Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.directory
Class MicrosoftActiveDirectory

java.lang.Object
  extended by com.atlassian.crowd.directory.SpringLDAPConnector
      extended by com.atlassian.crowd.directory.RFC4519Directory
          extended by com.atlassian.crowd.directory.MicrosoftActiveDirectory
All Implemented Interfaces:
LDAPDirectory, RemoteDirectory, Attributes
public class MicrosoftActiveDirectory
extends RFC4519Directory

Microsoft Active Directory connector.

Field Summary
static PropertyImpl<String> OBJECT_SID
           
static int UF_ACCOUNTDISABLE
           
 
Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN
 
Constructor Summary
MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper)
           
 
Method Summary
 void addUserToGroup(String username, String groupName)
           
protected  byte[] encodePassword(PasswordCredential passwordCredential)
          Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE
 long fetchHighestCommittedUSN()
           
 List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)
           
protected
<T> List<T>
findAddedOrUpdatedObjectsSince(long usnChange, Name objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper)
           
 List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)
           
 Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
          This method is not part of RemoteDirectory's contract.
protected  Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
           
protected  List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
           
 List<Tombstone> findGroupTombstonesSince(long usnChange)
           
protected  List<Tombstone> findTombstonesSince(long usnChange, Name objectBaseDN, String objectClass)
           
protected  List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults)
           
protected  Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults)
           
 List<Tombstone> findUserTombstonesSince(long usnChange)
           
protected  Map<String,String> getBaseEnvironmentProperties()
          Returns the properties used to set up the Ldap ContextSource.
protected  List<AttributeMapper> getCustomGroupAttributeMappers()
          As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected  List<AttributeMapper> getCustomUserAttributeMappers()
           
 String getDescriptiveName()
           
protected  String getInitialGroupMemberDN()
          AD does not need a default container member.
protected  List<AttributeMapper> getMemberDnMappers()
           
protected  void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes)
          If we want to be able to nest groups, we need to create distribution groups rather than security groups.
protected  void getNewUserDirectorySpecificAttributes(User user, Attributes attributes)
          Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.
static String getStaticDirectoryType()
           
 ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper()
          Returns a ContextMapper that can transform a Context into a User.
protected  List<ModificationItem> getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser)
           
 boolean isUserDirectGroupMember(String username, String groupName)
           
protected  List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups)
          Perform any post-processing on groups.
 void removeGroup(String name)
           
 void removeUserFromGroup(String username, String groupName)
           
 boolean supportsInactiveAccounts()
          This connector supports inactive accounts while, in general, LDAP connector do not.
 
Methods inherited from class com.atlassian.crowd.directory.RFC4519Directory
addDnToGroup, addGroupToGroup, findGroupMembershipsOfUserViaMemberOf, getLdapName, getMemberships, isDnDirectGroupMember, isGroupDirectGroupMember, removeDnFromGroup, removeGroupFromGroup, searchGroupRelationshipsWithGroupTypeSpecified, toGenericIterable
 
Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, createModificationItem, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControls, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

UF_ACCOUNTDISABLE

public static final int UF_ACCOUNTDISABLE
See Also:
Constant Field Values

OBJECT_SID

public static final PropertyImpl<String> OBJECT_SID
Constructor Detail

MicrosoftActiveDirectory

public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater,
                                com.atlassian.event.api.EventPublisher eventPublisher,
                                InstanceFactory instanceFactory,
                                PasswordHelper passwordHelper)
Parameters:
passwordHelper - password helper, which must not be null
Method Detail

getStaticDirectoryType

public static String getStaticDirectoryType()

getDescriptiveName

public String getDescriptiveName()

removeGroup

public void removeGroup(String name)
                 throws GroupNotFoundException,
                        OperationFailedException
Specified by:
removeGroup in interface RemoteDirectory
Overrides:
removeGroup in class SpringLDAPConnector
Throws:
GroupNotFoundException
OperationFailedException

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException
Specified by:
isUserDirectGroupMember in interface RemoteDirectory
Overrides:
isUserDirectGroupMember in class RFC4519Directory
Throws:
OperationFailedException

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws GroupNotFoundException,
                           OperationFailedException,
                           UserNotFoundException,
                           MembershipAlreadyExistsException
Specified by:
addUserToGroup in interface RemoteDirectory
Overrides:
addUserToGroup in class RFC4519Directory
Throws:
GroupNotFoundException
OperationFailedException
UserNotFoundException
MembershipAlreadyExistsException

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws UserNotFoundException,
                                GroupNotFoundException,
                                MembershipNotFoundException,
                                OperationFailedException
Specified by:
removeUserFromGroup in interface RemoteDirectory
Overrides:
removeUserFromGroup in class RFC4519Directory
Throws:
UserNotFoundException
GroupNotFoundException
MembershipNotFoundException
OperationFailedException

findGroupMemberships

protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
                                                                throws OperationFailedException
Overrides:
findGroupMemberships in class RFC4519Directory
Throws:
OperationFailedException

findGroupMembershipNames

protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
                                             throws OperationFailedException
Overrides:
findGroupMembershipNames in class RFC4519Directory
Throws:
OperationFailedException

findUserMembersOfGroupViaMemberDN

protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName,
                                                                         GroupType groupType,
                                                                         int startIndex,
                                                                         int maxResults)
                                                                  throws OperationFailedException
Overrides:
findUserMembersOfGroupViaMemberDN in class RFC4519Directory
Throws:
OperationFailedException

findUserMembersOfGroupViaMemberOf

protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName,
                                                                             GroupType groupType,
                                                                             int startIndex,
                                                                             int maxResults)
                                                                      throws OperationFailedException
Overrides:
findUserMembersOfGroupViaMemberOf in class RFC4519Directory
Throws:
OperationFailedException

findDirectMembersOfGroup

public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
                                            throws OperationFailedException
Description copied from class: RFC4519Directory
This method is not part of RemoteDirectory's contract. It is introduced by RFC4519Directory to support RFC4519DirectoryMembershipsIterable.

