String[]) this.attribType.values().toArray( new String[this.attribType.values().size()])); if (bindAsSubject) { searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); } SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); Loading @@ -372,6 +378,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return user; } /** * Returns a member user identified by the X500Principal only. * @param userDN * @return * @throws UserNotFoundException * @throws LDAPException */ User<X500Principal> getMember(DN userDN) throws UserNotFoundException, LDAPException { return getMember(userDN, true); } DN getUserDN(User<? extends Principal> user) throws LDAPException, UserNotFoundException { Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -87,7 +87,7 @@ public class LdapDAOTest { static String server = "mach275.cadc.dao.nrc.ca"; static int port = 389; static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot"; static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -70,10 +70,10 @@ public class LdapGroupDAOTest static int port = 389; static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; // static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; // static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; //static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net"; //static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net"; static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca"; static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca"; Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ public class LdapUserDAOTest static String server = "mach275.cadc.dao.nrc.ca"; static int port = 389; static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot"; static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot"; static String adminPW = "go4it"; static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net"; static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net"; Loading
