update harmonization algorithm

60662521 · benjamin.ertl · 9fe0052a · 60662521 · 60662521 · 60662521
Commit 60662521 authored Feb 09, 2016 by benjamin.ertl
8 changed files
--- a/src/main/java/edu/kit/scc/ldap/LdapClient.java
+++ b/src/main/java/edu/kit/scc/ldap/LdapClient.java
@@ -156,6 +156,10 @@ public class LdapClient {
 		return group;
 	}

+	public List<PosixGroup> getUserGroups(String uid) {
+		return ldapPosixGroup.getUserGroups(uid);
+	}
+
 	/**
 	 * Gets all INDIGO users from the LDAP server.
 	 * 
@@ -237,7 +241,7 @@ public class LdapClient {
 			user.setUserPassword(userPassword.getBytes());
 		ldapIndigoUser.insertUser(user);

-		return user;
+		return getIndigoUser(uid);
 	}

 	/**
@@ -282,7 +286,7 @@ public class LdapClient {
 			user.setUserPassword(userPassword.getBytes());
 		ldapIndigoUser.updateUser(user);

-		return user;
+		return getIndigoUser(uid);
 	}

 	/**
@@ -332,7 +336,7 @@ public class LdapClient {
 			group.setUserPassword(userPassword.getBytes());
 		ldapPosixGroup.insertGroup(group);

-		return group;
+		return getPosixGroup(cn);
 	}

 	/**
@@ -357,7 +361,7 @@ public class LdapClient {
 			group.setUserPassword(userPassword.getBytes());
 		ldapPosixGroup.updateGroup(group);

-		return group;
+		return getPosixGroup(cn);
 	}

 	/**

--- a/src/main/java/edu/kit/scc/ldap/LdapIndigoUserDAO.java
+++ b/src/main/java/edu/kit/scc/ldap/LdapIndigoUserDAO.java
@@ -18,6 +18,7 @@ import javax.naming.ldap.LdapName;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.ldap.NameAlreadyBoundException;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
@@ -88,8 +89,10 @@ public class LdapIndigoUserDAO implements IndigoUserDAO {
 			newUserDN.add("uid=" + user.getUid());
 			log.debug("Insert {}", newUserDN.toString());
 			ldapTemplate.bind(newUserDN, null, personAttributes);
+		} catch (NameAlreadyBoundException e) {
+			log.error("ERROR {}", e.getMessage());
 		} catch (InvalidNameException e) {
-			e.printStackTrace();
+			log.error("ERROR {}", e.getMessage());
 		}
 	}


--- a/src/main/java/edu/kit/scc/ldap/LdapPosixGroupDAO.java
+++ b/src/main/java/edu/kit/scc/ldap/LdapPosixGroupDAO.java
@@ -20,6 +20,8 @@ import javax.naming.ldap.LdapName;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.ldap.AttributeInUseException;
+import org.springframework.ldap.NameAlreadyBoundException;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
@@ -87,8 +89,10 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
 			newGroupDN.add("cn=" + group.getCommonName());
 			log.debug("Insert {}", newGroupDN.toString());
 			ldapTemplate.bind(newGroupDN, null, posixGroupAttributes);
+		} catch (NameAlreadyBoundException e) {
+			log.error("ERROR {}", e.getMessage());
 		} catch (InvalidNameException e) {
-			e.printStackTrace();
+			log.error("ERROR {}", e.getMessage());
 		}
 	}

@@ -140,8 +144,18 @@ public class LdapPosixGroupDAO implements PosixGroupDAO {
 			groupDN.add("cn=" + group.getCommonName());
 			log.debug("Add member {} to {}", memberUid, groupDN.toString());
 			ldapTemplate.modifyAttributes(groupDN, modificationItems);
+		} catch (AttributeInUseException e) {
+			log.error("ERROR {}", e.getMessage());
 		} catch (InvalidNameException e) {
-			e.printStackTrace();
+			log.error("ERROR {}", e.getMessage());
 		}
 	}
+
+	public List<PosixGroup> getUserGroups(String uid) {
+		AndFilter andFilter = new AndFilter();
+		andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("memberUid", uid));
+		log.debug("LDAP query {}", andFilter.encode());
+
+		return ldapTemplate.search("", andFilter.encode(), new LdapPosixGroupAttributeMapper());
+	}
 }
--- a/src/main/java/edu/kit/scc/scim/ScimGroupAttributeMapper.java
+++ b/src/main/java/edu/kit/scc/scim/ScimGroupAttributeMapper.java
@@ -21,6 +21,12 @@ public class ScimGroupAttributeMapper {
 		if (group.getDescription() != null)
 			scimGroup.set$ref(group.getDescription());

+		// verify required attributes
+		if (scimGroup.getValue() == null)
+			return null;
+		if (scimGroup.getDisplay() == null)
+			return null;
+
 		return scimGroup;
 	}


--- a/src/main/java/edu/kit/scc/scim/ScimService.java
+++ b/src/main/java/edu/kit/scc/scim/ScimService.java
@@ -8,7 +8,8 @@
 */
 package edu.kit.scc.scim;

-import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;

 import org.slf4j.Logger;
@@ -34,9 +35,9 @@ public class ScimService {
 	@Autowired
 	private LdapClient ldapClient;

-	private static final String DEFAULT_HOME_DIRECTORY = "/home";
-	private static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud";
-	private static final String DEFAULT_INDIGO_GROUP = "indigo";
+	public static final String DEFAULT_HOME_DIRECTORY = "/home";
+	public static final String DEFAULT_DESCRIPTION = "INDIGO-DataCloud";
+	public static final String DEFAULT_INDIGO_GROUP = "indigo";

 	/**
 	 * Creates a new LDAP INDIGO user according to the provided SCIM object.
@@ -47,63 +48,127 @@ public class ScimService {
 	 */
 	public ScimUser createLdapIndigoUser(ScimUser scimUser) {
 		ScimUser createdUser = null;
+		ScimUserAttributeMapper userMapper = new ScimUserAttributeMapper();
+		ScimGroupAttributeMapper groupMapper = new ScimGroupAttributeMapper();

-		ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
-		IndigoUser indigoUser = mapper.mapToIndigoUser(scimUser);
+		IndigoUser indigoUser = userMapper.mapToIndigoUser(scimUser);

-		if (indigoUser.getUid() == null)
-			return null;
-		if (indigoUser.getIndigoId() == null)
-			return null;
-		if (indigoUser.getCommonName() == null)
-			return null;
-		if (indigoUser.getSurName() == null)
-			return null;
-		if (indigoUser.getHomeDirectory() == null)
-			indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
-		if (indigoUser.getDescription() == null)
-			indigoUser.setDescription(DEFAULT_DESCRIPTION);
+		if (indigoUser == null)
+			return createdUser;

-		int claimedPrimaryGidNumber = indigoUser.getGidNumber();
-		int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
 		List<ScimGroup> scimGroups = scimUser.getGroups();

-		List<PosixGroup> localGroups = ldapClient.getPosixGroups();
+		int clamiedPrimaryUidNumber = indigoUser.getUidNumber();
+		if (clamiedPrimaryUidNumber != 0) {
+			// user claims to have local user id
+			log.debug("User claimed local uidNumber {}", clamiedPrimaryUidNumber);
+			createdUser = createOrGetDefaultUser(indigoUser);
+			// - verify local user
+			// - modify created user's uidNumber
+		} else {
+			// user has no local user id, use default
+			log.debug("User has no local uidNumber");
+			createdUser = createOrGetDefaultUser(indigoUser);
+		}

-		boolean matchingPrimaryGidNumber = false;
 		if (scimGroups != null) {
-			for (ScimGroup scimGroup : scimGroups) {
-				boolean matchingLocalGroup = false;
+			HashMap<String, Integer> verifiedLocalGroups = getVerifiedLocalGroups(scimGroups);
+			for (String group : verifiedLocalGroups.keySet()) {
+				log.debug("Add user {} to group {}", createdUser.getId(), group);
+				ldapClient.addGroupMember(group, createdUser.getId());
+			}
+			int claimedPrimaryGidNumber = indigoUser.getGidNumber();
+			if (claimedPrimaryGidNumber != 0) {
+				// user claims to have local primary group
+				log.debug("User claimed primary group {}", claimedPrimaryGidNumber);
+			} else {
+				// user claims to have no local primary group
+				log.debug("User has no primary local group, use default {}", indigoUser.getGidNumber());
+			}
+		}
+
+		List<PosixGroup> userGroups = ldapClient.getUserGroups(createdUser.getUserName());
+		createdUser.setGroups(new ArrayList<ScimGroup>());
+		for (PosixGroup group : userGroups) {
+			log.debug("User is member of group {}", group.toString());
+			createdUser.getGroups().add(groupMapper.mapFromPosixGroup(group));
+		}
+
+		return createdUser;
+	}
+
+	private HashMap<String, Integer> getVerifiedLocalGroups(List<ScimGroup> groups) {
+		HashMap<String, Integer> localGroups = new HashMap<String, Integer>();
+
+		if (groups != null) {
+			for (ScimGroup scimGroup : groups) {

 				int gidNumber = Integer.valueOf(scimGroup.getValue());
 				String commonName = scimGroup.getDisplay();

 				try {
-					matchingLocalGroup = ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber),
-							ldapClient.getPosixGroup(commonName));
+					if (ldapClient.equalGroups(ldapClient.getPosixGroup(gidNumber),
+							ldapClient.getPosixGroup(commonName))) {
+						log.debug("Found matching local group {} {}", commonName, gidNumber);
+						localGroups.put(commonName, gidNumber);
+					}
 				} catch (Exception e) {
 					log.error("ERROR {}", e.getMessage());
 					e.printStackTrace();
 				}
-
-				if (gidNumber == claimedPrimaryGidNumber)
-					matchingPrimaryGidNumber = true;
-
 			}
 		}
+		return localGroups;
+	}
+
+	private ScimUser createOrGetDefaultUser(IndigoUser indigoUser) {
+		ScimUser user = null;
+		ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
+		ScimGroup indigoGroup = createOrGetDefaultGroup();

 		try {
+			indigoUser.setUidNumber(ldapClient.generateUserIdNumber());
+			indigoUser.setGidNumber(Integer.valueOf(indigoGroup.getValue()));
+			indigoUser.setHomeDirectory(DEFAULT_HOME_DIRECTORY + "/" + indigoUser.getUid());
+
+			log.debug("Create INDIGO user {}", indigoUser.toString());
+
 			IndigoUser ldapUser = ldapClient.createIndigoUser(indigoUser.getUid(), indigoUser.getCommonName(),
 					indigoUser.getSurName(), indigoUser.getIndigoId(), indigoUser.getUidNumber(),
 					indigoUser.getGidNumber(), indigoUser.getHomeDirectory(), indigoUser.getDescription(),
 					indigoUser.getGecos(), indigoUser.getLoginShell(), null);

-			createdUser = mapper.mapFromIndigoUser(ldapUser);
+			ldapClient.addGroupMember(indigoGroup.getDisplay(), ldapUser.getUid());
+
+			log.debug("Created LDAP INDIGO user {}", ldapUser.toString());
+
+			user = mapper.mapFromIndigoUser(ldapUser);
 		} catch (Exception e) {
 			log.error("ERROR {}", e.getMessage());
 			// e.printStackTrace();
 		}
-		return createdUser;
+		return user;
+	}
+
+	private ScimGroup createOrGetDefaultGroup() {
+		ScimGroup createdGroup = null;
+		ScimGroupAttributeMapper mapper = new ScimGroupAttributeMapper();
+		try {
+			int gidNumber = ldapClient.generateGroupIdNumber();
+
+			log.debug("Create INDIGO Group {} {}", DEFAULT_INDIGO_GROUP, gidNumber);
+
+			PosixGroup ldapGroup = ldapClient.createPosixGroup(DEFAULT_INDIGO_GROUP, gidNumber, DEFAULT_DESCRIPTION,
+					null);
+
+			log.debug("Created LDAP group {}", ldapGroup.toString());
+
+			createdGroup = mapper.mapFromPosixGroup(ldapGroup);
+		} catch (Exception e) {
+			log.error("ERROR {}", e.getMessage());
+			// e.printStackTrace();
+		}
+		return createdGroup;
 	}

 	/**

--- a/src/main/java/edu/kit/scc/scim/ScimUserAttributeMapper.java
+++ b/src/main/java/edu/kit/scc/scim/ScimUserAttributeMapper.java
@@ -67,6 +67,16 @@ public class ScimUserAttributeMapper {
 		if (scimUser.getPassword() != null)
 			user.setUserPassword(scimUser.getPassword().getBytes());

+		// verify required attributes
+		if (user.getUid() == null)
+			return null;
+		if (user.getIndigoId() == null)
+			return null;
+		if (user.getCommonName() == null)
+			return null;
+		if (user.getSurName() == null)
+			return null;
+
 		return user;
 	}


--- a/test_add_user.sh
+++ b/test_add_user.sh
--- a/user.scim
+++ b/user.scim
@@ -6,5 +6,8 @@
    "formatted":"Ms. Barbara J Jensen III",
    "familyName":"Jensen",
    "givenName":"Barbara"
+  },
+  "meta":{
+    "gidNumber":"9999"
  }
 }