Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
benjamin.ertl
aai-identity-harmonization
Commits
60662521
Commit
60662521
authored
Feb 09, 2016
by
benjamin.ertl
Browse files
update harmonization algorithm
parent
9fe0052a
Changes
8
Show whitespace changes
Inline
Side-by-side
src/main/java/edu/kit/scc/ldap/LdapClient.java
View file @
60662521
...
...
@@ -156,6 +156,10 @@ public class LdapClient {
return
group
;
}
public
List
<
PosixGroup
>
getUserGroups
(
String
uid
)
{
return
ldapPosixGroup
.
getUserGroups
(
uid
);
}
/**
* Gets all INDIGO users from the LDAP server.
*
...
...
@@ -237,7 +241,7 @@ public class LdapClient {
user
.
setUserPassword
(
userPassword
.
getBytes
());
ldapIndigoUser
.
insertUser
(
user
);
return
user
;
return
getIndigoUser
(
uid
)
;
}
/**
...
...
@@ -282,7 +286,7 @@ public class LdapClient {
user
.
setUserPassword
(
userPassword
.
getBytes
());
ldapIndigoUser
.
updateUser
(
user
);
return
user
;
return
getIndigoUser
(
uid
)
;
}
/**
...
...
@@ -332,7 +336,7 @@ public class LdapClient {
group
.
setUserPassword
(
userPassword
.
getBytes
());
ldapPosixGroup
.
insertGroup
(
group
);
return
g
roup
;
return
g
etPosixGroup
(
cn
)
;
}
/**
...
...
@@ -357,7 +361,7 @@ public class LdapClient {
group
.
setUserPassword
(
userPassword
.
getBytes
());
ldapPosixGroup
.
updateGroup
(
group
);
return
g
roup
;
return
g
etPosixGroup
(
cn
)
;
}
/**
...
...
src/main/java/edu/kit/scc/ldap/LdapIndigoUserDAO.java
View file @
60662521
...
...
@@ -18,6 +18,7 @@ import javax.naming.ldap.LdapName;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.ldap.NameAlreadyBoundException
;
import
org.springframework.ldap.core.LdapTemplate
;
import
org.springframework.ldap.filter.AndFilter
;
import
org.springframework.ldap.filter.EqualsFilter
;
...
...
@@ -88,8 +89,10 @@ public class LdapIndigoUserDAO implements IndigoUserDAO {
newUserDN
.
add
(
"uid="
+
user
.
getUid
());
log
.
debug
(
"Insert {}"
,
newUserDN
.
toString
());
ldapTemplate
.
bind
(
newUserDN
,
null
,
personAttributes
);
}
catch
(
NameAlreadyBoundException
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
}
catch
(
InvalidNameException
e
)
{
e
.
printStackTrac
e
();
log
.
error
(
"ERROR {}"
,
e
.
getMessag
e
()
)
;
}
}
...
...
src/main/java/edu/kit/scc/ldap/LdapPosixGroupDAO.java
View file @
60662521
...
...
@@ -20,6 +20,8 @@ import javax.naming.ldap.LdapName;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.ldap.AttributeInUseException
;
import
org.springframework.ldap.NameAlreadyBoundException
;
import
org.springframework.ldap.core.LdapTemplate
;
import
org.springframework.ldap.filter.AndFilter
;
import
org.springframework.ldap.filter.EqualsFilter
;
...
...
@@ -87,8 +89,10 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
newGroupDN
.
add
(
"cn="
+
group
.
getCommonName
());
log
.
debug
(
"Insert {}"
,
newGroupDN
.
toString
());
ldapTemplate
.
bind
(
newGroupDN
,
null
,
posixGroupAttributes
);
}
catch
(
NameAlreadyBoundException
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
}
catch
(
InvalidNameException
e
)
{
e
.
printStackTrac
e
();
log
.
error
(
"ERROR {}"
,
e
.
getMessag
e
()
)
;
}
}
...
...
@@ -140,8 +144,18 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
groupDN
.
add
(
"cn="
+
group
.
getCommonName
());
log
.
debug
(
"Add member {} to {}"
,
memberUid
,
groupDN
.
toString
());
ldapTemplate
.
modifyAttributes
(
groupDN
,
modificationItems
);
}
catch
(
AttributeInUseException
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
}
catch
(
InvalidNameException
e
)
{
e
.
printStackTrac
e
();
log
.
error
(
"ERROR {}"
,
e
.
getMessag
e
()
)
;
}
}
public
List
<
PosixGroup
>
getUserGroups
(
String
uid
)
{
AndFilter
andFilter
=
new
AndFilter
();
andFilter
.
and
(
new
EqualsFilter
(
"objectclass"
,
"posixGroup"
)).
and
(
new
EqualsFilter
(
"memberUid"
,
uid
));
log
.
debug
(
"LDAP query {}"
,
andFilter
.
encode
());
return
ldapTemplate
.
search
(
""
,
andFilter
.
encode
(),
new
LdapPosixGroupAttributeMapper
());
}
}
src/main/java/edu/kit/scc/scim/ScimGroupAttributeMapper.java
View file @
60662521
...
...
@@ -21,6 +21,12 @@ public class ScimGroupAttributeMapper {
if
(
group
.
getDescription
()
!=
null
)
scimGroup
.
set
$ref
(
group
.
getDescription
());
// verify required attributes
if
(
scimGroup
.
getValue
()
==
null
)
return
null
;
if
(
scimGroup
.
getDisplay
()
==
null
)
return
null
;
return
scimGroup
;
}
...
...
src/main/java/edu/kit/scc/scim/ScimService.java
View file @
60662521
...
...
@@ -8,7 +8,8 @@
*/
package
edu.kit.scc.scim
;
import
java.util.Arrays
;
import
java.util.ArrayList
;
import
java.util.HashMap
;
import
java.util.List
;
import
org.slf4j.Logger
;
...
...
@@ -34,9 +35,9 @@ public class ScimService {
@Autowired
private
LdapClient
ldapClient
;
p
rivate
static
final
String
DEFAULT_HOME_DIRECTORY
=
"/home"
;
p
rivate
static
final
String
DEFAULT_DESCRIPTION
=
"INDIGO-DataCloud"
;
p
rivate
static
final
String
DEFAULT_INDIGO_GROUP
=
"indigo"
;
p
ublic
static
final
String
DEFAULT_HOME_DIRECTORY
=
"/home"
;
p
ublic
static
final
String
DEFAULT_DESCRIPTION
=
"INDIGO-DataCloud"
;
p
ublic
static
final
String
DEFAULT_INDIGO_GROUP
=
"indigo"
;
/**
* Creates a new LDAP INDIGO user according to the provided SCIM object.
...
...
@@ -47,63 +48,127 @@ public class ScimService {
*/
public
ScimUser
createLdapIndigoUser
(
ScimUser
scimUser
)
{
ScimUser
createdUser
=
null
;
ScimUserAttributeMapper
userMapper
=
new
ScimUserAttributeMapper
();
ScimGroupAttributeMapper
groupMapper
=
new
ScimGroupAttributeMapper
();
ScimUserAttributeMapper
mapper
=
new
ScimUserAttributeMapper
();
IndigoUser
indigoUser
=
mapper
.
mapToIndigoUser
(
scimUser
);
IndigoUser
indigoUser
=
userMapper
.
mapToIndigoUser
(
scimUser
);
if
(
indigoUser
.
getUid
()
==
null
)
return
null
;
if
(
indigoUser
.
getIndigoId
()
==
null
)
return
null
;
if
(
indigoUser
.
getCommonName
()
==
null
)
return
null
;
if
(
indigoUser
.
getSurName
()
==
null
)
return
null
;
if
(
indigoUser
.
getHomeDirectory
()
==
null
)
indigoUser
.
