Package com.atlassian.crowd.directory
Class MicrosoftActiveDirectory
java.lang.Object
com.atlassian.crowd.directory.SpringLDAPConnector
com.atlassian.crowd.directory.RFC4519Directory
com.atlassian.crowd.directory.MicrosoftActiveDirectory
- All Implemented Interfaces:
LDAPDirectory,RemoteDirectory,Attributes
Microsoft Active Directory connector.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final PropertyImpl<String>static final intFields inherited from class com.atlassian.crowd.directory.RFC4519Directory
DN_MAPPERFields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN -
Constructor Summary
ConstructorsConstructorDescriptionMicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper, LdapContextSourceProvider ldapContextSourceProvider) -
Method Summary
Modifier and TypeMethodDescriptionvoidaddUserToGroup(String username, String groupName) Adds a user as a member of a group.Return aJpegPhotoContextMapper; assume for now that all avatars are stored as JPEG files.longfindAddedOrUpdatedGroupsSince(long usnChanged) protected <T> List<T>findAddedOrUpdatedObjectsSince(long usnChange, CrowdLdapName objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper) findAddedOrUpdatedUsersSince(long usnChange) protected Iterable<CrowdLdapName>findAdditionalDirectMembers(CrowdLdapName groupDn, Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier, GroupUserCache groupUserCache) protected List<? extends LDAPGroupWithAttributes>findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) findTombstonesSince(long usnChange, CrowdLdapName objectBaseDN, String objectClass) protected List<LDAPUserWithAttributes>findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults) protected Iterable<LDAPUserWithAttributes>findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults) findUserTombstonesSince(long usnChange) Returns the properties used to set up the Ldap ContextSource.protected LDAPCredentialEncoderprotected List<AttributeMapper>As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).protected List<AttributeMapper>Returns a descriptive name for the type of directory.protected StringAD does not need a default container member.protected List<AttributeMapper>protected List<AttributeMapper>As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).protected voidgetNewGroupDirectorySpecificAttributes(Group group, Attributes attributes) If we want to be able to nest groups, we need to create distribution groups rather than security groups.protected voidgetNewUserDirectorySpecificAttributes(User user, Attributes attributes) Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.protected List<AttributeMapper>Returns a set of attributes which are expected to be present in all cases (ie Active Directory's objectGUID) Due to performance reasons returning mappers for heavy attributes (such as memberships) should be avoidedstatic Stringprotected List<ModificationItem>getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser) booleanChecks if the 'Group Unique ID Attribute' is set.booleanisUserDirectGroupMember(String username, String groupName) Determines if a user is a direct member of a group.booleanChecks if the 'User Unique ID Attribute' is set.protected LDAPGroupWithAttributesPerform any post-processing on the passed group.protected List<LDAPGroupWithAttributes>postprocessGroups(List<LDAPGroupWithAttributes> groups) Perform any post-processing on groups.voidremoveGroup(String name) Removes thegroupthat matches the suppliedname.voidremoveUserFromGroup(String username, String groupName) Removes a user as a member of a group.searchGroupsBySids(Set<String> groupSids) protected voidsetLdapPropertiesMapperAttributes(Map<String, String> attributes) booleanThis connector supports inactive accounts while, in general, LDAP connector do not.Methods inherited from class com.atlassian.crowd.directory.RFC4519Directory
addDnToGroup, addGroupToGroup, findDirectMembersOfGroup, findGroupMembershipsOfUserViaMemberOf, getMemberships, isDirectGroupMemberOf, isDnDirectGroupMember, isGroupDirectGroupMember, prepareOrFilterForGroupProperty, removeDnFromGroup, removeGroupFromGroup, searchGroupRelationshipsWithGroupTypeSpecified, searchGroupsByAttribute, searchGroupsByDns, toGenericIterableMethods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, addUser, authenticate, countDirectMembersOfGroup, createModificationItem, expireAllPasswords, findEntityByDN, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchControls, getSearchDN, getUserAvatarByName, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, supportsPasswordExpiration, supportsSettingEncryptedCredential, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredentialMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface com.atlassian.crowd.directory.RemoteDirectory
getLocallyFilteredGroupNames, updateUserFromRemoteDirectory, userAuthenticated
-
Field Details
-
UF_ACCOUNTDISABLE
public static final int UF_ACCOUNTDISABLE- See Also:
-
OBJECT_SID
-
AD_DS_SERVICE_NAME
- See Also:
-
AD_INVOCATION_ID
- See Also:
-
-
Constructor Details
-
MicrosoftActiveDirectory
public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper, LdapContextSourceProvider ldapContextSourceProvider) - Parameters:
passwordHelper- password helper, which must not be null
-
-
Method Details
-
getStaticDirectoryType
-
getDescriptiveName
Description copied from interface:RemoteDirectoryReturns a descriptive name for the type of directory.- Returns:
- descriptive name.
-
removeGroup
Description copied from interface:RemoteDirectoryRemoves thegroupthat matches the suppliedname.- Specified by:
removeGroupin interfaceRemoteDirectory- Overrides:
removeGroupin classSpringLDAPConnector- Parameters:
name- The name of the group.- Throws:
GroupNotFoundException- The group does not exist.OperationFailedException- underlying directory implementation failed to execute the operation.
-
isUserDirectGroupMember
public boolean isUserDirectGroupMember(String username, String groupName) throws OperationFailedException Description copied from interface:RemoteDirectoryDetermines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.- Specified by:
isUserDirectGroupMemberin interfaceRemoteDirectory- Overrides:
isUserDirectGroupMemberin classRFC4519Directory- Parameters:
username- name of user.groupName- name of group.- Returns:
trueiff the user is a direct member of the group.- Throws:
OperationFailedException- underlying directory implementation failed to execute the operation.
-
addUserToGroup
public void addUserToGroup(String username, String groupName) throws GroupNotFoundException, OperationFailedException, UserNotFoundException, MembershipAlreadyExistsException Description copied from interface:RemoteDirectoryAdds a user as a member of a group. This means that all user members ofchildGroupwill appear as members ofparentGroupto querying applications.- Specified by:
addUserToGroupin interfaceRemoteDirectory- Overrides:
addUserToGroupin classRFC4519Directory- Parameters:
username- The user that will become a member ofgroupNamegroupName- The group that will gain a new member.- Throws:
GroupNotFoundException- If the group cannot be found.OperationFailedException- underlying directory implementation failed to execute the operation.UserNotFoundException- If the user cannot be found.MembershipAlreadyExistsException- if the user is already a member of the group
-
removeUserFromGroup
public void removeUserFromGroup(String username, String groupName) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException Description copied from interface:RemoteDirectoryRemoves a user as a member of a group.- Specified by:
removeUserFromGroupin interfaceRemoteDirectory- Overrides:
removeUserFromGroupin classRFC4519Directory- Parameters:
username- The user that will be removed fromparentGroupgroupName- The group that will lose the member.- Throws:
UserNotFoundException- If the user cannot be found.GroupNotFoundException- If the group cannot be found.MembershipNotFoundException- if the user is not a direct member of the group.OperationFailedException- underlying directory implementation failed to execute the operation.
-
searchGroupsBySids
public Collection<LDAPGroupWithAttributes> searchGroupsBySids(Set<String> groupSids) throws OperationFailedException - Throws:
OperationFailedException
-
findGroupMemberships
protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) throws OperationFailedException - Overrides:
findGroupMembershipsin classRFC4519Directory- Throws:
OperationFailedException
-
findGroupMembershipNames
protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query) throws OperationFailedException - Overrides:
findGroupMembershipNamesin classRFC4519Directory- Throws:
OperationFailedException
-
findUserMembersOfGroupViaMemberDN
protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException - Overrides:
findUserMembersOfGroupViaMemberDNin classRFC4519Directory- Throws:
OperationFailedException
-
findUserMembersOfGroupViaMemberOf
protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException - Overrides:
findUserMembersOfGroupViaMemberOfin classRFC4519Directory- Throws:
OperationFailedException
-
findAdditionalDirectMembers
protected Iterable<CrowdLdapName> findAdditionalDirectMembers(CrowdLdapName groupDn, Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier, GroupUserCache groupUserCache) throws OperationFailedException - Overrides:
findAdditionalDirectMembersin classRFC4519Directory- Throws:
OperationFailedException
-
getInitialGroupMemberDN
AD does not need a default container member.- Overrides:
getInitialGroupMemberDNin classSpringLDAPConnector- Returns:
null.
-
getCredentialEncoder
- Specified by:
getCredentialEncoderin classSpringLDAPConnector- Returns:
- the credential encoder to use with this directory; must not be null.
-
getNewUserDirectorySpecificAttributes
Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.- Overrides:
getNewUserDirectorySpecificAttributesin classSpringLDAPConnector- Parameters:
user- (potential) source of information that needs to be added.attributes- attributes to add directory-specific information to.
-
getNewGroupDirectorySpecificAttributes
If we want to be able to nest groups, we need to create distribution groups rather than security groups. To do this we need to set groupType to 2.- Overrides:
getNewGroupDirectorySpecificAttributesin classSpringLDAPConnector- Parameters:
group- (potential) source of information that needs to be added.attributes- attributes to add directory-specific information to.
-
getCustomUserAttributeMappers
- Overrides:
getCustomUserAttributeMappersin classRFC4519Directory- Returns:
- a collection of custom attribute mappers. By default just return an empty list.
-
getCustomGroupAttributeMappers
Description copied from class:SpringLDAPConnectorAs a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).- Overrides:
getCustomGroupAttributeMappersin classRFC4519Directory- Returns:
- collection of custom attribute mappers (cannot be
nullbut can be an empty list).
-
getRequiredCustomGroupAttributeMappers
Description copied from class:SpringLDAPConnectorReturns a set of attributes which are expected to be present in all cases (ie Active Directory's objectGUID) Due to performance reasons returning mappers for heavy attributes (such as memberships) should be avoided- Overrides:
getRequiredCustomGroupAttributeMappersin classSpringLDAPConnector- Returns:
- a list of mappers for attributes required to be present in all cases
-
getMemberOnlyGroupAttributeMappers
Description copied from class:SpringLDAPConnectorAs a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).- Overrides:
getMemberOnlyGroupAttributeMappersin classRFC4519Directory- Returns:
- collection of custom attribute mappers (cannot be
nullbut can be an empty list).
-
getMemberDnMappers
- Overrides:
getMemberDnMappersin classRFC4519Directory
-
postprocessGroups
Description copied from class:SpringLDAPConnectorPerform any post-processing on groups.- Overrides:
postprocessGroupsin classSpringLDAPConnector- Parameters:
groups- to post-process- Returns:
- list of groups that have been processed if required
-
postprocessGroup
Description copied from class:SpringLDAPConnectorPerform any post-processing on the passed group.- Overrides:
postprocessGroupin classSpringLDAPConnector- Parameters:
group- to post-process- Returns:
- the group (updated if required)
-
getBaseEnvironmentProperties
Description copied from class:SpringLDAPConnectorReturns the properties used to set up the Ldap ContextSource.- Overrides:
getBaseEnvironmentPropertiesin classSpringLDAPConnector- Returns:
- the properties used to set up the Ldap ContextSource.
-
fetchInvocationId
- Throws:
OperationFailedException
-
fetchHighestCommittedUSN
- Throws:
OperationFailedException
-
findAddedOrUpdatedUsersSince
public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange) throws OperationFailedException - Throws:
OperationFailedException
-
findAddedOrUpdatedGroupsSince
public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged) throws OperationFailedException - Throws:
OperationFailedException
-
findUserTombstonesSince
- Throws:
OperationFailedException
-
findAllUserGuids
- Throws:
OperationFailedException
-
findAllGroupGuids
- Throws:
OperationFailedException
-
findAllGroupNamesAndGuids
public Set<org.apache.commons.lang3.tuple.Pair<String,String>> findAllGroupNamesAndGuids() throws OperationFailedException- Throws:
OperationFailedException
-
findAddedOrUpdatedObjectsSince
protected <T> List<T> findAddedOrUpdatedObjectsSince(long usnChange, CrowdLdapName objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper) throws OperationFailedException - Throws:
OperationFailedException
-
findTombstonesSince
protected List<Tombstone> findTombstonesSince(long usnChange, CrowdLdapName objectBaseDN, String objectClass) throws OperationFailedException - Throws:
OperationFailedException
-
getUserContextMapper
public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper(UserContextMapperConfig config) -
isUsersExternalIdConfigured
public boolean isUsersExternalIdConfigured()Checks if the 'User Unique ID Attribute' is set.- Returns:
trueif the property value is a non-empty string
-
isGroupExternalIdConfigured
public boolean isGroupExternalIdConfigured()Checks if the 'Group Unique ID Attribute' is set.- Returns:
trueif the property value is a non empty string
-
getUserModificationItems
protected List<ModificationItem> getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser) - Overrides:
getUserModificationItemsin classSpringLDAPConnector
-
supportsInactiveAccounts
public boolean supportsInactiveAccounts()This connector supports inactive accounts while, in general, LDAP connector do not.- Specified by:
supportsInactiveAccountsin interfaceRemoteDirectory- Overrides:
supportsInactiveAccountsin classSpringLDAPConnector- Returns:
true
-
avatarMapper
Return aJpegPhotoContextMapper; assume for now that all avatars are stored as JPEG files.- Overrides:
avatarMapperin classSpringLDAPConnector
-
setLdapPropertiesMapperAttributes
- Overrides:
setLdapPropertiesMapperAttributesin classSpringLDAPConnector
-