public class MicrosoftActiveDirectory extends RFC4519Directory
| Modifier and Type | Field and Description |
|---|---|
static String |
AD_DS_SERVICE_NAME |
static String |
AD_INVOCATION_ID |
static PropertyImpl<String> |
OBJECT_SID |
static int |
UF_ACCOUNTDISABLE |
DN_MAPPERattributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN| Constructor and Description |
|---|
MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater,
com.atlassian.event.api.EventPublisher eventPublisher,
InstanceFactory instanceFactory,
PasswordHelper passwordHelper,
LdapContextSourceProvider ldapContextSourceProvider) |
| Modifier and Type | Method and Description |
|---|---|
void |
addUserToGroup(String username,
String groupName) |
protected ContextMapperWithRequiredAttributes<AvatarReference.BlobAvatar> |
avatarMapper()
Return a
JpegPhotoContextMapper; assume for now that all avatars are stored as
JPEG files. |
long |
fetchHighestCommittedUSN() |
String |
fetchInvocationId() |
List<LDAPGroupWithAttributes> |
findAddedOrUpdatedGroupsSince(long usnChanged) |
protected <T> List<T> |
findAddedOrUpdatedObjectsSince(long usnChange,
Name objectBaseDN,
String objectFilter,
ContextMapperWithRequiredAttributes<T> contextMapper) |
List<LDAPUserWithAttributes> |
findAddedOrUpdatedUsersSince(long usnChange) |
protected Iterable<LdapName> |
findAdditionalDirectMembers(LdapName groupDn,
Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier) |
Set<String> |
findAllGroupGuids() |
Set<org.apache.commons.lang3.tuple.Pair<String,String>> |
findAllGroupNamesAndGuids() |
Set<String> |
findAllUserGuids() |
protected Iterable<String> |
findGroupMembershipNames(MembershipQuery<String> query) |
protected List<? extends LDAPGroupWithAttributes> |
findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) |
protected List<Tombstone> |
findTombstonesSince(long usnChange,
Name objectBaseDN,
String objectClass) |
protected List<LDAPUserWithAttributes> |
findUserMembersOfGroupViaMemberDN(String groupName,
GroupType groupType,
int startIndex,
int maxResults) |
protected Iterable<LDAPUserWithAttributes> |
findUserMembersOfGroupViaMemberOf(String groupName,
GroupType groupType,
int startIndex,
int maxResults) |
List<Tombstone> |
findUserTombstonesSince(long usnChange) |
protected Map<String,Object> |
getBaseEnvironmentProperties()
Returns the properties used to set up the Ldap ContextSource.
|
protected LDAPCredentialEncoder |
getCredentialEncoder() |
protected List<AttributeMapper> |
getCustomGroupAttributeMappers()
As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
|
protected List<AttributeMapper> |
getCustomUserAttributeMappers(UserContextMapperConfig config) |
String |
getDescriptiveName() |
protected String |
getInitialGroupMemberDN()
AD does not need a default container member.
|
protected List<AttributeMapper> |
getMemberDnMappers() |
protected void |
getNewGroupDirectorySpecificAttributes(Group group,
Attributes attributes)
If we want to be able to nest groups, we need to create distribution groups rather than security groups.
|
protected void |
getNewUserDirectorySpecificAttributes(User user,
Attributes attributes)
Active Directory needs a couple of additional attributes set - the sAMAccountName (which is the account name
you use to log on to Windows), and the account disabled flag.
|
Optional<String> |
getPrimaryGroupSIDOfUser(LDAPUserWithAttributes user)
In AD, users have a primaryGroupId attribute that contains the RID (relative identifier) of their primary
group.
|
protected List<AttributeMapper> |
getRequiredCustomGroupAttributeMappers()
Returns a set of attributes which are expected to be present in all cases (ie Active Directory's objectGUID)
Due to performance reasons returning mappers for heavy attributes (such as memberships) should be avoided
|
static String |
getStaticDirectoryType() |
ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> |
getUserContextMapper(UserContextMapperConfig config)
Returns a ContextMapper that can transform a Context into a User.
|
protected List<ModificationItem> |
getUserModificationItems(User userTemplate,
LDAPUserWithAttributes currentUser) |
boolean |
isGroupExternalIdConfigured()
Checks if the 'Group Unique ID Attribute' is set.
