com.atlassian.crowd.directory
Class MicrosoftActiveDirectory

java.lang.Object
  com.atlassian.crowd.directory.SpringLDAPConnector
      com.atlassian.crowd.directory.RFC4519Directory
          com.atlassian.crowd.directory.MicrosoftActiveDirectory

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

public class MicrosoftActiveDirectory
extends RFC4519Directory

Microsoft Active Directory connector.

Field Summary

Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN

Constructor Summary

MicrosoftActiveDirectory(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)

Method Summary

protected byte[]	encodePassword(String unencodedPassword) Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE
long	fetchHighestCommittedUSN()
List<LDAPGroupWithAttributes>	findAddedOrUpdatedGroupsSince(long usnChanged)
protected List	findAddedOrUpdatedObjectsSince(long usnChange, Name objectBaseDN, String objectFilter, org.springframework.ldap.core.ContextMapper contextMapper)
List<LDAPUserWithAttributes>	findAddedOrUpdatedUsersSince(long usnChange)
List<Tombstone>	findGroupTombstonesSince(long usnChange)
protected List<Tombstone>	findTombstonesSince(long usnChange, Name objectBaseDN, String objectClass)
List<Tombstone>	findUserTombstonesSince(long usnChange)
protected Map<String,String>	getBaseEnvironmentProperties() Returns the properties used to set up the Ldap ContextSource.
protected List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected List<AttributeMapper>	getCustomUserAttributeMappers()
String	getDescriptiveName() Returns a descriptive name for the type of directory.
protected String	getInitialGroupMemberDN() AD does not need a default container member.
protected List<AttributeMapper>	getMemberDnMappers()
protected void	getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes) If we want to be able to nest groups, we need to create distribution groups rather than security groups.
protected void	getNewUserDirectorySpecificAttributes(User user, Attributes attributes) Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.
static String	getStaticDirectoryType()
protected List<LDAPGroupWithAttributes>	postprocessGroups(List<LDAPGroupWithAttributes> groups) Perform any post-processing on groups.

Methods inherited from class com.atlassian.crowd.directory.RFC4519Directory

addGroupToGroup, addUserToGroup, isGroupDirectGroupMember, isUserDirectGroupMember, removeGroupFromGroup, removeUserFromGroup, searchGroupRelationshipsWithGroupTypeSpecified

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getMemberships, getNewGroupAttributes, getNewUserAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControl, getUserContextMapper, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsInactiveAccounts, supportsNestedGroups, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MicrosoftActiveDirectory

public MicrosoftActiveDirectory(LDAPQueryTranslater ldapQueryTranslater,
                                com.atlassian.event.api.EventPublisher eventPublisher,
                                InstanceFactory instanceFactory)

Method Detail

getStaticDirectoryType

public static String getStaticDirectoryType()

getDescriptiveName

public String getDescriptiveName()

Description copied from interface: RemoteDirectory

Returns a descriptive name for the type of directory.

Returns:

descriptive name.

getInitialGroupMemberDN

protected String getInitialGroupMemberDN()

AD does not need a default container member.

Overrides:

getInitialGroupMemberDN in class SpringLDAPConnector

Returns:

null.

encodePassword

protected byte[] encodePassword(String unencodedPassword)
                         throws InvalidCredentialException

Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE

Specified by:

encodePassword in class SpringLDAPConnector

Parameters:

unencodedPassword -

Returns:

byte array containing password in UTF-16LE encoding.

Throws:

InvalidCredentialException - If the specified encoding is not available on this system.

getNewUserDirectorySpecificAttributes

protected void getNewUserDirectorySpecificAttributes(User user,
                                                     Attributes attributes)

Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.

Overrides:

getNewUserDirectorySpecificAttributes in class SpringLDAPConnector

Parameters:

user -

attributes -

getNewGroupDirectorySpecificAttributes

protected void getNewGroupDirectorySpecificAttributes(Group group,
                                                      Attributes attributes)

If we want to be able to nest groups, we need to create distribution groups rather than security groups. To do this we need to set groupType to 2.

Overrides:

getNewGroupDirectorySpecificAttributes in class SpringLDAPConnector

Parameters:

group -

attributes -

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers()

Overrides:

getCustomUserAttributeMappers in class RFC4519Directory

Returns:

a collection of custom attribbute mappers. By default just return an empty list.

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()

Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class RFC4519Directory

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()

Overrides:

getMemberDnMappers in class RFC4519Directory

postprocessGroups

protected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups)
                                                   throws OperationFailedException

Description copied from class: SpringLDAPConnector

Perform any post-processing on groups.

Overrides:

postprocessGroups in class SpringLDAPConnector

Parameters:

groups - to post-process

Returns:

list of groups that have been processed if required

Throws:

OperationFailedException - if processing encounters a problem with the underlying directory

getBaseEnvironmentProperties

protected Map<String,String> getBaseEnvironmentProperties()

Description copied from class: SpringLDAPConnector

Returns the properties used to set up the Ldap ContextSource.

Overrides:

getBaseEnvironmentProperties in class SpringLDAPConnector

Returns:

the properties used to set up the Ldap ContextSource.

fetchHighestCommittedUSN

public long fetchHighestCommittedUSN()
                              throws OperationFailedException

Throws:

OperationFailedException

findAddedOrUpdatedUsersSince

public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)
                                                          throws OperationFailedException

Throws:

OperationFailedException

findAddedOrUpdatedGroupsSince

public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)
                                                            throws OperationFailedException

Throws:

OperationFailedException

findUserTombstonesSince

public List<Tombstone> findUserTombstonesSince(long usnChange)
                                        throws OperationFailedException

Throws:

OperationFailedException

findGroupTombstonesSince

public List<Tombstone> findGroupTombstonesSince(long usnChange)
                                         throws OperationFailedException

Throws:

OperationFailedException

findAddedOrUpdatedObjectsSince

protected List findAddedOrUpdatedObjectsSince(long usnChange,
                                              Name objectBaseDN,
                                              String objectFilter,
                                              org.springframework.ldap.core.ContextMapper contextMapper)
                                       throws OperationFailedException

Throws:

OperationFailedException

findTombstonesSince

protected List<Tombstone> findTombstonesSince(long usnChange,
                                              Name objectBaseDN,
                                              String objectClass)
                                       throws OperationFailedException

Throws:

OperationFailedException