return Collections.emptyList(); ctx.setRequestControls(searchControl); SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); } else { searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE); searchControls.setReturningAttributes(new String[]{manager.getUsernameField()}); searchControls.setCountLimit(maxSample); String filter = MessageFormat.format(manager.getSearchFilter(), "*"); NamingEnumeration answer = ctx.search("", filter, searchControls); while (answer.hasMoreElements()) { String username = (String) ((SearchResult) answer.next()).getAttributes().get( manager.getUsernameField()).get(); answer.close(); } finally { try { if (ctx != null) { ctx.setRequestControls(null); ctx.close();
ctx.setRequestControls(baseRequestControls); NamingEnumeration<SearchResult> answer = ctx.search("", searchFilter, searchControls); Control[] controls = ctx.getResponseControls(); if (controls != null) { for (Control control : controls) { ctx.setRequestControls(requestControls); } while (cookie != null); ctx2.setRequestControls(baseRequestControls); NamingEnumeration<SearchResult> answer = ctx2.search("", searchFilter, searchControls); Control[] controls = ctx2.getResponseControls(); if (controls != null) { for (Control control : controls) { ctx2.setRequestControls(requestControls); } while (cookie != null); try { if (ctx != null) { ctx.setRequestControls(null); ctx.close(); ctx2.setRequestControls(null); ctx2.close();
userContext = new InitialLdapContext(props, null); userContext.close(); } else { // the same context - copy context LdapContext userContext = ((LdapContext) dirContext).newInstance(null); userContext.addToEnvironment(LdapContext.SECURITY_PRINCIPAL, distinguishedName); userContext.addToEnvironment(LdapContext.SECURITY_CREDENTIALS, password); userContext.reconnect(null); userContext.close();
@Override protected void applyAuthentication(LdapContext ctx, String userDn, String password) throws NamingException { super.applyAuthentication(ctx, userDn, password); ctx.reconnect(ctx.getConnectControls()); } }
try { LdapContext ctx = new InitialLdapContext(env, null); ctx.setRequestControls(null); NamingEnumeration<?> namingEnum = ctx.search("ou=people,dc=example,dc=com", "(objectclass=user)", getSimpleSearchControls()); while (namingEnum.hasMore ()) { SearchResult result = (SearchResult) namingEnum.next (); Attributes attrs = result.getAttributes (); System.out.println(attrs.get("cn")); } namingEnum.close(); } catch (Exception e) { e.printStackTrace(); } private SearchControls getSimpleSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(30000); //String[] attrIDs = {"objectGUID"}; //searchControls.setReturningAttributes(attrIDs); return searchControls; }
private void changePasswordUsingAttributeModification (DistinguishedName userDn, String oldPassword, String newPassword) { final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) }; if (oldPassword == null) { template.modifyAttributes(userDn, passwordChange); return; } template.executeReadWrite(dirCtx -> { LdapContext ctx = (LdapContext) dirCtx; ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString()); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword); // TODO: reconnect doesn't appear to actually change the credentials try { ctx.reconnect(null); } catch (javax.naming.AuthenticationException e) { throw new BadCredentialsException( "Authentication for password change failed."); } ctx.modifyAttributes(userDn, passwordChange); return null; }); }
String[] returningAttributes = isAD ? new String[] { "distinguishedName", manager.getUsernameField() } : new String[] { manager.getUsernameField() }; SearchControls searchControls = new SearchControls(); searchControls.setReturningAttributes(returningAttributes); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); String description; try { name = ((String)((a.get(manager.getGroupNameField())).get())); description = ((String)((a.get(manager.getGroupDescriptionField())).get())); Attribute memberField = a.get(manager.getGroupMemberField()); if (memberField != null) { NamingEnumeration ne = memberField.getAll(); while (ne.hasMore()) { String username = (String) ne.next(); userFilter.append(MessageFormat.format(manager.getSearchFilter(), "*")); userFilter.append(')'); NamingEnumeration usrAnswer = ctx.search("", userFilter.toString(), searchControls); if (usrAnswer != null && usrAnswer.hasMoreElements()) { SearchResult searchResult = null;