|
boolean |
isUserDirectGroupMember(String username,
String groupName) |
boolean |
isUsersExternalIdConfigured()
Checks if the 'User Unique ID Attribute' is set.
|
protected List<LDAPGroupWithAttributes> |
postprocessGroups(List<LDAPGroupWithAttributes> groups)
Perform any post-processing on groups.
|
void |
removeGroup(String name) |
void |
removeUserFromGroup(String username,
String groupName) |
Collection<LDAPGroupWithAttributes> |
searchGroupsBySids(Set<String> groupSids) |
protected void |
setLdapPropertiesMapperAttributes(Map<String,String> attributes) |
boolean |
supportsInactiveAccounts()
This connector supports inactive accounts while, in general, LDAP connector do not.
|
addDnToGroup, addGroupToGroup, findDirectMembersOfGroup, findDirectMembersOfGroup, findGroupMembershipsOfUserViaMemberOf, getMemberships, isDirectGroupMemberOf, isDnDirectGroupMember, isGroupDirectGroupMember, prepareOrFilterForGroupProperty, removeDnFromGroup, removeGroupFromGroup, searchGroupRelationshipsWithGroupTypeSpecified, searchGroupsByAttribute, searchGroupsByDns, toGenericIterableaddDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, countDirectMembersOfGroup, createModificationItem, expireAllPasswords, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getContextSource, getDirectoryId, getGroupContextMapper, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewUserAttributes, getSearchControls, getSearchDN, getUserAvatarByName, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsNestedGroups, supportsPasswordExpiration, supportsSettingEncryptedCredential, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredentialclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetLocallyFilteredGroupNames, updateUserFromRemoteDirectory, userAuthenticatedpublic static final int UF_ACCOUNTDISABLE
public static final PropertyImpl<String> OBJECT_SID
public static final String AD_DS_SERVICE_NAME
public static final String AD_INVOCATION_ID
public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper, LdapContextSourceProvider ldapContextSourceProvider)
passwordHelper - password helper, which must not be nullpublic static String getStaticDirectoryType()
public String getDescriptiveName()
public void removeGroup(String name) throws GroupNotFoundException, OperationFailedException
removeGroup in interface RemoteDirectoryremoveGroup in class SpringLDAPConnectorGroupNotFoundExceptionOperationFailedExceptionpublic boolean isUserDirectGroupMember(String username, String groupName) throws OperationFailedException
isUserDirectGroupMember in interface RemoteDirectoryisUserDirectGroupMember in class RFC4519DirectoryOperationFailedExceptionpublic void addUserToGroup(String username, String groupName) throws GroupNotFoundException, OperationFailedException, UserNotFoundException, MembershipAlreadyExistsException
addUserToGroup in interface RemoteDirectoryaddUserToGroup in class RFC4519DirectoryGroupNotFoundExceptionOperationFailedExceptionUserNotFoundExceptionMembershipAlreadyExistsExceptionpublic void removeUserFromGroup(String username, String groupName) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException
removeUserFromGroup in interface RemoteDirectoryremoveUserFromGroup in class RFC4519DirectoryUserNotFoundExceptionGroupNotFoundExceptionMembershipNotFoundExceptionOperationFailedExceptionpublic Collection<LDAPGroupWithAttributes> searchGroupsBySids(Set<String> groupSids) throws OperationFailedException
OperationFailedExceptionprotected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query) throws OperationFailedException
findGroupMemberships in class RFC4519DirectoryOperationFailedExceptionprotected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query) throws OperationFailedException
findGroupMembershipNames in class RFC4519DirectoryOperationFailedExceptionprotected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException
findUserMembersOfGroupViaMemberDN in class RFC4519DirectoryOperationFailedExceptionprotected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults) throws OperationFailedException
findUserMembersOfGroupViaMemberOf in class RFC4519DirectoryOperationFailedExceptionprotected Iterable<LdapName> findAdditionalDirectMembers(LdapName groupDn, Supplier<Optional<LDAPGroupWithAttributes>> groupSupplier) throws OperationFailedException
