com.atlassian.crowd.directory

Class RFC2307Directory

java.lang.Object

com.atlassian.crowd.directory.SpringLDAPConnector

com.atlassian.crowd.directory.RFC2307Directory

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

Direct Known Subclasses:

Rfc2307

public abstract class RFC2307Directory
extends SpringLDAPConnector

Read-only, non-nesting implementation of RFC2307 user-group membership interactions.

A user is a member of a group if either:

• the gidNumber of the user matches the gidNumber of the group
• the username of user is present in the collection of member attribute values of the group

See Also:

RFC2307GidNumberMapper, RFC2307MemberUidMapper

Field Summary

Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN

Constructor Summary

Constructors

Constructor and Description
RFC2307Directory(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)

Method Summary

Modifier and Type	Method and Description
protected List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected List<AttributeMapper>	getCustomUserAttributeMappers(UserContextMapperConfig config)
Iterable<Membership>	getMemberships() Get an iterable view of the available group memberships.
boolean	isGroupDirectGroupMember(String childGroup, String parentGroup) Determines if a group is a direct member of another group.
boolean	isUserDirectGroupMember(String username, String groupName) Determines if a user is a direct member of a group.
protected <T> Iterable<T>	searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query) Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).
boolean	supportsNestedGroups() As best I can determine, the RFC2307 schema does not support nested groups.
boolean	supportsPasswordExpiration() Does not support expiring passwords

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, avatarMapper, countDirectMembersOfGroup, createMinimalContextSource, createModificationItem, expireAllPasswords, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getBaseEnvironmentProperties, getContextSource, getCredentialEncoder, getDirectoryId, getGroupContextMapper, getInitialGroupMemberDN, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewGroupDirectorySpecificAttributes, getNewUserAttributes, getNewUserDirectorySpecificAttributes, getRequiredCustomGroupAttributeMappers, getSearchControls, getSearchDN, getUserAvatarByName, getUserModificationItems, getValue, getValues, initializeContextSource, initializeMinimalContextSource, isEmpty, isRolesDisabled, pageSearchResults, postprocessGroups, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, setLdapPropertiesMapperAttributes, storeGroupAttributes, storeUserAttributes, supportsInactiveAccounts, supportsSettingEncryptedCredential, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

addGroupToGroup, addUserToGroup, getDescriptiveName, removeGroupFromGroup, removeUserFromGroup, updateUserFromRemoteDirectory, userAuthenticated

Constructor Detail

RFC2307Directory

public RFC2307Directory(LDAPQueryTranslater ldapQueryTranslater,
                        com.atlassian.event.api.EventPublisher eventPublisher,
                        InstanceFactory instanceFactory)

Method Detail

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()

Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class SpringLDAPConnector

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers(UserContextMapperConfig config)

Overrides:

getCustomUserAttributeMappers in class SpringLDAPConnector

Returns:

a collection of custom attribute mappers. By default just return an empty list.

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException

Description copied from interface: RemoteDirectory

Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

username - name of user.

groupName - name of group.

Returns:

true iff the user is a direct member of the group.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(String childGroup,
                                        String parentGroup)

Description copied from interface: RemoteDirectory

Determines if a group is a direct member of another group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

childGroup - name of child group.

parentGroup - name of parent group.

Returns:

false as nested groups are not supported.

searchGroupRelationshipsWithGroupTypeSpecified

protected <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)
                                                                  throws OperationFailedException

Description copied from class: SpringLDAPConnector

Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Specified by:

searchGroupRelationshipsWithGroupTypeSpecified in class SpringLDAPConnector

Parameters:

query - membership query with all GroupType's not null.

Returns:

list of members or memberships depending on the query.

Throws:

OperationFailedException - if the operation failed due to a communication error with the remote directory, or if the query is invalid

supportsNestedGroups

public boolean supportsNestedGroups()

As best I can determine, the RFC2307 schema does not support nested groups.

Specified by:

supportsNestedGroups in interface RemoteDirectory

Overrides:

supportsNestedGroups in class SpringLDAPConnector

Returns:

false.

supportsPasswordExpiration

public boolean supportsPasswordExpiration()

Does not support expiring passwords

Specified by:

supportsPasswordExpiration in interface RemoteDirectory

Overrides:

supportsPasswordExpiration in class SpringLDAPConnector

Returns:

false

getMemberships

public Iterable<Membership> getMemberships()
                                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.

If there is a failure in the underlying retrieval, the iterator may throw Membership.MembershipIterationException at runtime.

If the directory does not have a bulk call interface then a typical implementation would be:

 
 return new DirectoryMembershipsIterable(this);
 
 

Returns:

an iterable view of the available group memberships

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation