com.atlassian.crowd.directory
Class MicrosoftActiveDirectory

java.lang.Object
  extended by com.atlassian.crowd.directory.SpringLDAPConnector
      extended by com.atlassian.crowd.directory.RFC4519Directory
          extended by com.atlassian.crowd.directory.MicrosoftActiveDirectory
All Implemented Interfaces:
LDAPDirectory, RemoteDirectory, Attributes

public class MicrosoftActiveDirectory
extends RFC4519Directory

Microsoft Active Directory connector.


Field Summary
static PropertyImpl<String> OBJECT_SID
           
static int UF_ACCOUNTDISABLE
           
 
Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN
 
Constructor Summary
MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)
           
 
Method Summary
 void addUserToGroup(String username, String groupName)
          Adds a user as a member of a group.
protected  byte[] encodePassword(String unencodedPassword)
          Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE
 long fetchHighestCommittedUSN()
           
 List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)
           
protected
<T> List<T>
findAddedOrUpdatedObjectsSince(long usnChange, Name objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper)
           
 List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)
           
 Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
          This method is not part of RemoteDirectory's contract.
protected  Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
           
protected  List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
           
 List<Tombstone> findGroupTombstonesSince(long usnChange)
           
protected  List<Tombstone> findTombstonesSince(long usnChange, Name objectBaseDN, String objectClass)
           
protected  List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults)
           
protected  Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults)
           
 List<Tombstone> findUserTombstonesSince(long usnChange)
           
protected  Map<String,String> getBaseEnvironmentProperties()
          Returns the properties used to set up the Ldap ContextSource.
protected  List<AttributeMapper> getCustomGroupAttributeMappers()
          As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected  List<AttributeMapper> getCustomUserAttributeMappers()
           
 String getDescriptiveName()
          Returns a descriptive name for the type of directory.
protected  String getInitialGroupMemberDN()
          AD does not need a default container member.
protected  List<AttributeMapper> getMemberDnMappers()
           
protected  void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes)
          If we want to be able to nest groups, we need to create distribution groups rather than security groups.
protected  void getNewUserDirectorySpecificAttributes(User user, Attributes attributes)
          Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.
static String getStaticDirectoryType()
           
 ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper()
          Returns a ContextMapper that can transform a Context into a User.
protected  List<ModificationItem> getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser)
           
 boolean isUserDirectGroupMember(String username, String groupName)
          Determines if a user is a direct member of a group.
protected  List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups)
          Perform any post-processing on groups.
 void removeGroup(String name)
          Removes the group that matches the supplied name.
 void removeUserFromGroup(String username, String groupName)
          Removes a user as a member of a group.
 boolean supportsInactiveAccounts()
          This connector supports inactive accounts while, in general, LDAP connector do not.
 
Methods inherited from class com.atlassian.crowd.directory.RFC4519Directory
addDnToGroup, addGroupToGroup, findGroupMembershipsOfUserViaMemberOf, getLdapName, getMemberships, isDnDirectGroupMember, isGroupDirectGroupMember, removeDnFromGroup, removeGroupFromGroup, searchGroupRelationshipsWithGroupTypeSpecified, toGenericIterable
 
Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, createModificationItem, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControls, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

UF_ACCOUNTDISABLE

public static final int UF_ACCOUNTDISABLE
See Also:
Constant Field Values

OBJECT_SID

public static final PropertyImpl<String> OBJECT_SID
Constructor Detail

MicrosoftActiveDirectory

public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater,
                                com.atlassian.event.api.EventPublisher eventPublisher,
                                InstanceFactory instanceFactory)
Method Detail

getStaticDirectoryType

public static String getStaticDirectoryType()

getDescriptiveName

public String getDescriptiveName()
Description copied from interface: RemoteDirectory
Returns a descriptive name for the type of directory.

Returns:
descriptive name.

removeGroup

public void removeGroup(String name)
                 throws GroupNotFoundException,
                        OperationFailedException
Description copied from interface: RemoteDirectory
Removes the group that matches the supplied name.