Overrides:
findDirectMembersOfGroup in class RFC4519Directory
Parameters:
groupDn - LDAP name of a group
Returns:
the LDAP names of the direct members (users and groups) of the given group
Throws:
OperationFailedException - if the operation fails for any reason

getInitialGroupMemberDN

protected String getInitialGroupMemberDN()
AD does not need a default container member.

Overrides:
getInitialGroupMemberDN in class SpringLDAPConnector
Returns:
null.

encodePassword

protected byte[] encodePassword(PasswordCredential passwordCredential)
                         throws InvalidCredentialException
Converts the clear-text password to the {AD_PASSWORD_ENCODED encoding - currently UTF-16LE

Specified by:
encodePassword in class SpringLDAPConnector
Parameters:
passwordCredential - The password credential to be encoded, guaranteed to be non-null. If the subclass supports encrypting the given passwordCredential, it should NOT do so if PasswordCredential.isEncryptedCredential() returns true (although it may still encode the credential to the format required by the directory). The value of PasswordCredential.getCredential() is also guaranteed to be non-null.
Returns:
byte array containing password in UTF-16LE encoding.
Throws:
InvalidCredentialException - if PasswordCredential.isEncryptedCredential() returns true for the given passwordCredential or if the encoding does not exist on this system.

getNewUserDirectorySpecificAttributes

protected void getNewUserDirectorySpecificAttributes(User user,
                                                     Attributes attributes)
Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name you use to log on to Windows), and the account disabled flag.

Overrides:
getNewUserDirectorySpecificAttributes in class SpringLDAPConnector
Parameters:
user -
attributes -

getNewGroupDirectorySpecificAttributes

protected void getNewGroupDirectorySpecificAttributes(Group group,
                                                      Attributes attributes)
If we want to be able to nest groups, we need to create distribution groups rather than security groups. To do this we need to set groupType to 2.

Overrides:
getNewGroupDirectorySpecificAttributes in class SpringLDAPConnector
Parameters:
group -
attributes -

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers()
Overrides:
getCustomUserAttributeMappers in class RFC4519Directory
Returns:
a collection of custom attribute mappers. By default just return an empty list.

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()
Description copied from class: SpringLDAPConnector
As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:
getCustomGroupAttributeMappers in class RFC4519Directory
Returns:
collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()
Overrides:
getMemberDnMappers in class RFC4519Directory

postprocessGroups

protected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups)
                                                   throws OperationFailedException
Description copied from class: SpringLDAPConnector
Perform any post-processing on groups.

Overrides:
postprocessGroups in class SpringLDAPConnector
Parameters:
groups - to post-process
Returns:
list of groups that have been processed if required
Throws:
OperationFailedException - if processing encounters a problem with the underlying directory

getBaseEnvironmentProperties

protected Map<String,String> getBaseEnvironmentProperties()
Description copied from class: SpringLDAPConnector
Returns the properties used to set up the Ldap ContextSource.

Overrides:
getBaseEnvironmentProperties in class SpringLDAPConnector
Returns:
the properties used to set up the Ldap ContextSource.

fetchHighestCommittedUSN

public long fetchHighestCommittedUSN()
                              throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedUsersSince

public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange)
                                                          throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedGroupsSince

public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged)
                                                            throws OperationFailedException
Throws:
OperationFailedException

findUserTombstonesSince

public List<Tombstone> findUserTombstonesSince(long usnChange)
                                        throws OperationFailedException
Throws:
OperationFailedException

findGroupTombstonesSince

public List<Tombstone> findGroupTombstonesSince(long usnChange)
                                         throws OperationFailedException
Throws:
OperationFailedException

findAddedOrUpdatedObjectsSince

protected <T> List<T> findAddedOrUpdatedObjectsSince(long usnChange,
                                                     Name objectBaseDN,
                                                     String objectFilter,
                                                     ContextMapperWithRequiredAttributes<T> contextMapper)
                                          throws OperationFailedException
Throws:
OperationFailedException

findTombstonesSince

protected List<Tombstone> findTombstonesSince(long usnChange,
                                              Name objectBaseDN,
                                              String objectClass)
                                       throws OperationFailedException
Throws:
OperationFailedException

getUserContextMapper

public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper()
Description copied from class: SpringLDAPConnector
Returns a ContextMapper that can transform a Context into a User.

Overrides:
getUserContextMapper in class SpringLDAPConnector
Returns:
a ContextMapper that can transform a Context into a User.

getUserModificationItems

protected List<ModificationItem> getUserModificationItems(User userTemplate,
                                                          LDAPUserWithAttributes currentUser)
Overrides:
getUserModificationItems in class SpringLDAPConnector

supportsInactiveAccounts

public boolean supportsInactiveAccounts()
This connector supports inactive accounts while, in general, LDAP connector do not.

Specified by:
supportsInactiveAccounts in interface RemoteDirectory
Overrides:
supportsInactiveAccounts in class SpringLDAPConnector
Returns:
true
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2014 Atlassian. All Rights Reserved.