findAdditionalDirectMembers in class RFC4519DirectoryOperationFailedExceptionpublic Optional<String> getPrimaryGroupSIDOfUser(LDAPUserWithAttributes user)
user - the use whose primary group's SID will be resolvedprotected String getInitialGroupMemberDN()
getInitialGroupMemberDN in class SpringLDAPConnectornull.protected LDAPCredentialEncoder getCredentialEncoder()
getCredentialEncoder in class SpringLDAPConnectorprotected void getNewUserDirectorySpecificAttributes(User user, Attributes attributes)
getNewUserDirectorySpecificAttributes in class SpringLDAPConnectoruser - (potential) source of information that needs to be added.attributes - attributes to add directory-specific information to.protected void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes)
getNewGroupDirectorySpecificAttributes in class SpringLDAPConnectorgroup - (potential) source of information that needs to be added.attributes - attributes to add directory-specific information to.protected List<AttributeMapper> getCustomUserAttributeMappers(UserContextMapperConfig config)
getCustomUserAttributeMappers in class RFC4519Directoryprotected List<AttributeMapper> getCustomGroupAttributeMappers()
SpringLDAPConnectorgetCustomGroupAttributeMappers in class RFC4519Directoryprotected List<AttributeMapper> getRequiredCustomGroupAttributeMappers()
SpringLDAPConnectorgetRequiredCustomGroupAttributeMappers in class SpringLDAPConnectorprotected List<AttributeMapper> getMemberDnMappers()
getMemberDnMappers in class RFC4519Directoryprotected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> groups) throws OperationFailedException
SpringLDAPConnectorpostprocessGroups in class SpringLDAPConnectorgroups - to post-processOperationFailedException - if processing encounters a problem with the underlying directoryprotected Map<String,Object> getBaseEnvironmentProperties()
SpringLDAPConnectorgetBaseEnvironmentProperties in class SpringLDAPConnectorpublic String fetchInvocationId() throws OperationFailedException
OperationFailedExceptionpublic long fetchHighestCommittedUSN()
throws OperationFailedException
OperationFailedExceptionpublic List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long usnChange) throws OperationFailedException
OperationFailedExceptionpublic List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long usnChanged) throws OperationFailedException
OperationFailedExceptionpublic List<Tombstone> findUserTombstonesSince(long usnChange) throws OperationFailedException
OperationFailedExceptionpublic Set<String> findAllUserGuids() throws OperationFailedException
OperationFailedExceptionpublic Set<String> findAllGroupGuids() throws OperationFailedException
OperationFailedExceptionpublic Set<org.apache.commons.lang3.tuple.Pair<String,String>> findAllGroupNamesAndGuids() throws OperationFailedException
OperationFailedExceptionprotected <T> List<T> findAddedOrUpdatedObjectsSince(long usnChange, Name objectBaseDN, String objectFilter, ContextMapperWithRequiredAttributes<T> contextMapper) throws OperationFailedException
OperationFailedExceptionprotected List<Tombstone> findTombstonesSince(long usnChange, Name objectBaseDN, String objectClass) throws OperationFailedException
OperationFailedExceptionpublic ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper(UserContextMapperConfig config)
SpringLDAPConnectorconfig - determines which additional attribute mappers should be included. Some directories
may include additional attributes, which are expected to be present in all casespublic boolean isUsersExternalIdConfigured()
true if the property value is a non empty stringpublic boolean isGroupExternalIdConfigured()
true if the property value is a non empty stringprotected List<ModificationItem> getUserModificationItems(User userTemplate, LDAPUserWithAttributes currentUser)
getUserModificationItems in class SpringLDAPConnectorpublic boolean supportsInactiveAccounts()
supportsInactiveAccounts in interface RemoteDirectorysupportsInactiveAccounts in class SpringLDAPConnectortrueprotected ContextMapperWithRequiredAttributes<AvatarReference.BlobAvatar> avatarMapper()
JpegPhotoContextMapper; assume for now that all avatars are stored as
JPEG files.avatarMapper in class SpringLDAPConnectorprotected void setLdapPropertiesMapperAttributes(Map<String,String> attributes)
setLdapPropertiesMapperAttributes in class SpringLDAPConnectorCopyright © 2023 Atlassian. All rights reserved.