Package org.alfresco.repo.security.sync.ldap

Class LDAPUserRegistry

java.lang.Object
org.alfresco.repo.security.sync.ldap.LDAPUserRegistry
All Implemented Interfaces:
ActivateableBean, LDAPNameResolver, UserRegistry, org.springframework.beans.factory.InitializingBean
public class LDAPUserRegistry extends Object implements UserRegistry, LDAPNameResolver, org.springframework.beans.factory.InitializingBean, ActivateableBean
A UserRegistry implementation with the ability to query Alfresco-like descriptions of users and groups from an LDAP directory, optionally restricted to those modified since a certain time.
Author:
dward

  • Field Details

  • Constructor Details

    • LDAPUserRegistry

      public LDAPUserRegistry()
      Instantiates a new lDAP user registry.

  • Method Details

    • setActive

      public void setActive(boolean active)
      Controls whether this bean is active. I.e. should this part of the subsystem be used?
      Parameters:
      active - true if this bean is active

    • setEnableProgressEstimation

      public void setEnableProgressEstimation(boolean enableProgressEstimation)
      Controls whether progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
      Parameters:
      enableProgressEstimation - true if progress estimation is enabled

    • setGroupIdAttributeName

      public void setGroupIdAttributeName(String groupIdAttributeName)
      Sets the group id attribute name.
      Parameters:
      groupIdAttributeName - the group id attribute name

    • setGroupQuery

      public void setGroupQuery(String groupQuery)
      Sets the group query.
      Parameters:
      groupQuery - the group query

    • setGroupDifferentialQuery

      public void setGroupDifferentialQuery(String groupDifferentialQuery)
      Sets the group differential query.
      Parameters:
      groupDifferentialQuery - the group differential query

    • setPersonQuery

      public void setPersonQuery(String personQuery)
      Sets the person query.
      Parameters:
      personQuery - the person query

    • setPersonDifferentialQuery

      public void setPersonDifferentialQuery(String personDifferentialQuery)
      Sets the person differential query.
      Parameters:
      personDifferentialQuery - the person differential query

    • setGroupType

      public void setGroupType(String groupType)
      Sets the group type.
      Parameters:
      groupType - the group type

    • setMemberAttribute

      public void setMemberAttribute(String memberAttribute)
      Sets the member attribute name.
      Parameters:
      memberAttribute - the member attribute name

    • setPersonType

      public void setPersonType(String personType)
      Sets the person type.
      Parameters:
      personType - the person type

    • setGroupSearchBase

      public void setGroupSearchBase(String groupSearchBase)
      Sets the group search base.
      Parameters:
      groupSearchBase - the group search base

    • setUserSearchBase

      public void setUserSearchBase(String userSearchBase)
      Sets the user search base.
      Parameters:
      userSearchBase - the user search base

    • setUserIdAttributeName

      public void setUserIdAttributeName(String userIdAttributeName)
      Sets the user id attribute name.
      Parameters:
      userIdAttributeName - the user id attribute name

    • setModifyTimestampAttributeName

      public void setModifyTimestampAttributeName(String modifyTimestampAttributeName)
      Sets the modification timestamp attribute name.
      Parameters:
      modifyTimestampAttributeName - the modification timestamp attribute name

    • setTimestampFormat

      public void setTimestampFormat(String timestampFormat)
      Sets the timestamp format. Unfortunately, this varies between directory servers.
      Parameters:
      timestampFormat - the timestamp format
      • OpenLDAP: "yyyyMMddHHmmss'Z'"
      • Active Directory: "yyyyMMddHHmmss'.0Z'"

    • setErrorOnMissingMembers

      public void setErrorOnMissingMembers(boolean errorOnMissingMembers)
      Decides whether to error on missing group members.
      Parameters:
      errorOnMissingMembers - true if we should error on missing group members

    • setErrorOnMissingGID

      public void setErrorOnMissingGID(boolean errorOnMissingGID)
      Decides whether to error on missing group IDs.
      Parameters:
      errorOnMissingGID - true if we should error on missing group IDs

    • setErrorOnMissingUID

      public void setErrorOnMissingUID(boolean errorOnMissingUID)
      Decides whether to error on missing user IDs.
      Parameters:
      errorOnMissingUID - true if we should error on missing user IDs

    • setErrorOnDuplicateGID

      public void setErrorOnDuplicateGID(boolean errorOnDuplicateGID)
      Decides whether to error on duplicate group IDs.
      Parameters:
      errorOnDuplicateGID - true if we should error on duplicate group IDs

    • setLDAPInitialDirContextFactory

      public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
      Sets the LDAP initial dir context factory.
      Parameters:
      ldapInitialDirContextFactory - the new LDAP initial dir context factory

    • setNamespaceService

      public void setNamespaceService(NamespaceService namespaceService)
      Sets the namespace service.
      Parameters:
      namespaceService - the namespace service

    • setPersonAttributeDefaults

      public void setPersonAttributeDefaults(Map<String,String> personAttributeDefaults)
      Sets the person attribute defaults.
      Parameters:
      personAttributeDefaults - the person attribute defaults

    • setPersonAttributeMapping

      public void setPersonAttributeMapping(Map<String,String> personAttributeMapping)
      Sets the person attribute mapping.
      Parameters:
      personAttributeMapping - the person attribute mapping

    • setGroupAttributeDefaults

      public void setGroupAttributeDefaults(Map<String,String> groupAttributeDefaults)
      Sets the group attribute defaults.
      Parameters:
      groupAttributeDefaults - the group attribute defaults

    • setGroupAttributeMapping

      public void setGroupAttributeMapping(Map<String,String> groupAttributeMapping)
      Sets the group attribute mapping.
      Parameters:
      groupAttributeMapping - the group attribute mapping

    • setQueryBatchSize

      public void setQueryBatchSize(int queryBatchSize)
      Sets the query batch size.
      Parameters:
      queryBatchSize - If positive, indicates that RFC 2696 paged results should be used to split query results into batches of the specified size. Overcomes any size limits imposed by the LDAP server.

    • setAttributeBatchSize

      public void setAttributeBatchSize(int attributeBatchSize)
      Sets the attribute batch size.
      Parameters:
      attributeBatchSize - If positive, indicates that range retrieval should be used to fetch multi-valued attributes (such as member) in batches of the specified size. Overcomes any size limits imposed by the LDAP server.

    • setUserAccountStatusInterpreter

      public void setUserAccountStatusInterpreter(AbstractDirectoryServiceUserAccountStatusInterpreter userAccountStatusInterpreter)

    • getUserAccountStatusInterpreter

      public AbstractDirectoryServiceUserAccountStatusInterpreter getUserAccountStatusInterpreter()

    • isActive

      public boolean isActive()
      Description copied from interface: ActivateableBean
      Determines whether this bean is active.
      Specified by:
      isActive in interface ActivateableBean
      Returns:
      true if this bean is active

    • afterPropertiesSet

      public void afterPropertiesSet() throws Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      Exception

    • getPersonMappedProperties

      public Set<QName> getPersonMappedProperties()
      Description copied from interface: UserRegistry
      Gets the set of property names that are auto-mapped by this user registry. These should remain read-only for this registry's users in the UI.
      Specified by:
      getPersonMappedProperties in interface UserRegistry
      Returns:
      the person mapped properties

    • getPersons

      public Collection<NodeDescription> getPersons(Date modifiedSince)
      Description copied from interface: UserRegistry
      Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.
      Specified by:
      getPersons in interface UserRegistry
      Parameters:
      modifiedSince - if non-null, then only descriptions of users modified since this date should be returned; if null then descriptions of all users should be returned.
      Returns:
      a Collection of NodeDescriptions of all the persons (users) in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco person node.

    • getPersonNames

      public Collection<String> getPersonNames()
      Description copied from interface: UserRegistry
      Gets the names of all persons in the registry. Used to detect local persons to be deleted. Note that the treatment of these names will depend on Alfresco's username case-sensitivity setting.
      Specified by:
      getPersonNames in interface UserRegistry
      Returns:
      the person names

    • getGroupNames

      public Collection<String> getGroupNames()
      Description copied from interface: UserRegistry
      Gets the names of all groups in the registry. Used to detect local groups to be deleted.
      Specified by:
      getGroupNames in interface UserRegistry
      Returns:
      the person names

    • getGroups

      public Collection<NodeDescription> getGroups(Date modifiedSince)
      Description copied from interface: UserRegistry
      Gets descriptions of all the groups in the user registry or all those changed since a certain date.
      Specified by:
      getGroups in interface UserRegistry
      Parameters:
      modifiedSince - if non-null, then only descriptions of groups modified since this date should be returned; if null then descriptions of all groups should be returned.
      Returns:
      a Collection of NodeDescriptions of all the groups in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco authority node.

    • resolveDistinguishedName

      public String resolveDistinguishedName(String userId, AuthenticationDiagnostic diagnostic) throws AuthenticationException
      Description copied from interface: LDAPNameResolver
      Resolves a user ID to a distinguished name.
      Specified by:
      resolveDistinguishedName in interface LDAPNameResolver
      Parameters:
      userId - the user id
      Returns:
      the DN
      Throws:
      AuthenticationException - if the user ID cannot be resolved

    • jndiName

      public static Name jndiName(String dn) throws InvalidNameException
      Converts a given DN into one suitable for use through JNDI. In particular, escapes special characters such as '/' which have special meaning to JNDI.
      Parameters:
      dn - the dn
      Returns:
      the name
      Throws:
      InvalidNameException - the invalid name exception