Commit 60662521 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

update harmonization algorithm

parent 9fe0052a
...@@ -156,6 +156,10 @@ public class LdapClient { ...@@ -156,6 +156,10 @@ public class LdapClient {
return group; return group;
} }
public List<PosixGroup> getUserGroups(String uid) {
return ldapPosixGroup.getUserGroups(uid);
}
/** /**
* Gets all INDIGO users from the LDAP server. * Gets all INDIGO users from the LDAP server.
* *
...@@ -237,7 +241,7 @@ public class LdapClient { ...@@ -237,7 +241,7 @@ public class LdapClient {
user.setUserPassword(userPassword.getBytes()); user.setUserPassword(userPassword.getBytes());
ldapIndigoUser.insertUser(user); ldapIndigoUser.insertUser(user);
return user; return getIndigoUser(uid);
} }
/** /**
...@@ -282,7 +286,7 @@ public class LdapClient { ...@@ -282,7 +286,7 @@ public class LdapClient {
user.setUserPassword(userPassword.getBytes()); user.setUserPassword(userPassword.getBytes());
ldapIndigoUser.updateUser(user); ldapIndigoUser.updateUser(user);
return user; return getIndigoUser(uid);
} }
/** /**
...@@ -332,7 +336,7 @@ public class LdapClient { ...@@ -332,7 +336,7 @@ public class LdapClient {
group.setUserPassword(userPassword.getBytes()); group.setUserPassword(userPassword.getBytes());
ldapPosixGroup.insertGroup(group); ldapPosixGroup.insertGroup(group);
return group; return getPosixGroup(cn);
} }
/** /**
...@@ -357,7 +361,7 @@ public class LdapClient { ...@@ -357,7 +361,7 @@ public class LdapClient {
group.setUserPassword(userPassword.getBytes()); group.setUserPassword(userPassword.getBytes());
ldapPosixGroup.updateGroup(group); ldapPosixGroup.updateGroup(group);
return group; return getPosixGroup(cn);
} }
/** /**
......
...@@ -18,6 +18,7 @@ import javax.naming.ldap.LdapName; ...@@ -18,6 +18,7 @@ import javax.naming.ldap.LdapName;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter; import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter; import org.springframework.ldap.filter.EqualsFilter;
...@@ -88,8 +89,10 @@ public class LdapIndigoUserDAO implements IndigoUserDAO { ...@@ -88,8 +89,10 @@ public class LdapIndigoUserDAO implements IndigoUserDAO {
newUserDN.add("uid=" + user.getUid()); newUserDN.add("uid=" + user.getUid());
log.debug("Insert {}", newUserDN.toString()); log.debug("Insert {}", newUserDN.toString());
ldapTemplate.bind(newUserDN, null, personAttributes); ldapTemplate.bind(newUserDN, null, personAttributes);
} catch (NameAlreadyBoundException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) { } catch (InvalidNameException e) {
e.printStackTrace(); log.error("ERROR {}", e.getMessage());
} }
} }
......
...@@ -20,6 +20,8 @@ import javax.naming.ldap.LdapName; ...@@ -20,6 +20,8 @@ import javax.naming.ldap.LdapName;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.ldap.AttributeInUseException;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter; import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter; import org.springframework.ldap.filter.EqualsFilter;
...@@ -87,8 +89,10 @@ public class LdapPosixGroupDAO implements PosixGroupDAO { ...@@ -87,8 +89,10 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
newGroupDN.add("cn=" + group.getCommonName()); newGroupDN.add("cn=" + group.getCommonName());
log.debug("Insert {}", newGroupDN.toString()); log.debug("Insert {}", newGroupDN.toString());
ldapTemplate.bind(newGroupDN, null, posixGroupAttributes); ldapTemplate.bind(newGroupDN, null, posixGroupAttributes);
} catch (NameAlreadyBoundException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) { } catch (InvalidNameException e) {
e.printStackTrace(); log.error("ERROR {}", e.getMessage());
} }
} }
...@@ -140,8 +144,18 @@ public class LdapPosixGroupDAO implements PosixGroupDAO { ...@@ -140,8 +144,18 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
groupDN.add("cn=" + group.getCommonName()); groupDN.add("cn=" + group.getCommonName());
log.debug("Add member {} to {}", memberUid, groupDN.toString()); log.debug("Add member {} to {}", memberUid, groupDN.toString());
ldapTemplate.modifyAttributes(groupDN, modificationItems); ldapTemplate.modifyAttributes(groupDN, modificationItems);
} catch (AttributeInUseException e) {
log.error("ERROR {}", e.getMessage());
} catch (InvalidNameException e) { } catch (InvalidNameException e) {
e.printStackTrace(); log.error("ERROR {}", e.getMessage());
} }
} }
public List<PosixGroup> getUserGroups(String uid) {
AndFilter andFilter = new AndFilter();
andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("memberUid", uid));
log.debug("LDAP query {}", andFilter.encode());
return ldapTemplate.search("", andFilter.encode(), new LdapPosixGroupAttributeMapper());
}
} }
...@@ -21,6 +21,12 @@ public class ScimGroupAttributeMapper { ...@@ -21,6 +21,12 @@ public class ScimGroupAttributeMapper {
if (group.getDescription() != null) if (group.getDescription() != null)
scimGroup.set$ref(group.getDescription()); scimGroup.set$ref(group.getDescription());
// verify required attributes
if (scimGroup.getValue() == null)
return null;
if (scimGroup.getDisplay() == null)
return null;
return scimGroup; return scimGroup;
} }
......
...@@ -8,7 +8,8 @@ ...@@ -8,7 +8,8 @@
*/ */
package edu.kit.scc.scim; package edu.kit.scc.scim;
import java.util.Arrays; import java.util.ArrayList;
import java.util.HashMap;
import java.util.List; import java.util.List;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -34,9 +35,9 @@ public class ScimService { ...@@ -34,9 +35,9 @@ public class ScimService {
@Autowired @Autowired
private LdapClient ldapClient; private LdapClient ldapClient;
private static final String DEFAULT_HOME_DIRECTORY = "/home"; public static final String DEFAULT_HOME_DIRECTORY = "/home";
private static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud"; public static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud";
private static final String DEFAULT_INDIGO_GROUP = "indigo"; public static final String DEFAULT_INDIGO_GROUP = "indigo";
/** /**
* Creates a new LDAP INDIGO user according to the provided SCIM object. * Creates a new LDAP INDIGO user according to the provided SCIM object.
...@@ -47,63 +48,127 @@ public class ScimService { ...@@ -47,63 +48,127 @@ public class ScimService {
*/ */
public ScimUser createLdapIndigoUser(ScimUser scimUser) { public ScimUser createLdapIndigoUser(ScimUser scimUser) {
ScimUser createdUser = null; ScimUser createdUser = null;
ScimUserAttributeMapper userMapper = new ScimUserAttributeMapper();
ScimGroupAttributeMapper groupMapper = new ScimGroupAttributeMapper();
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper(); IndigoUser indigoUser = userMapper.mapToIndigoUser(scimUser);
IndigoUser indigoUser = mapper.mapToIndigoUser(scimUser);
if (indigoUser.getUid() == null) if (indigoUser == null)
return null; return createdUser;
if (indigoUser.getIndigoId() == null)
return null;
if (indigoUser.getCommonName() == null)
return null;
if (indigoUser.getSurName() == null)
return null;
if (indigoUser.getHomeDirectory() == null)
indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
if (indigoUser.getDescription() == null)
indigoUser.setDescription(DEFAULT_DESCRIPTION);
int claimedPrimaryGidNumber = indigoUser.getGidNumber();
int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
List<ScimGroup> scimGroups = scimUser.getGroups(); List<ScimGroup> scimGroups = scimUser.getGroups();
List<PosixGroup> localGroups = ldapClient.getPosixGroups(); int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
if (clamiedPrimaryUidNumber != 0) {
// user claims to have local user id
log.debug("User claimed local uidNumber {}", clamiedPrimaryUidNumber);
createdUser = createOrGetDefaultUser(indigoUser);
// - verify local user
// - modify created user's uidNumber
} else {
// user has no local user id, use default
log.debug("User has no local uidNumber");
createdUser = createOrGetDefaultUser(indigoUser);
}
boolean matchingPrimaryGidNumber = false;
if (scimGroups != null) { if (scimGroups != null) {
for (ScimGroup scimGroup : scimGroups) { HashMap<String, Integer> verifiedLocalGroups = getVerifiedLocalGroups(scimGroups);
boolean matchingLocalGroup = false; for (String group : verifiedLocalGroups.keySet()) {
log.debug("Add user {} to group {}", createdUser.getId(), group);
ldapClient.addGroupMember(group, createdUser.getId());
}
int claimedPrimaryGidNumber = indigoUser.getGidNumber();
if (claimedPrimaryGidNumber != 0) {
// user claims to have local primary group
log.debug("User claimed primary group {}", claimedPrimaryGidNumber);
} else {
// user claims to have no local primary group
log.debug("User has no primary local group, use default {}", indigoUser.getGidNumber());
}
}
List<PosixGroup> userGroups = ldapClient.getUserGroups(createdUser.getUserName());
createdUser.setGroups(new ArrayList<ScimGroup>());
for (PosixGroup group : userGroups) {
log.debug("User is member of group {}", group.toString());
createdUser.getGroups().add(groupMapper.mapFromPosixGroup(group));
}
return createdUser;
}
private HashMap<String, Integer> getVerifiedLocalGroups(List<ScimGroup> groups) {
HashMap<String, Integer> localGroups = new HashMap<String, Integer>();
if (groups != null) {
for (ScimGroup scimGroup : groups) {
int gidNumber = Integer.valueOf(scimGroup.getValue()); int gidNumber = Integer.valueOf(scimGroup.getValue());
String commonName = scimGroup.getDisplay(); String commonName = scimGroup.getDisplay();
try { try {
matchingLocalGroup = ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber), if (ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber),
ldapClient.getPosixGroup(commonName)); ldapClient.getPosixGroup(commonName))) {
log.debug("Found matching local group {} {}", commonName, gidNumber);
localGroups.put(commonName, gidNumber);
}
} catch (Exception e) { } catch (Exception e) {
log.error("ERROR {}", e.getMessage()); log.error("ERROR {}", e.getMessage());
e.printStackTrace(); e.printStackTrace();
} }
if (gidNumber == claimedPrimaryGidNumber)
matchingPrimaryGidNumber = true;
} }
} }
return localGroups;
}
private ScimUser createOrGetDefaultUser(IndigoUser indigoUser) {
ScimUser user = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
ScimGroup indigoGroup = createOrGetDefaultGroup();
try { try {
indigoUser.setUidNumber(ldapClient.generateUserIdNumber());
indigoUser.setGidNumber(Integer.valueOf(indigoGroup.getValue()));
indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
log.debug("Create INDIGO user {}", indigoUser.toString());
IndigoUser ldapUser = ldapClient.createIndigoUser(indigoUser.getUid(), indigoUser.getCommonName(), IndigoUser ldapUser = ldapClient.createIndigoUser(indigoUser.getUid(), indigoUser.getCommonName(),
indigoUser.getSurName(), indigoUser.getIndigoId(), indigoUser.getUidNumber(), indigoUser.getSurName(), indigoUser.getIndigoId(), indigoUser.getUidNumber(),
indigoUser.getGidNumber(), indigoUser.getHomeDirectory(), indigoUser.getDescription(), indigoUser.getGidNumber(), indigoUser.getHomeDirectory(), indigoUser.getDescription(),
indigoUser.getGecos(), indigoUser.getLoginShell(), null); indigoUser.getGecos(), indigoUser.getLoginShell(), null);
createdUser = mapper.mapFromIndigoUser(ldapUser); ldapClient.addGroupMember(indigoGroup.getDisplay(), ldapUser.getUid());
log.debug("Created LDAP INDIGO user {}", ldapUser.toString());
user = mapper.mapFromIndigoUser(ldapUser);
} catch (Exception e) { } catch (Exception e) {
log.error("ERROR {}", e.getMessage()); log.error("ERROR {}", e.getMessage());
// e.printStackTrace(); // e.printStackTrace();
} }
return createdUser; return user;
}
private ScimGroup createOrGetDefaultGroup() {
ScimGroup createdGroup = null;
ScimGroupAttributeMapper mapper = new ScimGroupAttributeMapper();
try {
int gidNumber = ldapClient.generateGroupIdNumber();
log.debug("Create INDIGO Group {} {}", DEFAULT_INDIGO_GROUP, gidNumber);
PosixGroup ldapGroup = ldapClient.createPosixGroup(DEFAULT_INDIGO_GROUP, gidNumber, DEFAULT_DESCRIPTION,
null);
log.debug("Created LDAP group {}", ldapGroup.toString());
createdGroup = mapper.mapFromPosixGroup(ldapGroup);
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
// e.printStackTrace();
}
return createdGroup;
} }
/** /**
......
...@@ -67,6 +67,16 @@ public class ScimUserAttributeMapper { ...@@ -67,6 +67,16 @@ public class ScimUserAttributeMapper {
if (scimUser.getPassword() != null) if (scimUser.getPassword() != null)
user.setUserPassword(scimUser.getPassword().getBytes()); user.setUserPassword(scimUser.getPassword().getBytes());
// verify required attributes
if (user.getUid() == null)
return null;
if (user.getIndigoId() == null)
return null;
if (user.getCommonName() == null)
return null;
if (user.getSurName() == null)
return null;
return user; return user;
} }
......
File mode changed from 100644 to 100755
...@@ -6,5 +6,8 @@ ...@@ -6,5 +6,8 @@
"formatted":"Ms. Barbara J Jensen III", "formatted":"Ms. Barbara J Jensen III",
"familyName":"Jensen", "familyName":"Jensen",
"givenName":"Barbara" "givenName":"Barbara"
},
"meta":{
"gidNumber":"9999"
} }
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment