Commit 60662521 authored by benjamin.ertl's avatar benjamin.ertl

update harmonization algorithm

parent 9fe0052a
......@@ -156,6 +156,10 @@ public class LdapClient {
return group;
}
public List<PosixGroup> getUserGroups(String uid) {
return ldapPosixGroup.getUserGroups(uid);
}
/**
* Gets all INDIGO users from the LDAP server.
*
......@@ -237,7 +241,7 @@ public class LdapClient {
user.setUserPassword(userPassword.getBytes());
ldapIndigoUser.insertUser(user);
return user;
return getIndigoUser(uid);
}
/**
......@@ -282,7 +286,7 @@ public class LdapClient {
user.setUserPassword(userPassword.getBytes());
ldapIndigoUser.updateUser(user);
return user;
return getIndigoUser(uid);
}
/**
......@@ -332,7 +336,7 @@ public class LdapClient {
group.setUserPassword(userPassword.getBytes());
ldapPosixGroup.insertGroup(group);
return group;
return getPosixGroup(cn);
}
/**
......@@ -357,7 +361,7 @@ public class LdapClient {
group.setUserPassword(userPassword.getBytes());
ldapPosixGroup.updateGroup(group);
return group;
return getPosixGroup(cn);
}
/**
......
......@@ -18,6 +18,7 @@ import javax.naming.ldap.LdapName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
......@@ -88,8 +89,10 @@ public class LdapIndigoUserDAO implements IndigoUserDAO {
newUserDN.add("uid=" + user.getUid());
log.debug("Insert {}", newUserDN.toString());
ldapTemplate.bind(newUserDN, null, personAttributes);
} catch (NameAlreadyBoundException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) {
e.printStackTrace();
log.error("ERROR {}", e.getMessage());
}
}
......
......@@ -20,6 +20,8 @@ import javax.naming.ldap.LdapName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.AttributeInUseException;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
......@@ -87,8 +89,10 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
newGroupDN.add("cn=" + group.getCommonName());
log.debug("Insert {}", newGroupDN.toString());
ldapTemplate.bind(newGroupDN, null, posixGroupAttributes);
} catch (NameAlreadyBoundException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) {
e.printStackTrace();
log.error("ERROR {}", e.getMessage());
}
}
......@@ -140,8 +144,18 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
groupDN.add("cn=" + group.getCommonName());
log.debug("Add member {} to {}", memberUid, groupDN.toString());
ldapTemplate.modifyAttributes(groupDN, modificationItems);
} catch (AttributeInUseException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) {
e.printStackTrace();
log.error("ERROR {}", e.getMessage());
}
}
public List<PosixGroup> getUserGroups(String uid) {
AndFilter andFilter = new AndFilter();
andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("memberUid", uid));
log.debug("LDAP query {}", andFilter.encode());
return ldapTemplate.search("", andFilter.encode(), new LdapPosixGroupAttributeMapper());
}
}
......@@ -21,6 +21,12 @@ public class ScimGroupAttributeMapper {
if (group.getDescription() != null)
scimGroup.set$ref(group.getDescription());
// verify required attributes
if (scimGroup.getValue() == null)
return null;
if (scimGroup.getDisplay() == null)
return null;
return scimGroup;
}
......
......@@ -8,7 +8,8 @@
*/
package edu.kit.scc.scim;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.slf4j.Logger;
......@@ -34,9 +35,9 @@ public class ScimService {
@Autowired
private LdapClient ldapClient;
private static final String DEFAULT_HOME_DIRECTORY = "/home";
private static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud";
private static final String DEFAULT_INDIGO_GROUP = "indigo";
public static final String DEFAULT_HOME_DIRECTORY = "/home";
public static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud";
public static final String DEFAULT_INDIGO_GROUP = "indigo";
/**
* Creates a new LDAP INDIGO user according to the provided SCIM object.
