RFC4519Directory (Atlassian Crowd LDAP Implementation 5.0.7 API)

java.lang.Object
- com.atlassian.crowd.directory.SpringLDAPConnector
- - com.atlassian.crowd.directory.RFC4519Directory

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

Direct Known Subclasses:

ApacheDS, MicrosoftActiveDirectory, NovelleDirectory, OpenLDAP, SunONE
```
public abstract class RFC4519Directory
extends SpringLDAPConnector
```
Read-write, nesting-aware implementation of RFC4519 user-group membership interactions.
A user is a member of a group if either:
- the DN of user is present in the collection of member attribute values of the group
- the user has a memberOf attribute which contains the DN of the group (must be enabled via LDAPPropertiesMapper)
See Also:

RFC2307GidNumberMapper, RFC2307MemberUidMapper

Field Summary

Fields
Modifier and Type Field and Description

static ContextMapperWithRequiredAttributes<LdapName> DN_MAPPER
- Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
  attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN

Fields
Modifier and Type	Field and Description
`static ContextMapperWithRequiredAttributes<LdapName>`	`DN_MAPPER`

Constructor Summary

Constructors
Constructor and Description
`RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory, LdapContextSourceProvider ldapContextSourceProvider)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`addDnToGroup(String dn, LDAPGroupWithAttributes group)`
`void`	`addGroupToGroup(String childGroup, String parentGroup)`
`void`	`addUserToGroup(String username, String groupName)`
`protected Iterable<LdapName>`	`findAdditionalDirectMembers(LdapName groupDn, Supplier<Optional<LDAPGroupWithAttributes>> group)`
`Iterable<LdapName>`	`findDirectMembersOfGroup(LdapName groupDn)` This method is not part of `RemoteDirectory`'s contract.
`Iterable<LdapName>`	`findDirectMembersOfGroup(LdapName groupDn, ContextMapperWithRequiredAttributes<LdapName> dnMapper)` This method is not part of `RemoteDirectory`'s contract.
`protected Iterable<String>`	`findGroupMembershipNames(MembershipQuery<String> query)`
`protected List<? extends LDAPGroupWithAttributes>`	`findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)`
`protected <T> List<T>`	`findGroupMembershipsOfUserViaMemberOf(String username, int startIndex, int maxResults, com.atlassian.crowd.directory.RFC4519Directory.LookupByDn<T> mapper)`
`protected List<LDAPUserWithAttributes>`	`findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults)`
`protected Iterable<LDAPUserWithAttributes>`	`findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults)`
`protected List<AttributeMapper>`	`getCustomGroupAttributeMappers()` As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
`protected List<AttributeMapper>`	`getCustomUserAttributeMappers(UserContextMapperConfig config)`
`protected List<AttributeMapper>`	`getMemberDnMappers()`
`Iterable<Membership>`	`getMemberships()`
`protected boolean`	`isDirectGroupMemberOf(LDAPUserWithAttributes user, String groupDN)`
`protected boolean`	`isDnDirectGroupMember(String memberDN, LDAPGroupWithAttributes parentGroup)`
`boolean`	`isGroupDirectGroupMember(String childGroup, String parentGroup)`
`boolean`	`isUserDirectGroupMember(String username, String groupName)`
`protected org.springframework.ldap.filter.AndFilter`	`prepareOrFilterForGroupProperty(String propertyName, List<String> propertyValues)`
`protected void`	`removeDnFromGroup(String dn, LDAPGroupWithAttributes group)`
`void`	`removeGroupFromGroup(String childGroup, String parentGroup)`
`void`	`removeUserFromGroup(String username, String groupName)`
`protected <T> Iterable<T>`	`searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)` Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).
`protected Collection<LDAPGroupWithAttributes>`	`searchGroupsByAttribute(Set<String> propertyValues, Function<List<String>,org.springframework.ldap.filter.Filter> filterFunction)`
`Collection<LDAPGroupWithAttributes>`	`searchGroupsByDns(Set<String> groupsDn)`
`protected static <T> Iterable<T>`	`toGenericIterable(Iterable list)` Converts an Iterable to a generic Iterable.

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector
addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, avatarMapper, countDirectMembersOfGroup, createModificationItem, expireAllPasswords, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getBaseEnvironmentProperties, getContextSource, getCredentialEncoder, getDirectoryId, getGroupContextMapper, getInitialGroupMemberDN, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewGroupDirectorySpecificAttributes, getNewUserAttributes, getNewUserDirectorySpecificAttributes, getRequiredCustomGroupAttributeMappers, getSearchControls, getSearchDN, getUserAvatarByName, getUserModificationItems, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, postprocessGroups, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, setLdapPropertiesMapperAttributes, storeGroupAttributes, storeUserAttributes, supportsInactiveAccounts, supportsNestedGroups, supportsPasswordExpiration, supportsSettingEncryptedCredential, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory
getDescriptiveName, getLocallyFilteredGroupNames, updateUserFromRemoteDirectory, userAuthenticated

Field Detail

DN_MAPPER

public static final ContextMapperWithRequiredAttributes<LdapName> DN_MAPPER

Constructor Detail

RFC4519Directory

public RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater,
                        com.atlassian.event.api.EventPublisher eventPublisher,
                        InstanceFactory instanceFactory,
                        LdapContextSourceProvider ldapContextSourceProvider)

Method Detail

getCustomGroupAttributeMappers
```
protected List<AttributeMapper> getCustomGroupAttributeMappers()
```
Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class SpringLDAPConnector

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()

getCustomUserAttributeMappers
```
protected List<AttributeMapper> getCustomUserAttributeMappers(UserContextMapperConfig config)
```
Overrides:

getCustomUserAttributeMappers in class SpringLDAPConnector

Returns:

a collection of custom attribute mappers. By default just return an empty list.

searchGroupsByDns

public Collection<LDAPGroupWithAttributes> searchGroupsByDns(Set<String> groupsDn)
                                                      throws OperationFailedException

Throws:: OperationFailedException

searchGroupsByAttribute

protected Collection<LDAPGroupWithAttributes> searchGroupsByAttribute(Set<String> propertyValues,
                                                                      Function<List<String>,org.springframework.ldap.filter.Filter> filterFunction)
                                                               throws OperationFailedException

Throws:: OperationFailedException

prepareOrFilterForGroupProperty

protected org.springframework.ldap.filter.AndFilter prepareOrFilterForGroupProperty(String propertyName,
                                                                                    List<String> propertyValues)

isDnDirectGroupMember

protected boolean isDnDirectGroupMember(String memberDN,
                                        LDAPGroupWithAttributes parentGroup)

isDirectGroupMemberOf

protected boolean isDirectGroupMemberOf(LDAPUserWithAttributes user,
                                        String groupDN)

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException

Throws:: OperationFailedException

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(String childGroup,
                                        String parentGroup)
                                 throws OperationFailedException

Throws:: OperationFailedException

addDnToGroup

protected void addDnToGroup(String dn,
                            LDAPGroupWithAttributes group)
                     throws OperationFailedException

Throws:: OperationFailedException

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws GroupNotFoundException,
                           OperationFailedException,
                           UserNotFoundException,
                           MembershipAlreadyExistsException

Throws:: GroupNotFoundException; OperationFailedException; UserNotFoundException; MembershipAlreadyExistsException

addGroupToGroup

public void addGroupToGroup(String childGroup,
                            String parentGroup)
                     throws GroupNotFoundException,
                            InvalidMembershipException,
                            OperationFailedException,
                            MembershipAlreadyExistsException

Throws:: GroupNotFoundException; InvalidMembershipException; OperationFailedException; MembershipAlreadyExistsException

removeDnFromGroup

protected void removeDnFromGroup(String dn,
                                 LDAPGroupWithAttributes group)
                          throws OperationFailedException

Throws:: OperationFailedException

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws UserNotFoundException,
                                GroupNotFoundException,
                                MembershipNotFoundException,
                                OperationFailedException

Throws:: UserNotFoundException; GroupNotFoundException; MembershipNotFoundException; OperationFailedException

removeGroupFromGroup

public void removeGroupFromGroup(String childGroup,
                                 String parentGroup)
                          throws GroupNotFoundException,
                                 MembershipNotFoundException,
                                 InvalidMembershipException,
                                 OperationFailedException

Throws:: GroupNotFoundException; MembershipNotFoundException; InvalidMembershipException; OperationFailedException

getMemberships

public Iterable<Membership> getMemberships()
                                    throws OperationFailedException

Throws:: OperationFailedException

searchGroupRelationshipsWithGroupTypeSpecified
```
protected <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)
                                                                  throws OperationFailedException
```
Description copied from class: SpringLDAPConnector

Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Specified by:

searchGroupRelationshipsWithGroupTypeSpecified in class SpringLDAPConnector

Parameters:

query - membership query with all GroupType's not null.

Returns:

list of members or memberships depending on the query.

Throws:

OperationFailedException - if the operation failed due to a communication error with the remote directory, or if the query is invalid

findGroupMemberships

protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
                                                                throws OperationFailedException

Throws:: OperationFailedException

findGroupMembershipNames

protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
                                             throws OperationFailedException

Throws:: OperationFailedException

findGroupMembershipsOfUserViaMemberOf

protected <T> List<T> findGroupMembershipsOfUserViaMemberOf(String username,
                                                            int startIndex,
                                                            int maxResults,
                                                            com.atlassian.crowd.directory.RFC4519Directory.LookupByDn<T> mapper)
                                                     throws OperationFailedException

Throws:: OperationFailedException

findUserMembersOfGroupViaMemberDN

protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName,
                                                                         GroupType groupType,
                                                                         int startIndex,
                                                                         int maxResults)
                                                                  throws OperationFailedException

Throws:: OperationFailedException

findUserMembersOfGroupViaMemberOf

protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName,
                                                                             GroupType groupType,
                                                                             int startIndex,
                                                                             int maxResults)
                                                                      throws OperationFailedException

Throws:: OperationFailedException

toGenericIterable

protected static <T> Iterable<T> toGenericIterable(Iterable list)

Converts an Iterable to a generic Iterable.

findDirectMembersOfGroup
```
public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
                                            throws OperationFailedException
```
This method is not part of RemoteDirectory's contract. It is introduced by RFC4519Directory to support RFC4519DirectoryMembershipsIterable. Children of this class can add additional groups by overriding findAdditionalDirectMembers(LdapName, Supplier)

Parameters:

groupDn - LDAP name of a group

Returns:

the LDAP names of the direct members (users and groups) of the given group

Throws:

OperationFailedException - if the operation fails for any reason

findDirectMembersOfGroup
```
public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn,
                                                   ContextMapperWithRequiredAttributes<LdapName> dnMapper)
                                            throws OperationFailedException
```
This method is not part of RemoteDirectory's contract. It is introduced by RFC4519Directory to support RFC4519DirectoryMembershipsIterable. Children of this class can add additional groups by overriding findAdditionalDirectMembers(LdapName, Supplier)

Parameters:

groupDn - LDAP name of a group

dnMapper - mapper that converts the LDAP search result into an LdapName

Returns:

the LDAP names of the direct members (users and groups) of the given group

Throws:

OperationFailedException - if the operation fails for any reason

findAdditionalDirectMembers

protected Iterable<LdapName> findAdditionalDirectMembers(LdapName groupDn,
                                                         @Nullable
                                                         Supplier<Optional<LDAPGroupWithAttributes>> group)
                                                  throws OperationFailedException

Throws:: OperationFailedException

Class RFC4519Directory

Field Summary

Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

Constructor Summary

Method Summary

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

Methods inherited from class java.lang.Object

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

Field Detail

DN_MAPPER

Constructor Detail

RFC4519Directory

Method Detail

getCustomGroupAttributeMappers

getMemberDnMappers

getCustomUserAttributeMappers

searchGroupsByDns

searchGroupsByAttribute

prepareOrFilterForGroupProperty

isDnDirectGroupMember

isDirectGroupMemberOf

isUserDirectGroupMember

isGroupDirectGroupMember

addDnToGroup

addUserToGroup

addGroupToGroup

removeDnFromGroup

removeUserFromGroup

removeGroupFromGroup

getMemberships

searchGroupRelationshipsWithGroupTypeSpecified

findGroupMemberships

findGroupMembershipNames

findGroupMembershipsOfUserViaMemberOf

findUserMembersOfGroupViaMemberDN

findUserMembersOfGroupViaMemberOf

toGenericIterable

findDirectMembersOfGroup

findDirectMembersOfGroup

findAdditionalDirectMembers