Loading projects/cadcAccessControl-Server/config/LdapConfig.properties +1 −0 Original line number Diff line number Diff line Loading @@ -3,5 +3,6 @@ server = <name of server> port = <389 or 636> proxyUser = <name of proxy user> usersDn = <DN of users branch> userRequestsDN = <DN of new users branch> groupsDn = <DN of groups branch> adminGroupsDn = <DN of admin groups> projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; import java.security.AccessControlException; Loading Loading @@ -98,7 +99,7 @@ public abstract interface UserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract User<T> addUser(User<T> user) public abstract User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException; /** Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java +24 −4 Original line number Diff line number Diff line Loading @@ -96,12 +96,14 @@ public class LdapConfig public static final String LDAP_PORT = "port"; public static final String LDAP_SERVER_PROXY_USER = "proxyUser"; public static final String LDAP_USERS_DN = "usersDn"; public static final String LDAP_USER_REQUESTS_DN = "userRequestsDN"; public static final String LDAP_GROUPS_DN = "groupsDn"; public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn"; private final static int SECURE_PORT = 636; private String usersDN; private String userRequestsDN; private String groupsDN; private String adminGroupsDN; private String server; Loading Loading @@ -167,6 +169,14 @@ public class LdapConfig } String ldapUsersDn = prop.get(0); prop = config.getProperty(LDAP_USER_REQUESTS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_USER_REQUESTS_DN); } String ldapUserRequestsDn = prop.get(0); prop = config.getProperty(LDAP_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { Loading Loading @@ -203,14 +213,14 @@ public class LdapConfig } return new LdapConfig(server, Integer.valueOf(port), cc.getUsername(), cc.getPassword(), ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn); cc.getPassword(), ldapUsersDn, ldapUserRequestsDn, ldapGroupsDn, ldapAdminGroupsDn); } public LdapConfig(String server, int port, String proxyUserDN, String proxyPasswd, String usersDN, String groupsDN, String adminGroupsDN) String proxyPasswd, String usersDN, String userRequestsDN, String groupsDN, String adminGroupsDN) { if (!StringUtil.hasText(server)) { Loading @@ -233,6 +243,10 @@ public class LdapConfig { throw new IllegalArgumentException("Illegal users LDAP DN"); } if (!StringUtil.hasText(userRequestsDN)) { throw new IllegalArgumentException("Illegal userRequests LDAP DN"); } if (!StringUtil.hasText(groupsDN)) { throw new IllegalArgumentException("Illegal groups LDAP DN"); Loading @@ -247,6 +261,7 @@ public class LdapConfig this.proxyUserDN = proxyUserDN; this.proxyPasswd = proxyPasswd; this.usersDN = usersDN; this.userRequestsDN = userRequestsDN; this.groupsDN = groupsDN; this.adminGroupsDN = adminGroupsDN; logger.debug(toString()); Loading @@ -257,6 +272,11 @@ public class LdapConfig return this.usersDN; } public String getUserRequestsDN() { return this.userRequestsDN; } public String getGroupsDN() { return this.groupsDN; Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +42 −14 Original line number Diff line number Diff line Loading @@ -68,11 +68,7 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.PosixDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserDetails; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.*; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -118,6 +114,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_ENTRYDN = "entrydn"; protected static final String LDAP_COMMON_NAME = "cn"; protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName"; protected static final String LADP_USER_PASSWORD = "userPassword"; protected static final String LDAP_FIRST_NAME = "givenName"; protected static final String LDAP_LAST_NAME = "sn"; protected static final String LDAP_ADDRESS = "address"; Loading Loading @@ -168,32 +165,32 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO /** * Add the specified user.. * * @param user The user to add. * @param userRequest The user to add. * @return User instance. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(final User<T> user) public User<T> addUser(final UserRequest<T> userRequest) throws TransientException { final User<T> user = userRequest.getUser(); final Class userType = user.getUserID().getClass(); String searchField = userLdapAttrib.get(userType); if (searchField == null) { throw new IllegalArgumentException( "Unsupported principal type " + userType); throw new IllegalArgumentException("Unsupported principal type " + userType); } try { // add new user DN userDN = getUserDN(user.getUserID().getName()); DN userDN = getUserRequestsDN(user.getUserID().getName()); List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_UID, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID().getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN.toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest.getPassword()); for (UserDetails details : user.details) { Loading Loading @@ -232,7 +229,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO getConnection().reconnect(); try { return getUser(user.getUserID()); return getUser(user.getUserID(), config.getUserRequestsDN()); } catch (UserNotFoundException e) { Loading Loading @@ -261,6 +258,22 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO */ public User<T> getUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUsersDN()); } /** * Get the user specified by userID. * * @param userID The userID. * @param usersDN The LDAP tree to search. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ private User<T> getUser(final T userID, final String usersDN) throws UserNotFoundException, TransientException, AccessControlException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) Loading @@ -277,7 +290,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), SearchScope.SUB, new SearchRequest(usersDN, SearchScope.SUB, searchField, userAttribs); searchRequest.addControl( Loading Loading @@ -651,6 +664,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO throw new IllegalArgumentException(userID + " not a valid user ID"); } protected DN getUserRequestsDN(final String userID) throws LDAPException, TransientException { try { return new DN(LDAP_UID + "=" + userID + "," + config.getUserRequestsDN()); } catch (LDAPException e) { logger.debug("getUserRequestsDN Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); } throw new IllegalArgumentException(userID + " not a valid user ID"); } void addAttribute(List<Attribute> attributes, final String name, final String value) { if (value != null && !value.isEmpty()) Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; Loading Loading @@ -125,7 +126,7 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(User<T> user) public User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException { LdapUserDAO<T> userDAO = null; Loading Loading
projects/cadcAccessControl-Server/config/LdapConfig.properties +1 −0 Original line number Diff line number Diff line Loading @@ -3,5 +3,6 @@ server = <name of server> port = <389 or 636> proxyUser = <name of proxy user> usersDn = <DN of users branch> userRequestsDN = <DN of new users branch> groupsDn = <DN of groups branch> adminGroupsDn = <DN of admin groups>
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; import java.security.AccessControlException; Loading Loading @@ -98,7 +99,7 @@ public abstract interface UserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract User<T> addUser(User<T> user) public abstract User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException; /** Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java +24 −4 Original line number Diff line number Diff line Loading @@ -96,12 +96,14 @@ public class LdapConfig public static final String LDAP_PORT = "port"; public static final String LDAP_SERVER_PROXY_USER = "proxyUser"; public static final String LDAP_USERS_DN = "usersDn"; public static final String LDAP_USER_REQUESTS_DN = "userRequestsDN"; public static final String LDAP_GROUPS_DN = "groupsDn"; public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn"; private final static int SECURE_PORT = 636; private String usersDN; private String userRequestsDN; private String groupsDN; private String adminGroupsDN; private String server; Loading Loading @@ -167,6 +169,14 @@ public class LdapConfig } String ldapUsersDn = prop.get(0); prop = config.getProperty(LDAP_USER_REQUESTS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_USER_REQUESTS_DN); } String ldapUserRequestsDn = prop.get(0); prop = config.getProperty(LDAP_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { Loading Loading @@ -203,14 +213,14 @@ public class LdapConfig } return new LdapConfig(server, Integer.valueOf(port), cc.getUsername(), cc.getPassword(), ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn); cc.getPassword(), ldapUsersDn, ldapUserRequestsDn, ldapGroupsDn, ldapAdminGroupsDn); } public LdapConfig(String server, int port, String proxyUserDN, String proxyPasswd, String usersDN, String groupsDN, String adminGroupsDN) String proxyPasswd, String usersDN, String userRequestsDN, String groupsDN, String adminGroupsDN) { if (!StringUtil.hasText(server)) { Loading @@ -233,6 +243,10 @@ public class LdapConfig { throw new IllegalArgumentException("Illegal users LDAP DN"); } if (!StringUtil.hasText(userRequestsDN)) { throw new IllegalArgumentException("Illegal userRequests LDAP DN"); } if (!StringUtil.hasText(groupsDN)) { throw new IllegalArgumentException("Illegal groups LDAP DN"); Loading @@ -247,6 +261,7 @@ public class LdapConfig this.proxyUserDN = proxyUserDN; this.proxyPasswd = proxyPasswd; this.usersDN = usersDN; this.userRequestsDN = userRequestsDN; this.groupsDN = groupsDN; this.adminGroupsDN = adminGroupsDN; logger.debug(toString()); Loading @@ -257,6 +272,11 @@ public class LdapConfig return this.usersDN; } public String getUserRequestsDN() { return this.userRequestsDN; } public String getGroupsDN() { return this.groupsDN; Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +42 −14 Original line number Diff line number Diff line Loading @@ -68,11 +68,7 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.PosixDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserDetails; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.*; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -118,6 +114,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_ENTRYDN = "entrydn"; protected static final String LDAP_COMMON_NAME = "cn"; protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName"; protected static final String LADP_USER_PASSWORD = "userPassword"; protected static final String LDAP_FIRST_NAME = "givenName"; protected static final String LDAP_LAST_NAME = "sn"; protected static final String LDAP_ADDRESS = "address"; Loading Loading @@ -168,32 +165,32 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO /** * Add the specified user.. * * @param user The user to add. * @param userRequest The user to add. * @return User instance. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(final User<T> user) public User<T> addUser(final UserRequest<T> userRequest) throws TransientException { final User<T> user = userRequest.getUser(); final Class userType = user.getUserID().getClass(); String searchField = userLdapAttrib.get(userType); if (searchField == null) { throw new IllegalArgumentException( "Unsupported principal type " + userType); throw new IllegalArgumentException("Unsupported principal type " + userType); } try { // add new user DN userDN = getUserDN(user.getUserID().getName()); DN userDN = getUserRequestsDN(user.getUserID().getName()); List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_UID, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID().getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN.toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest.getPassword()); for (UserDetails details : user.details) { Loading Loading @@ -232,7 +229,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO getConnection().reconnect(); try { return getUser(user.getUserID()); return getUser(user.getUserID(), config.getUserRequestsDN()); } catch (UserNotFoundException e) { Loading Loading @@ -261,6 +258,22 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO */ public User<T> getUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUsersDN()); } /** * Get the user specified by userID. * * @param userID The userID. * @param usersDN The LDAP tree to search. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ private User<T> getUser(final T userID, final String usersDN) throws UserNotFoundException, TransientException, AccessControlException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) Loading @@ -277,7 +290,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), SearchScope.SUB, new SearchRequest(usersDN, SearchScope.SUB, searchField, userAttribs); searchRequest.addControl( Loading Loading @@ -651,6 +664,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO throw new IllegalArgumentException(userID + " not a valid user ID"); } protected DN getUserRequestsDN(final String userID) throws LDAPException, TransientException { try { return new DN(LDAP_UID + "=" + userID + "," + config.getUserRequestsDN()); } catch (LDAPException e) { logger.debug("getUserRequestsDN Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); } throw new IllegalArgumentException(userID + " not a valid user ID"); } void addAttribute(List<Attribute> attributes, final String name, final String value) { if (value != null && !value.isEmpty()) Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; Loading Loading @@ -125,7 +126,7 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(User<T> user) public User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException { LdapUserDAO<T> userDAO = null; Loading