Specified by:
removeGroup in interface RemoteDirectory
Overrides:
removeGroup in class SpringLDAPConnector
Parameters:
name - The name of the group.
Throws:
GroupNotFoundException - The group does not exist.
OperationFailedException - underlying directory implementation failed to execute the operation.

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException
Description copied from interface: RemoteDirectory
Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.

Specified by:
isUserDirectGroupMember in interface RemoteDirectory
Overrides:
isUserDirectGroupMember in class RFC4519Directory
Parameters:
username - name of user.
groupName - name of group.
Returns:
true iff the user is a direct member of the group.
Throws:
OperationFailedException - underlying directory implementation failed to execute the operation.

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws GroupNotFoundException,
                           OperationFailedException,
                           UserNotFoundException,
                           MembershipAlreadyExistsException
Description copied from interface: RemoteDirectory
Adds a user as a member of a group. This means that all user members of childGroup will appear as members of parentGroup to querying applications.

Specified by:
addUserToGroup in interface RemoteDirectory
Overrides:
addUserToGroup in class RFC4519Directory
Parameters:
username - The user that will become a member of groupName
groupName - The group that will gain a new member.
Throws:
GroupNotFoundException - If the group cannot be found.
OperationFailedException - underlying directory implementation failed to execute the operation.
UserNotFoundException - If the user cannot be found.
MembershipAlreadyExistsException - if the user is already a member of the group

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws UserNotFoundException,
                                GroupNotFoundException,
                                MembershipNotFoundException,
                                OperationFailedException
Description copied from interface: RemoteDirectory
Removes a user as a member of a group.

Specified by:
removeUserFromGroup in interface RemoteDirectory
Overrides:
removeUserFromGroup in class RFC4519Directory
Parameters:
username - The user that will be removed from parentGroup
groupName - The group that will lose the member.
Throws:
UserNotFoundException - If the user cannot be found.
GroupNotFoundException - If the group cannot be found.
MembershipNotFoundException - if the user is not a direct member of the group.
OperationFailedException - underlying directory implementation failed to execute the operation.

findGroupMemberships

protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
                                                                throws OperationFailedException
Overrides:
findGroupMemberships in class RFC4519Directory
Throws:
OperationFailedException

findGroupMembershipNames

protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
                                             throws OperationFailedException
Overrides:
findGroupMembershipNames in class RFC4519Directory
Throws:
OperationFailedException

findUserMembersOfGroupViaMemberDN

protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName,
                                                                         GroupType groupType,
                                                                         int startIndex,
                                                                         int maxResults)
                                                                  throws OperationFailedException
Overrides:
findUserMembersOfGroupViaMemberDN in class RFC4519Directory
Throws:
OperationFailedException

findUserMembersOfGroupViaMemberOf

protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName,
                                                                             GroupType groupType,
                                                                             int startIndex,
                                                                             int maxResults)
                                                                      throws OperationFailedException
Overrides:
findUserMembersOfGroupViaMemberOf in class RFC4519Directory
Throws:
OperationFailedException

findDirectMembersOfGroup

public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
                                            throws OperationFailedException
Description copied from class: RFC4519Directory
This method is not part of RemoteDirectory's contract. It is introduced by RFC4519Directory to support RFC4519DirectoryMembershipsIterable.

Overrides:
findDirectMembersOfGroup in class RFC4519Directory
Parameters:
groupDn - LDAP name of a group
Returns:
the LDAP names of the direct members (users and groups) of the given group
Throws:
OperationFailedException - if the operation fails for any reason

getInitialGroupMemberDN

protected String getInitialGroupMemberDN()
AD does not need a default container member.

Overrides:
getInitialGroupMemberDN in class SpringLDAPConnector
Returns:
null.

encodePassword

protected byte[] encodePassword(String unencodedPassword)
                         throws InvalidCredentialException
Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE

Specified by:
encodePassword in class SpringLDAPConnector
Parameters:
unencodedPassword -
Returns:
byte array containing password in UTF-16LE encoding.
Throws:
InvalidCredentialException - If the specified encoding is not available on this system.

getNewUserDirectorySpecificAttributes

protected void getNewUserDirectorySpecificAttributes(User user,
                                                     Attributes attributes)
Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.

Overrides:
getNewUserDirectorySpecificAttributes in class SpringLDAPConnector
Parameters:
user -
attributes -

getNewGroupDirectorySpecificAttributes

protected void getNewGroupDirectorySpecificAttributes(Group group,
                                                      Attributes attributes)
If we want to be able to nest groups, we need to create distribution groups rather than security groups. To do this we need to set groupType to 2.

Overrides:
getNewGroupDirectorySpecificAttributes in class SpringLDAPConnector
Parameters:
group -
attributes -

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers()
Overrides:
getCustomUserAttributeMappers in class RFC4519Directory
Returns:
a collection of custom attribute mappers. By default just return an empty list.

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()
Description copied from class: SpringLDAPConnector
As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:
getCustomGroupAttributeMappers in class RFC4519Directory
Returns:
collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()
Overrides:
getMemberDnMappers in class RFC4519Directory

postprocessGroups

protected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups)
                                                   throws OperationFailedException
Description copied from class: SpringLDAPConnector
Perform any post-processing on groups.

Overrides:
postprocessGroups in class SpringLDAPConnector
Parameters:
groups - to post-process
Returns:
list of groups that have been processed if required
Throws:
OperationFailedException - if processing encounters a problem with the underlying directory

getBaseEnvironmentProperties

protected Map<String,String> getBaseEnvironmentProperties()
Description copied from class: SpringLDAPConnector
Returns the properties used to set up the Ldap ContextSource.

Overrides:
getBaseEnvironmentProperties in class SpringLDAPConnector
Returns:
the properties used to set up the Ldap ContextSource.

fetchHighestCommittedUSN

public long fetchHighestCommittedUSN()
                              throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedUsersSince

public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)
                                                          throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedGroupsSince

public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)
                                                            throws OperationFailedException
Throws:
OperationFailedException

findUserTombstonesSince

public List<Tombstone> findUserTombstonesSince(long usnChange)
                                        throws OperationFailedException
Throws:
OperationFailedException

findGroupTombstonesSince

public List<Tombstone> findGroupTombstonesSince(long usnChange)
                                         throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedObjectsSince

protected <T> List<T> findAddedOrUpdatedObjectsSince(long usnChange,
                                                     Name objectBaseDN,
                                                     String objectFilter,
                                                     ContextMapperWithRequiredAttributes<T> contextMapper)
                                          throws OperationFailedException
Throws:
OperationFailedException

findTombstonesSince

protected List<Tombstone> findTombstonesSince(long usnChange,
                                              Name objectBaseDN,
                                              String objectClass)
                                       throws OperationFailedException
Throws:
OperationFailedException

getUserContextMapper

public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper()
Description copied from class: SpringLDAPConnector
Returns a ContextMapper that can transform a Context into a User.

Overrides:
getUserContextMapper in class SpringLDAPConnector
Returns:
a ContextMapper that can transform a Context into a User.

getUserModificationItems

protected List<ModificationItem> getUserModificationItems(User userTemplate,
                                                          LDAPUserWithAttributes currentUser)
Overrides:
getUserModificationItems in class SpringLDAPConnector

supportsInactiveAccounts

public boolean supportsInactiveAccounts()
This connector supports inactive accounts while, in general, LDAP connector do not.

Specified by:
supportsInactiveAccounts in interface RemoteDirectory
Overrides:
supportsInactiveAccounts in class SpringLDAPConnector
Returns:
true


Copyright © 2013 Atlassian. All Rights Reserved.