public class MicrosoftActiveDirectory extends RFC4519Directory
Modifier and Type | Field and Description |
---|---|
static String |
AD_DS_SERVICE_NAME |
static String |
AD_INVOCATION_ID |
static PropertyImpl<String> |
OBJECT_SID |
static int |
UF_ACCOUNTDISABLE |
attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN
Constructor and Description |
---|
MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater,
com.atlassian.event.api.EventPublisher eventPublisher,
InstanceFactory instanceFactory,
PasswordHelper passwordHelper) |
Modifier and Type | Method and Description |
---|---|
void |
addUserToGroup(String username,
String groupName)
Adds a user as a member of a group.
|
protected ContextMapperWithRequiredAttributes<AvatarReference.BlobAvatar> |
avatarMapper()
Return a
JpegPhotoContextMapper ; assume for now that all avatars are stored as
JPEG files. |
long |
fetchHighestCommittedUSN() |
String |
fetchInvocationId() |
List<LDAPGroupWithAttributes> |
findAddedOrUpdatedGroupsSince(long usnChanged) |
protected <T> List<T> |
findAddedOrUpdatedObjectsSince(long usnChange,
Name objectBaseDN,
String objectFilter,
ContextMapperWithRequiredAttributes<T> contextMapper) |
List<LDAPUserWithAttributes> |
findAddedOrUpdatedUsersSince(long usnChange) |
protected Iterable<LdapName> |
findAdditionalDirectMembers(LdapName groupDn,
Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier) |
Set<String> |
findAllGroupGuids() |
Set<org.apache.commons.lang3.tuple.Pair<String,String>> |
findAllGroupNamesAndGuids() |
Set<String> |
findAllUserGuids() |
protected Iterable<String> |
findGroupMembershipNames(MembershipQuery<String> query) |
protected List<? extends LDAPGroupWithAttributes> |
findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) |
protected List<Tombstone> |
findTombstonesSince(long usnChange,
Name objectBaseDN,
String objectClass) |
protected List<LDAPUserWithAttributes> |
findUserMembersOfGroupViaMemberDN(String groupName,
GroupType groupType,
int startIndex,
int maxResults) |
protected Iterable<LDAPUserWithAttributes> |
findUserMembersOfGroupViaMemberOf(String groupName,
GroupType groupType,
int startIndex,
int maxResults) |
List<Tombstone> |
findUserTombstonesSince(long usnChange) |
protected Map<String,Object> |
getBaseEnvironmentProperties()
Returns the properties used to set up the Ldap ContextSource.
|
protected LDAPCredentialEncoder |
getCredentialEncoder() |
protected List<AttributeMapper> |
getCustomGroupAttributeMappers()
As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
|
protected List<AttributeMapper> |
getCustomUserAttributeMappers(UserContextMapperConfig config) |
String |
getDescriptiveName()
Returns a descriptive name for the type of directory.
|
protected String |
getInitialGroupMemberDN()
AD does not need a default container member.
|
protected List<AttributeMapper> |
getMemberDnMappers() |
protected void |
getNewGroupDirectorySpecificAttributes(Group group,
Attributes attributes)
If we want to be able to nest groups, we need to create distribution groups rather than security groups.
|
protected void |
getNewUserDirectorySpecificAttributes(User user,
Attributes attributes)
Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name
you use to log on to Windows), and the account disabled flag.
|
Optional<String> |
getPrimaryGroupSIDOfUser(LDAPUserWithAttributes user)
In AD, users have a primaryGroupId attribute that contains the RID (relative identifier) of their primary
group.
|
protected List<AttributeMapper> |
getRequiredCustomGroupAttributeMappers()
Returns a set of attributes which are expected to be present in all cases (ie Active Directory's objectGUID)
Due to performance reasons returning mappers for heavy attributes (such as memberships) should be avoided
|
static String |
getStaticDirectoryType() |
ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> |
getUserContextMapper(UserContextMapperConfig config)
Returns a ContextMapper that can transform a Context into a User.
|
protected List<ModificationItem> |
getUserModificationItems(User userTemplate,
LDAPUserWithAttributes currentUser) |
boolean |
isGroupExternalIdConfigured()
Checks if the 'Group Unique ID Attribute' is set.
|
boolean |
isUserDirectGroupMember(String username,
String groupName)
Determines if a user is a direct member of a group.
|
boolean |
isUsersExternalIdConfigured()
Checks if the 'User Unique ID Attribute' is set.
|
protected List<LDAPGroupWithAttributes> |
postprocessGroups(List<LDAPGroupWithAttributes> groups)
Perform any post-processing on groups.
|
void |
removeGroup(String name)
Removes the
group that matches the supplied name . |
void |
removeUserFromGroup(String username,
String groupName)
Removes a user as a member of a group.
|
Collection<LDAPGroupWithAttributes> |
searchGroupsBySids(Set<String> groupSids) |
protected void |
setLdapPropertiesMapperAttributes(Map<String,String> attributes) |
boolean |
supportsInactiveAccounts()
This connector supports inactive accounts while, in general, LDAP connector do not.
|
addDnToGroup, addGroupToGroup, findDirectMembersOfGroup, findGroupMembershipsOfUserViaMemberOf, getMemberships, isDirectGroupMemberOf, isDnDirectGroupMember, isGroupDirectGroupMember, prepareOrFilterForGroupProperty, removeDnFromGroup, removeGroupFromGroup, searchGroupRelationshipsWithGroupTypeSpecified, searchGroupsByAttribute, searchGroupsByDns, toGenericIterable
addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, countDirectMembersOfGroup, createMinimalContextSource, createModificationItem, expireAllPasswords, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchControls, getSearchDN, getUserAvatarByName, getValue, getValues, initializeContextSource, initializeMinimalContextSource, isEmpty, isRolesDisabled, pageSearchResults, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, supportsPasswordExpiration, supportsSettingEncryptedCredential, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
updateUserFromRemoteDirectory, userAuthenticated
public static final int UF_ACCOUNTDISABLE
public static final PropertyImpl<String> OBJECT_SID
public static final String AD_DS_SERVICE_NAME
public static final String AD_INVOCATION_ID
public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper)
passwordHelper
- password helper, which must not be nullpublic static String getStaticDirectoryType()
public String getDescriptiveName()
RemoteDirectory
public void removeGroup(String name) throws GroupNotFoundException, OperationFailedException
RemoteDirectory
group
that matches the supplied name
.removeGroup
in interface RemoteDirectory
removeGroup
in class SpringLDAPConnector
name
- The name of the group.GroupNotFoundException
- The group does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public boolean isUserDirectGroupMember(String username, String groupName) throws OperationFailedException
RemoteDirectory
isUserDirectGroupMember
in interface RemoteDirectory
isUserDirectGroupMember
in class RFC4519Directory
username
- name of user.groupName
- name of group.true
iff the user is a direct member of the group.OperationFailedException
- underlying directory implementation failed to execute the operation.public void addUserToGroup(String username, String groupName) throws GroupNotFoundException, OperationFailedException, UserNotFoundException, MembershipAlreadyExistsException
RemoteDirectory
childGroup
will
appear as members of parentGroup
to querying applications.addUserToGroup
in interface RemoteDirectory
addUserToGroup
in class RFC4519Directory
username
- The user that will become a member of groupName
groupName
- The group that will gain a new member.GroupNotFoundException
- If the group cannot be found.OperationFailedException
- underlying directory implementation failed to execute the operation.UserNotFoundException
- If the user cannot be found.MembershipAlreadyExistsException
- if the user is already a member of the grouppublic void removeUserFromGroup(String username, String groupName) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException
RemoteDirectory
removeUserFromGroup
in interface RemoteDirectory
removeUserFromGroup
in class RFC4519Directory
username
- The user that will be removed from parentGroup
groupName
- The group that will lose the member.UserNotFoundException
- If the user cannot be found.GroupNotFoundException
- If the group cannot be found.MembershipNotFoundException
- if the user is not a direct member of the group.OperationFailedException
- underlying directory implementation failed to execute the operation.public Collection<LDAPGroupWithAttributes> searchGroupsBySids(Set<String> groupSids) throws OperationFailedException
OperationFailedException
protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) throws OperationFailedException
findGroupMemberships
in class RFC4519Directory
OperationFailedException
protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query) throws OperationFailedException
findGroupMembershipNames
in class RFC4519Directory
OperationFailedException
protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException
findUserMembersOfGroupViaMemberDN
in class RFC4519Directory
OperationFailedException
protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException
findUserMembersOfGroupViaMemberOf
in class RFC4519Directory
OperationFailedException
protected Iterable<LdapName> findAdditionalDirectMembers(LdapName groupDn, Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier) throws OperationFailedException
findAdditionalDirectMembers
in class RFC4519Directory
OperationFailedException
public Optional<String> getPrimaryGroupSIDOfUser(LDAPUserWithAttributes user)
user
- the use whose primary group's SID will be resolvedprotected String getInitialGroupMemberDN()
getInitialGroupMemberDN
in class SpringLDAPConnector
null
.protected LDAPCredentialEncoder getCredentialEncoder()
getCredentialEncoder
in class SpringLDAPConnector
protected void getNewUserDirectorySpecificAttributes(User user, Attributes attributes)
getNewUserDirectorySpecificAttributes
in class SpringLDAPConnector
user
- (potential) source of information that needs to be added.attributes
- attributes to add directory-specific information to.protected void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes)
getNewGroupDirectorySpecificAttributes
in class SpringLDAPConnector
group
- (potential) source of information that needs to be added.attributes
- attributes to add directory-specific information to.protected List<AttributeMapper> getCustomUserAttributeMappers(UserContextMapperConfig config)
getCustomUserAttributeMappers
in class RFC4519Directory
protected List<AttributeMapper> getCustomGroupAttributeMappers()
SpringLDAPConnector
getCustomGroupAttributeMappers
in class RFC4519Directory
protected List<AttributeMapper> getRequiredCustomGroupAttributeMappers()
SpringLDAPConnector
getRequiredCustomGroupAttributeMappers
in class SpringLDAPConnector
protected List<AttributeMapper> getMemberDnMappers()
getMemberDnMappers
in class RFC4519Directory
protected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups) throws OperationFailedException
SpringLDAPConnector
postprocessGroups
in class SpringLDAPConnector
groups
- to post-processOperationFailedException
- if processing encounters a problem with the underlying directoryprotected Map<String,Object> getBaseEnvironmentProperties()
SpringLDAPConnector
getBaseEnvironmentProperties
in class SpringLDAPConnector
public String fetchInvocationId() throws OperationFailedException
OperationFailedException
public long fetchHighestCommittedUSN() throws OperationFailedException
OperationFailedException
public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange) throws OperationFailedException
OperationFailedException
public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged) throws OperationFailedException
OperationFailedException
public List<Tombstone> findUserTombstonesSince(long usnChange) throws OperationFailedException
OperationFailedException
public Set<String> findAllUserGuids() throws OperationFailedException
OperationFailedException
public Set<String> findAllGroupGuids() throws OperationFailedException
OperationFailedException
public Set<org.apache.commons.lang3.tuple.Pair<String,String>> findAllGroupNamesAndGuids() throws OperationFailedException
OperationFailedException
protected <T> List<T> findAddedOrUpdatedObjectsSince(long usnChange, Name objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper) throws OperationFailedException
OperationFailedException
protected List<Tombstone> findTombstonesSince(long usnChange, Name objectBaseDN, String objectClass) throws OperationFailedException
OperationFailedException
public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper(UserContextMapperConfig config)
SpringLDAPConnector
config
- determines which additional attribute mappers should be included. Some directories
may include additional attributes, which are expected to be present in all casespublic boolean isUsersExternalIdConfigured()
true
if the property value is a non empty stringpublic boolean isGroupExternalIdConfigured()
true
if the property value is a non empty stringprotected List<ModificationItem> getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser)
getUserModificationItems
in class SpringLDAPConnector
public boolean supportsInactiveAccounts()
supportsInactiveAccounts
in interface RemoteDirectory
supportsInactiveAccounts
in class SpringLDAPConnector
true
protected ContextMapperWithRequiredAttributes<AvatarReference.BlobAvatar> avatarMapper()
JpegPhotoContextMapper
; assume for now that all avatars are stored as
JPEG files.avatarMapper
in class SpringLDAPConnector
protected void setLdapPropertiesMapperAttributes(Map<String,String> attributes)
setLdapPropertiesMapperAttributes
in class SpringLDAPConnector
Copyright © 2020 Atlassian. All rights reserved.