......@@ -47,63 +48,127 @@ public class ScimService {
*/
public ScimUser createLdapIndigoUser(ScimUser scimUser) {
ScimUser createdUser = null;
ScimUserAttributeMapper userMapper = new ScimUserAttributeMapper();
ScimGroupAttributeMapper groupMapper = new ScimGroupAttributeMapper();
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
IndigoUser indigoUser = mapper.mapToIndigoUser(scimUser);
IndigoUser indigoUser = userMapper.mapToIndigoUser(scimUser);
if (indigoUser.getUid() == null)
return null;
if (indigoUser.getIndigoId() == null)
return null;
if (indigoUser.getCommonName() == null)
return null;
if (indigoUser.getSurName() == null)
return null;
if (indigoUser.getHomeDirectory() == null)
indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
if (indigoUser.getDescription() == null)
indigoUser.setDescription(DEFAULT_DESCRIPTION);
if (indigoUser == null)
return createdUser;
int claimedPrimaryGidNumber = indigoUser.getGidNumber();
int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
List<ScimGroup> scimGroups = scimUser.getGroups();
List<PosixGroup> localGroups = ldapClient.getPosixGroups();
int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
if (clamiedPrimaryUidNumber != 0) {
// user claims to have local user id
log.debug("User claimed local uidNumber {}", clamiedPrimaryUidNumber);
createdUser = createOrGetDefaultUser(indigoUser);
// - verify local user
// - modify created user's uidNumber
} else {
// user has no local user id, use default
log.debug("User has no local uidNumber");
createdUser = createOrGetDefaultUser(indigoUser);
}
boolean matchingPrimaryGidNumber = false;
if (scimGroups != null) {
for (ScimGroup scimGroup : scimGroups) {
boolean matchingLocalGroup = false;
HashMap<String, Integer> verifiedLocalGroups = getVerifiedLocalGroups(scimGroups);
for (String group : verifiedLocalGroups.keySet()) {
log.debug("Add user {} to group {}", createdUser.getId(), group);
ldapClient.addGroupMember(group, createdUser.getId());
}
int claimedPrimaryGidNumber = indigoUser.getGidNumber();
if (claimedPrimaryGidNumber != 0) {
// user claims to have local primary group
log.debug("User claimed primary group {}", claimedPrimaryGidNumber);
} else {
// user claims to have no local primary group
log.debug("User has no primary local group, use default {}", indigoUser.getGidNumber());
}
}
List<PosixGroup> userGroups = ldapClient.getUserGroups(createdUser.getUserName());
createdUser.setGroups(new ArrayList<ScimGroup>());
for (PosixGroup group : userGroups) {
log.debug("User is member of group {}", group.toString());
createdUser.getGroups().add(groupMapper.mapFromPosixGroup(group));
}
return createdUser;
}
private HashMap<String, Integer> getVerifiedLocalGroups(List<ScimGroup> groups) {
HashMap<String, Integer> localGroups = new HashMap<String, Integer>();
if (groups != null) {
for (ScimGroup scimGroup : groups) {
int gidNumber = Integer.valueOf(scimGroup.getValue());
String commonName = scimGroup.getDisplay();
try {
matchingLocalGroup = ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber),
ldapClient.getPosixGroup(commonName));
if (ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber),
ldapClient.getPosixGroup(commonName))) {
log.debug("Found matching local group {} {}", commonName, gidNumber);
localGroups.put(commonName, gidNumber);
}
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
e.printStackTrace();
}
if (gidNumber == claimedPrimaryGidNumber)
matchingPrimaryGidNumber = true;
}
}
return localGroups;
}
private ScimUser createOrGetDefaultUser(IndigoUser indigoUser) {
ScimUser user = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
ScimGroup indigoGroup = createOrGetDefaultGroup();
try {
indigoUser.setUidNumber(ldapClient.generateUserIdNumber());
indigoUser.setGidNumber(Integer.valueOf(indigoGroup.getValue()));
indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
log.debug("Create INDIGO user {}", indigoUser.toString());
IndigoUser ldapUser = ldapClient.createIndigoUser(indigoUser.getUid(), indigoUser.getCommonName(),
indigoUser.getSurName(), indigoUser.getIndigoId(), indigoUser.getUidNumber(),
indigoUser.getGidNumber(), indigoUser.getHomeDirectory(), indigoUser.getDescription(),
indigoUser.getGecos(), indigoUser.getLoginShell(), null);
createdUser = mapper.mapFromIndigoUser(ldapUser);
ldapClient.addGroupMember(indigoGroup.getDisplay(), ldapUser.getUid());
log.debug("Created LDAP INDIGO user {}", ldapUser.toString());
user = mapper.mapFromIndigoUser(ldapUser);
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
// e.printStackTrace();
}
return createdUser;
return user;
}
private ScimGroup createOrGetDefaultGroup() {
ScimGroup createdGroup = null;
ScimGroupAttributeMapper mapper = new ScimGroupAttributeMapper();
try {
int gidNumber = ldapClient.generateGroupIdNumber();
log.debug("Create INDIGO Group {} {}", DEFAULT_INDIGO_GROUP, gidNumber);
PosixGroup ldapGroup = ldapClient.createPosixGroup(DEFAULT_INDIGO_GROUP, gidNumber, DEFAULT_DESCRIPTION,
null);
log.debug("Created LDAP group {}", ldapGroup.toString());
createdGroup = mapper.mapFromPosixGroup(ldapGroup);
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
// e.printStackTrace();
}
return createdGroup;
}
/**
......
......@@ -67,6 +67,16 @@ public class ScimUserAttributeMapper {
if (scimUser.getPassword() != null)
user.setUserPassword(scimUser.getPassword().getBytes());
// verify required attributes
if (user.getUid() == null)
return null;
if (user.getIndigoId() == null)
return null;
if (user.getCommonName() == null)
return null;
if (user.getSurName() == null)
return null;
return user;
}
......
File mode changed from 100644 to 100755
......@@ -6,5 +6,8 @@
"formatted":"Ms. Barbara J Jensen III",
"familyName":"Jensen",
"givenName":"Barbara"
},
"meta":{
"gidNumber":"9999"
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment