com.atlassian.crowd.integration.directory.connector
Class MicrosoftActiveDirectory

java.lang.Object
  com.atlassian.crowd.integration.directory.connector.SpringLDAPConnector
      com.atlassian.crowd.integration.directory.connector.RFC4519Directory
          com.atlassian.crowd.integration.directory.connector.MicrosoftActiveDirectory

All Implemented Interfaces:

LDAPDirectory, MonitorCapable, PollingCapable, RemoteDirectory, AttributeAware, org.springframework.context.ApplicationContextAware

public class MicrosoftActiveDirectory
extends RFC4519Directory
implements PollingCapable

Microsoft Active Directory connector.

Field Summary

Fields inherited from class com.atlassian.crowd.integration.directory.connector.SpringLDAPConnector

applicationContext, attributes, contextSource, DEFAULT_PAGE_SIZE, eventManager, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, logger, nameConverter, searchDN

Constructor Summary

MicrosoftActiveDirectory()

Method Summary

protected java.lang.String	encodePassword(java.lang.String unencodedPassword) Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE
long	fetchHighestCommittedUSN()
java.util.List<LDAPGroupWithAttributes>	findAddedOrUpdatedGroupsSince(long usnChanged)
protected java.util.List	findAddedOrUpdatedObjectsSince(long usnChange, javax.naming.Name objectBaseDN, java.lang.String objectFilter, org.springframework.ldap.core.ContextMapper contextMapper)
java.util.List<LDAPUserWithAttributes>	findAddedOrUpdatedUsersSince(long usnChange)
java.util.List<Tombstone>	findGroupTombstonesSince(long usnChange)
protected java.util.List<Tombstone>	findTombstonesSince(long usnChange, javax.naming.Name objectBaseDN, java.lang.String objectClass)
java.util.List<Tombstone>	findUserTombstonesSince(long usnChange)
protected java.util.Hashtable<java.lang.String,java.lang.String>	getBaseEnvironmentProperties() Returns the properties used to set up the Ldap ContextSource.
protected java.util.List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected java.util.List<AttributeMapper>	getCustomUserAttributeMappers()
java.lang.String	getDescriptiveName() Returns a descriptive name for the type of directory.
DirectoryPoller	getDirectoryMonitor() Return a configured DirectoryMonitor for the directory.
protected Encoder	getEncoder() Returns an Encoder that can correctly escape AD-specific special characters
protected java.lang.String	getInitialGroupMemberDN() AD does not need a default container member.
protected void	getNewGroupDirectorySpecificAttributes(Group group, javax.naming.directory.Attributes attributes) If we want to be able to nest groups, we need to create distribution groups rather than security groups.
protected void	getNewUserDirectorySpecificAttributes(User user, javax.naming.directory.Attributes attributes) Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.
static java.lang.String	getStaticDirectoryType()

Methods inherited from class com.atlassian.crowd.integration.directory.connector.RFC4519Directory

addGroupToGroup, addUserToGroup, isGroupDirectGroupMember, isUserDirectGroupMember, removeGroupFromGroup, removeUserFromGroup, searchGroupRelationshipsWithGroupTypeSpecified

Methods inherited from class com.atlassian.crowd.integration.directory.connector.SpringLDAPConnector

addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapName, authenticate, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByName, findUserWithAttributesByName, getAttribute, getAttributeAsBoolean, getAttributeAsLong, getAttributeNames, getAttributes, getContextSource, getDirectoryId, getGroupContextMapper, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControl, getUserContextMapper, hasAttribute, pageSearchResults, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setApplicationContext, setAttributes, setDirectoryId, setEventManager, setLdapQueryTranslater, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, testConnection, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MicrosoftActiveDirectory

public MicrosoftActiveDirectory()

Method Detail

getStaticDirectoryType

public static java.lang.String getStaticDirectoryType()

getDescriptiveName

public java.lang.String getDescriptiveName()

Description copied from interface: RemoteDirectory

Returns a descriptive name for the type of directory.

Specified by:

getDescriptiveName in interface RemoteDirectory

Returns:

descriptive name.

getEncoder

protected Encoder getEncoder()

Returns an Encoder that can correctly escape AD-specific special characters

Overrides:

getEncoder in class SpringLDAPConnector

Returns:

getInitialGroupMemberDN

protected java.lang.String getInitialGroupMemberDN()

AD does not need a default container member.

Overrides:

getInitialGroupMemberDN in class SpringLDAPConnector

Returns:

null.

encodePassword

protected java.lang.String encodePassword(java.lang.String unencodedPassword)
                                   throws InvalidCredentialException

Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE

Specified by:

encodePassword in class SpringLDAPConnector

Parameters:

unencodedPassword -

Returns:

Throws:

InvalidCredentialException - If the specified encoding is not available on this system.

getNewUserDirectorySpecificAttributes

protected void getNewUserDirectorySpecificAttributes(User user,
                                                     javax.naming.directory.Attributes attributes)

Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.

Overrides:

getNewUserDirectorySpecificAttributes in class SpringLDAPConnector

Parameters:

user -

attributes -

getNewGroupDirectorySpecificAttributes

protected void getNewGroupDirectorySpecificAttributes(Group group,
                                                      javax.naming.directory.Attributes attributes)

If we want to be able to nest groups, we need to create distribution groups rather than security groups. To do this we need to set groupType to 2.

Overrides:

getNewGroupDirectorySpecificAttributes in class SpringLDAPConnector

Parameters:

group -

attributes -

getCustomUserAttributeMappers

protected java.util.List<AttributeMapper> getCustomUserAttributeMappers()

Overrides:

getCustomUserAttributeMappers in class RFC4519Directory

Returns:

a collection of custom attribbute mappers. By default just return an empty list.

getCustomGroupAttributeMappers

protected java.util.List<AttributeMapper> getCustomGroupAttributeMappers()

Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class RFC4519Directory

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getBaseEnvironmentProperties

protected java.util.Hashtable<java.lang.String,java.lang.String> getBaseEnvironmentProperties()

Description copied from class: SpringLDAPConnector

Returns the properties used to set up the Ldap ContextSource.

Overrides:

getBaseEnvironmentProperties in class SpringLDAPConnector

Returns:

fetchHighestCommittedUSN

public long fetchHighestCommittedUSN()

findAddedOrUpdatedUsersSince

public java.util.List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)

findAddedOrUpdatedGroupsSince

public java.util.List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)

findUserTombstonesSince

public java.util.List<Tombstone> findUserTombstonesSince(long usnChange)

findGroupTombstonesSince

public java.util.List<Tombstone> findGroupTombstonesSince(long usnChange)

findAddedOrUpdatedObjectsSince

protected java.util.List findAddedOrUpdatedObjectsSince(long usnChange,
                                                        javax.naming.Name objectBaseDN,
                                                        java.lang.String objectFilter,
                                                        org.springframework.ldap.core.ContextMapper contextMapper)

findTombstonesSince

protected java.util.List<Tombstone> findTombstonesSince(long usnChange,
                                                        javax.naming.Name objectBaseDN,
                                                        java.lang.String objectClass)

getDirectoryMonitor

public DirectoryPoller getDirectoryMonitor()
                                    throws DirectoryMonitorCreationException

Description copied from interface: MonitorCapable

Return a configured DirectoryMonitor for the directory.

Specified by:

getDirectoryMonitor in interface MonitorCapable

Specified by:

getDirectoryMonitor in interface PollingCapable

Returns:

DirectoryMonitor configuration object.

Throws:

DirectoryMonitorCreationException - error creating a DirectoryMonitor (possibly due to insufficient configuration).