roleNames = new LinkedHashSet<String>(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); log.debug("Retrieving group names for user [" + sr.getName() + "]"); Attributes attrs = sr.getAttributes(); NamingEnumeration ae = attrs.getAll(); while (ae.hasMore()) { Attribute attr = (Attribute) ae.next(); if (attr.getID().equals("memberOf")) {
@Override public SearchResult execute(LdapContext context) throws NamingException { NamingEnumeration<SearchResult> result = context.search(baseDN, filter, cons); if (result.hasMore()) { SearchResult sr = result.next(); if (LDAP_STORE_LOGGER.isDebugEnabled()) { LDAP_STORE_LOGGER.debugf("Removing entry [%s] with attributes: [", sr.getNameInNamespace()); NamingEnumeration<? extends Attribute> all = sr.getAttributes().getAll(); while (all.hasMore()) { Attribute attribute = all.next(); LDAP_STORE_LOGGER.debugf(" %s = %s", attribute.getID(), attribute.get()); } LDAP_STORE_LOGGER.debugf("]"); } destroySubcontext(context, sr.getNameInNamespace()); } result.close(); return null; } });
private Set<String> getRoles(LdapContext ldc, String principalName, String principalNameSuffix) { SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); sc.setReturningAttributes(new String[]{"memberOf"}); String searchString = "(&(objectClass=user)(userPrincipalName=" + principalName + "))"; try { Set<String> roles = new LinkedHashSet<>(); NamingEnumeration<SearchResult> results = ldc.search(toDCList(principalNameSuffix), searchString, sc); if (results.hasMore()) { SearchResult res = results.next(); Attributes attrs = res.getAttributes(); if (attrs != null) { NamingEnumeration attrEnum = attrs.getAll(); while (attrEnum.hasMore()) { Attribute attr = (Attribute) attrEnum.next(); NamingEnumeration sa = attr.getAll(); while (sa.hasMore()) { String[] parts = ((String) sa.next()).split(","); String[] kv = parts[0].split("="); roles.add(kv[1]); } } } } return roles; } catch (NamingException e) { LOGGER.error("Failed to lookup groups for user " + principalName); } return null; }
public static int get_OLD_Gid(LDAPConfiguration cfg2, String groupName) throws Throwable { LDAPConfiguration cfg = cfg2.clone(); cfg.setSearchBase("ou=Groups,dc=ncsa,dc=illinois,dc=edu"); LDAPClaimsSource claimsSource = new LDAPClaimsSource(cfg, null); DirContext dirContext = new InitialDirContext(claimsSource.createEnv(cfg)); LdapContext ctx = (LdapContext) dirContext.lookup(cfg.getSearchBase()); SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(new String[]{"gidNumber"}); String filter = "(&(cn=" + groupName + "))"; NamingEnumeration e = ctx.search(cfg.getContextName(), filter, ctls); while (e.hasMoreElements()) { SearchResult entry = (SearchResult) e.next(); Attributes a = entry.getAttributes(); Attribute attribute = a.get("gidNumber"); if (attribute == null) { continue; } String xxx = String.valueOf(attribute.get(0)); if (xxx != null && !xxx.isEmpty()) { ctx.close(); return Integer.parseInt(xxx); } } return -1; }
@Override public List<LdapUser> getUsersInGroup(String groupName, LdapContext context, Long domainId) throws NamingException { String attributeName = _ldapConfiguration.getGroupUniqueMemberAttribute(domainId); final SearchControls controls = new SearchControls(); controls.setSearchScope(_ldapConfiguration.getScope()); controls.setReturningAttributes(new String[] {attributeName}); NamingEnumeration<SearchResult> result = context.search(_ldapConfiguration.getBaseDn(domainId), generateGroupSearchFilter(groupName, domainId), controls); final List<LdapUser> users = new ArrayList<LdapUser>(); //Expecting only one result which has all the users if (result.hasMoreElements()) { Attribute attribute = result.nextElement().getAttributes().get(attributeName); NamingEnumeration<?> values = attribute.getAll(); while (values.hasMoreElements()) { String userdn = String.valueOf(values.nextElement()); try{ users.add(getUserForDn(userdn, context, domainId)); } catch (NamingException e){ s_logger.info("Userdn: " + userdn + " Not Found:: Exception message: " + e.getMessage()); } } } Collections.sort(users); return users; }
private LdapUser getUserForDn(String userdn, LdapContext context, Long domainId) throws NamingException { final SearchControls controls = new SearchControls(); controls.setSearchScope(_ldapConfiguration.getScope()); controls.setReturningAttributes(_ldapConfiguration.getReturnAttributes(domainId)); NamingEnumeration<SearchResult> result = context.search(userdn, "(objectClass=" + _ldapConfiguration.getUserObject(domainId) + ")", controls); if (result.hasMoreElements()) { return createUser(result.nextElement(), domainId); } else { throw new NamingException("No user found for dn " + userdn); } }
public List<Attributes> searchByFilter(String dn, String filter){ try { LdapContext context = connectionService.getContext(); NamingEnumeration<SearchResult> searchResults = context.search(dn, filter, new SearchControls()); List<Attributes> attributesList = new ArrayList<>(); while (searchResults.hasMore()) { SearchResult searchResult = searchResults.next(); attributesList.add(searchResult.getAttributes()); } return attributesList; } catch (NamingException ex) { throw new CukesRuntimeException(ex); } finally { connectionService.close(); } }
private void doDeleteChildrenRecursively(String distinguishName) throws NamingException { SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.ONELEVEL_SCOPE); NamingEnumeration<SearchResult> ne = ctx.search(distinguishName, DEFAULT_FILTER, sc); while (ne.hasMore()) { SearchResult sr = (SearchResult) ne.next(); String childrenDn = rewriteBase(sr.getName() + "," + distinguishName); deleteChildrenRecursively(childrenDn); } ctx.destroySubcontext(new LdapName(distinguishName)); }
enumeration = initialContext.search(baseDn, groupSearchFilter, ldapConfiguration.getSearchControls()); while (enumeration.hasMoreElements()) { SearchResult result = enumeration.nextElement(); Attribute memberAttribute = result.getAttributes().get(ldapConfiguration.getGroupMemberAttribute()); if (null != memberAttribute) { NamingEnumeration<?> allMembers = memberAttribute.getAll(); while (allMembers.hasMoreElements()) { groupMemberList.add((String) allMembers.nextElement());
try { ldapContext = buildLdapContext(); ldapResult = ldapContext.search(context, filterExpr, filterArgs, createSearchControls()); while (ldapResult.hasMore()) { searchResults.add(ldapResult.next()); if (ldapResult != null) { try { ldapResult.close(); } catch (NamingException ex) { log.error("Failed to close LDAP results enumeration", ex); ldapContext.close(); } catch (NamingException ex) { log.error("Failed to close LDAP context", ex);
@Override public List<LdapUser> searchUsers(final String username, final LdapContext context, Long domainId) throws NamingException, IOException { final SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(_ldapConfiguration.getScope()); searchControls.setReturningAttributes(_ldapConfiguration.getReturnAttributes(domainId)); context.setRequestControls(new Control[]{new PagedResultsControl(pageSize, Control.NONCRITICAL)}); final List<LdapUser> users = new ArrayList<LdapUser>(); NamingEnumeration<SearchResult> results; do { results = context.search(basedn, generateSearchFilter(username, domainId), searchControls); while (results.hasMoreElements()) { final SearchResult result = results.nextElement(); if (!isUserDisabled(result)) { users.add(createUser(result, domainId)); Control[] contextControls = context.getResponseControls(); if (contextControls != null) { for (Control control : contextControls) { s_logger.info("No controls were sent from the ldap server"); context.setRequestControls(new Control[] {new PagedResultsControl(pageSize, cookie, Control.CRITICAL)}); } while (cookie != null);
private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final String userName, final LdapContext ldapCtx) throws NamingException { final NamingEnumeration<SearchResult> foundGroups = ldapCtx.search(searchBase, groupSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); if (!foundGroups.hasMoreElements()) { return ImmutableSet.<String>of(); } // There should really only be one entry final SearchResult result = foundGroups.next(); // Extract the name of all the groups final Collection<String> finalGroupsNames = Collections2.<String>filter(extractGroupNamesFromSearchResult(result), Predicates.notNull()); return Sets.newHashSet(finalGroupsNames); }