setHomeDirectory
(
DEFAULT_HOME_DIRECTORY
+
"/"
+
indigoUser
.
getUid
());
if
(
indigoUser
.
getDescription
()
==
null
)
indigoUser
.
setDescription
(
DEFAULT_DESCRIPTION
);
if
(
indigoUser
==
null
)
return
createdUser
;
int
claimedPrimaryGidNumber
=
indigoUser
.
getGidNumber
();
int
clamiedPrimaryUidNumber
=
indigoUser
.
getUidNumber
();
List
<
ScimGroup
>
scimGroups
=
scimUser
.
getGroups
();
List
<
PosixGroup
>
localGroups
=
ldapClient
.
getPosixGroups
();
int
clamiedPrimaryUidNumber
=
indigoUser
.
getUidNumber
();
if
(
clamiedPrimaryUidNumber
!=
0
)
{
// user claims to have local user id
log
.
debug
(
"User claimed local uidNumber {}"
,
clamiedPrimaryUidNumber
);
createdUser
=
createOrGetDefaultUser
(
indigoUser
);
// - verify local user
// - modify created user's uidNumber
}
else
{
// user has no local user id, use default
log
.
debug
(
"User has no local uidNumber"
);
createdUser
=
createOrGetDefaultUser
(
indigoUser
);
}
boolean
matchingPrimaryGidNumber
=
false
;
if
(
scimGroups
!=
null
)
{
for
(
ScimGroup
scimGroup
:
scimGroups
)
{
boolean
matchingLocalGroup
=
false
;
HashMap
<
String
,
Integer
>
verifiedLocalGroups
=
getVerifiedLocalGroups
(
scimGroups
);
for
(
String
group
:
verifiedLocalGroups
.
keySet
())
{
log
.
debug
(
"Add user {} to group {}"
,
createdUser
.
getId
(),
group
);
ldapClient
.
addGroupMember
(
group
,
createdUser
.
getId
());
}
int
claimedPrimaryGidNumber
=
indigoUser
.
getGidNumber
();
if
(
claimedPrimaryGidNumber
!=
0
)
{
// user claims to have local primary group
log
.
debug
(
"User claimed primary group {}"
,
claimedPrimaryGidNumber
);
}
else
{
// user claims to have no local primary group
log
.
debug
(
"User has no primary local group, use default {}"
,
indigoUser
.
getGidNumber
());
}
}
List
<
PosixGroup
>
userGroups
=
ldapClient
.
getUserGroups
(
createdUser
.
getUserName
());
createdUser
.
setGroups
(
new
ArrayList
<
ScimGroup
>());
for
(
PosixGroup
group
:
userGroups
)
{
log
.
debug
(
"User is member of group {}"
,
group
.
toString
());
createdUser
.
getGroups
().
add
(
groupMapper
.
mapFromPosixGroup
(
group
));
}
return
createdUser
;
}
private
HashMap
<
String
,
Integer
>
getVerifiedLocalGroups
(
List
<
ScimGroup
>
groups
)
{
HashMap
<
String
,
Integer
>
localGroups
=
new
HashMap
<
String
,
Integer
>();
if
(
groups
!=
null
)
{
for
(
ScimGroup
scimGroup
:
groups
)
{
int
gidNumber
=
Integer
.
valueOf
(
scimGroup
.
getValue
());
String
commonName
=
scimGroup
.
getDisplay
();
try
{
matchingLocalGroup
=
ldapClient
.
equalGroups
(
ldapClient
.
getPosixGroup
(
gidNumber
),
ldapClient
.
getPosixGroup
(
commonName
));
if
(
ldapClient
.
equalGroups
(
ldapClient
.
getPosixGroup
(
gidNumber
),
ldapClient
.
getPosixGroup
(
commonName
)))
{
log
.
debug
(
"Found matching local group {} {}"
,
commonName
,
gidNumber
);
localGroups
.
put
(
commonName
,
gidNumber
);
}
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
e
.
printStackTrace
();
}
if
(
gidNumber
==
claimedPrimaryGidNumber
)
matchingPrimaryGidNumber
=
true
;
}
}
return
localGroups
;
}
private
ScimUser
createOrGetDefaultUser
(
IndigoUser
indigoUser
)
{
ScimUser
user
=
null
;
ScimUserAttributeMapper
mapper
=
new
ScimUserAttributeMapper
();
ScimGroup
indigoGroup
=
createOrGetDefaultGroup
();
try
{
indigoUser
.
setUidNumber
(
ldapClient
.
generateUserIdNumber
());
indigoUser
.
setGidNumber
(
Integer
.
valueOf
(
indigoGroup
.
getValue
()));
indigoUser
.
setHomeDirectory
(
DEFAULT_HOME_DIRECTORY
+
"/"
+
indigoUser
.
getUid
());
log
.
debug
(
"Create INDIGO user {}"
,
indigoUser
.
toString
());
IndigoUser
ldapUser
=
ldapClient
.
createIndigoUser
(
indigoUser
.
getUid
(),
indigoUser
.
getCommonName
(),
indigoUser
.
getSurName
(),
indigoUser
.
getIndigoId
(),
indigoUser
.
getUidNumber
(),
indigoUser
.
getGidNumber
(),
indigoUser
.
getHomeDirectory
(),
indigoUser
.
getDescription
(),
indigoUser
.
getGecos
(),
indigoUser
.
getLoginShell
(),
null
);
createdUser
=
mapper
.
mapFromIndigoUser
(
ldapUser
);
ldapClient
.
addGroupMember
(
indigoGroup
.
getDisplay
(),
ldapUser
.
getUid
());
log
.
debug
(
"Created LDAP INDIGO user {}"
,
ldapUser
.
toString
());
user
=
mapper
.
mapFromIndigoUser
(
ldapUser
);
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
// e.printStackTrace();
}
return
createdUser
;
return
user
;
}
private
ScimGroup
createOrGetDefaultGroup
()
{
ScimGroup
createdGroup
=
null
;
ScimGroupAttributeMapper
mapper
=
new
ScimGroupAttributeMapper
();
try
{
int
gidNumber
=
ldapClient
.
generateGroupIdNumber
();
log
.
debug
(
"Create INDIGO Group {} {}"
,
DEFAULT_INDIGO_GROUP
,
gidNumber
);
PosixGroup
ldapGroup
=
ldapClient
.
createPosixGroup
(
DEFAULT_INDIGO_GROUP
,
gidNumber
,
DEFAULT_DESCRIPTION
,
null
);
log
.
debug
(
"Created LDAP group {}"
,
ldapGroup
.
toString
());
createdGroup
=
mapper
.
mapFromPosixGroup
(
ldapGroup
);
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
// e.printStackTrace();
}
return
createdGroup
;
}
/**
...
...
src/main/java/edu/kit/scc/scim/ScimUserAttributeMapper.java
View file @
60662521
...
...
@@ -67,6 +67,16 @@ public class ScimUserAttributeMapper {
if
(
scimUser
.
getPassword
()
!=
null
)
user
.
setUserPassword
(
scimUser
.
getPassword
().
getBytes
());
// verify required attributes
if
(
user
.
getUid
()
==
null
)
return
null
;
if
(
user
.
getIndigoId
()
==
null
)
return
null
;
if
(
user
.
getCommonName
()
==
null
)
return
null
;
if
(
user
.
getSurName
()
==
null
)
return
null
;
return
user
;
}
...
...
test_add_user.sh
100644 → 100755
View file @
60662521
File mode changed from 100644 to 100755
user.scim
View file @
60662521
...
...
@@ -6,5 +6,8 @@
"formatted":"Ms. Barbara J Jensen III",
"familyName":"Jensen",
"givenName":"Barbara"
},
"meta":{
"gidNumber":"9999"
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment