org.alfresco.repo.security.sync.ldap

Class LDAPUserRegistry

java.lang.Object

org.alfresco.repo.security.sync.ldap.LDAPUserRegistry

All Implemented Interfaces:

ActivateableBean, LDAPNameResolver, UserRegistry, org.springframework.beans.factory.InitializingBean

public class LDAPUserRegistry
extends Object
implements UserRegistry, LDAPNameResolver, org.springframework.beans.factory.InitializingBean, ActivateableBean

A UserRegistry implementation with the ability to query Alfresco-like descriptions of users and groups from an LDAP directory, optionally restricted to those modified since a certain time.

Author:

dward

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	LDAPUserRegistry.AbstractSearchCallback An abstract implementation of SearchCallback interface.
class	LDAPUserRegistry.PersonCollection Wraps the LDAP user query as a virtual Collection.
protected static interface	LDAPUserRegistry.SearchCallback An interface for callbacks passed to the processQuery(SearchCallback, String, String, String[]) method.

Constructor Summary

Constructors

Constructor and Description
LDAPUserRegistry() Instantiates a new lDAP user registry.

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
Collection<String>	getGroupNames() Gets the names of all groups in the registry.
Collection<NodeDescription>	getGroups(Date modifiedSince) Gets descriptions of all the groups in the user registry or all those changed since a certain date.
Set<org.alfresco.service.namespace.QName>	getPersonMappedProperties() Gets the set of property names that are auto-mapped by this user registry.
Collection<String>	getPersonNames() Gets the names of all persons in the registry.
Collection<NodeDescription>	getPersons(Date modifiedSince) Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.
AbstractDirectoryServiceUserAccountStatusInterpreter	getUserAccountStatusInterpreter()
boolean	isActive() Determines whether this bean is active.
String	resolveDistinguishedName(String userId, org.alfresco.repo.security.authentication.AuthenticationDiagnostic diagnostic) Resolves a user ID to a distinguished name.
void	setActive(boolean active) Controls whether this bean is active.
void	setAttributeBatchSize(int attributeBatchSize) Sets the attribute batch size.
void	setEnableProgressEstimation(boolean enableProgressEstimation) Controls whether progress estimation is enabled.
void	setErrorOnDuplicateGID(boolean errorOnDuplicateGID) Decides whether to error on duplicate group IDs.
void	setErrorOnMissingGID(boolean errorOnMissingGID) Decides whether to error on missing group IDs.
void	setErrorOnMissingMembers(boolean errorOnMissingMembers) Decides whether to error on missing group members.
void	setErrorOnMissingUID(boolean errorOnMissingUID) Decides whether to error on missing user IDs.
void	setGroupAttributeDefaults(Map<String,String> groupAttributeDefaults) Sets the group attribute defaults.
void	setGroupAttributeMapping(Map<String,String> groupAttributeMapping) Sets the group attribute mapping.
void	setGroupDifferentialQuery(String groupDifferentialQuery) Sets the group differential query.
void	setGroupIdAttributeName(String groupIdAttributeName) Sets the group id attribute name.
void	setGroupQuery(String groupQuery) Sets the group query.
void	setGroupSearchBase(String groupSearchBase) Sets the group search base.
void	setGroupType(String groupType) Sets the group type.
void	setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory) Sets the LDAP initial dir context factory.
void	setMemberAttribute(String memberAttribute) Sets the member attribute name.
void	setModifyTimestampAttributeName(String modifyTimestampAttributeName) Sets the modification timestamp attribute name.
void	setNamespaceService(org.alfresco.service.namespace.NamespaceService namespaceService) Sets the namespace service.
void	setPersonAttributeDefaults(Map<String,String> personAttributeDefaults) Sets the person attribute defaults.
void	setPersonAttributeMapping(Map<String,String> personAttributeMapping) Sets the person attribute mapping.
void	setPersonDifferentialQuery(String personDifferentialQuery) Sets the person differential query.
void	setPersonQuery(String personQuery) Sets the person query.
void	setPersonType(String personType) Sets the person type.
void	setQueryBatchSize(int queryBatchSize) Sets the query batch size.
void	setTimestampFormat(String timestampFormat) Sets the timestamp format.
void	setUserAccountStatusInterpreter(AbstractDirectoryServiceUserAccountStatusInterpreter userAccountStatusInterpreter)
void	setUserIdAttributeName(String userIdAttributeName) Sets the user id attribute name.
void	setUserSearchBase(String userSearchBase) Sets the user search base.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LDAPUserRegistry

public LDAPUserRegistry()

Instantiates a new lDAP user registry.

Method Detail

setActive

public void setActive(boolean active)

Controls whether this bean is active. I.e. should this part of the subsystem be used?

Parameters:

active - true if this bean is active

setEnableProgressEstimation

public void setEnableProgressEstimation(boolean enableProgressEstimation)

Controls whether progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.

Parameters:

enableProgressEstimation - true if progress estimation is enabled

setGroupIdAttributeName

public void setGroupIdAttributeName(String groupIdAttributeName)

Sets the group id attribute name.

Parameters:

groupIdAttributeName - the group id attribute name

setGroupQuery

public void setGroupQuery(String groupQuery)

Sets the group query.

Parameters:

groupQuery - the group query

setGroupDifferentialQuery

public void setGroupDifferentialQuery(String groupDifferentialQuery)

Sets the group differential query.

Parameters:

groupDifferentialQuery - the group differential query

setPersonQuery

public void setPersonQuery(String personQuery)

Sets the person query.

Parameters:

personQuery - the person query

setPersonDifferentialQuery

public void setPersonDifferentialQuery(String personDifferentialQuery)

Sets the person differential query.

Parameters:

personDifferentialQuery - the person differential query

setGroupType

public void setGroupType(String groupType)

Sets the group type.

Parameters:

groupType - the group type

setMemberAttribute

public void setMemberAttribute(String memberAttribute)

Sets the member attribute name.

Parameters:

memberAttribute - the member attribute name

setPersonType

public void setPersonType(String personType)

Sets the person type.

Parameters:

personType - the person type

setGroupSearchBase

public void setGroupSearchBase(String groupSearchBase)

Sets the group search base.

Parameters:

groupSearchBase - the group search base

setUserSearchBase

public void setUserSearchBase(String userSearchBase)

Sets the user search base.

Parameters:

userSearchBase - the user search base

setUserIdAttributeName

public void setUserIdAttributeName(String userIdAttributeName)

Sets the user id attribute name.

Parameters:

userIdAttributeName - the user id attribute name

setModifyTimestampAttributeName

public void setModifyTimestampAttributeName(String modifyTimestampAttributeName)

Sets the modification timestamp attribute name.

Parameters:

modifyTimestampAttributeName - the modification timestamp attribute name

setTimestampFormat

public void setTimestampFormat(String timestampFormat)

Sets the timestamp format. Unfortunately, this varies between directory servers.

Parameters:

timestampFormat - the timestamp format

• OpenLDAP: "yyyyMMddHHmmss'Z'"
• Active Directory: "yyyyMMddHHmmss'.0Z'"

setErrorOnMissingMembers

public void setErrorOnMissingMembers(boolean errorOnMissingMembers)

Decides whether to error on missing group members.

Parameters:

errorOnMissingMembers - true if we should error on missing group members

setErrorOnMissingGID

public void setErrorOnMissingGID(boolean errorOnMissingGID)

Decides whether to error on missing group IDs.

Parameters:

errorOnMissingGID - true if we should error on missing group IDs

setErrorOnMissingUID

public void setErrorOnMissingUID(boolean errorOnMissingUID)

Decides whether to error on missing user IDs.

Parameters:

errorOnMissingUID - true if we should error on missing user IDs

setErrorOnDuplicateGID

public void setErrorOnDuplicateGID(boolean errorOnDuplicateGID)

Decides whether to error on duplicate group IDs.

Parameters:

errorOnDuplicateGID - true if we should error on duplicate group IDs

setLDAPInitialDirContextFactory

public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)

Sets the LDAP initial dir context factory.

Parameters:

ldapInitialDirContextFactory - the new LDAP initial dir context factory

setNamespaceService

public void setNamespaceService(org.alfresco.service.namespace.NamespaceService namespaceService)

Sets the namespace service.

Parameters:

namespaceService - the namespace service

setPersonAttributeDefaults

public void setPersonAttributeDefaults(Map<String,String> personAttributeDefaults)

Sets the person attribute defaults.

Parameters:

personAttributeDefaults - the person attribute defaults

setPersonAttributeMapping

public void setPersonAttributeMapping(Map<String,String> personAttributeMapping)

Sets the person attribute mapping.

Parameters:

personAttributeMapping - the person attribute mapping

setGroupAttributeDefaults

public void setGroupAttributeDefaults(Map<String,String> groupAttributeDefaults)

Sets the group attribute defaults.

Parameters:

groupAttributeDefaults - the group attribute defaults

setGroupAttributeMapping

public void setGroupAttributeMapping(Map<String,String> groupAttributeMapping)

Sets the group attribute mapping.

Parameters:

groupAttributeMapping - the group attribute mapping

setQueryBatchSize

public void setQueryBatchSize(int queryBatchSize)

Sets the query batch size.

Parameters:

queryBatchSize - If positive, indicates that RFC 2696 paged results should be used to split query results into batches of the specified size. Overcomes any size limits imposed by the LDAP server.

setAttributeBatchSize

public void setAttributeBatchSize(int attributeBatchSize)

Sets the attribute batch size.

Parameters:

attributeBatchSize - If positive, indicates that range retrieval should be used to fetch multi-valued attributes (such as member) in batches of the specified size. Overcomes any size limits imposed by the LDAP server.

setUserAccountStatusInterpreter

public void setUserAccountStatusInterpreter(AbstractDirectoryServiceUserAccountStatusInterpreter userAccountStatusInterpreter)

getUserAccountStatusInterpreter

public AbstractDirectoryServiceUserAccountStatusInterpreter getUserAccountStatusInterpreter()

isActive

public boolean isActive()

Description copied from interface: ActivateableBean

Determines whether this bean is active.

Specified by:

isActive in interface ActivateableBean

Returns:

true if this bean is active

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

getPersonMappedProperties

public Set<org.alfresco.service.namespace.QName> getPersonMappedProperties()

Description copied from interface: UserRegistry

Gets the set of property names that are auto-mapped by this user registry. These should remain read-only for this registry's users in the UI.

Specified by:

getPersonMappedProperties in interface UserRegistry

Returns:

the person mapped properties

getPersons

public Collection<NodeDescription> getPersons(Date modifiedSince)

Description copied from interface: UserRegistry

Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.

Specified by:

getPersons in interface UserRegistry

Parameters:

modifiedSince - if non-null, then only descriptions of users modified since this date should be returned; if null then descriptions of all users should be returned.

Returns:

a Collection of NodeDescriptions of all the persons (users) in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco person node.

getPersonNames

public Collection<String> getPersonNames()

Description copied from interface: UserRegistry

Gets the names of all persons in the registry. Used to detect local persons to be deleted. Note that the treatment of these names will depend on Alfresco's username case-sensitivity setting.

Specified by:

getPersonNames in interface UserRegistry

Returns:

the person names

getGroupNames

public Collection<String> getGroupNames()

Description copied from interface: UserRegistry

Gets the names of all groups in the registry. Used to detect local groups to be deleted.

Specified by:

getGroupNames in interface UserRegistry

Returns:

the person names

getGroups

public Collection<NodeDescription> getGroups(Date modifiedSince)

Description copied from interface: UserRegistry

Gets descriptions of all the groups in the user registry or all those changed since a certain date.

Specified by:

getGroups in interface UserRegistry

Parameters:

modifiedSince - if non-null, then only descriptions of groups modified since this date should be returned; if null then descriptions of all groups should be returned.

Returns:

a Collection of NodeDescriptions of all the groups in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco authority node.

resolveDistinguishedName

public String resolveDistinguishedName(String userId,
                                       org.alfresco.repo.security.authentication.AuthenticationDiagnostic diagnostic)
                                throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: LDAPNameResolver

Resolves a user ID to a distinguished name.

Specified by:

resolveDistinguishedName in interface LDAPNameResolver

Parameters:

userId - the user id

Returns:

the DN

Throws:

org.alfresco.repo.security.authentication.AuthenticationException - if the user ID cannot be resolved