You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
361 lines
12 KiB
Java
361 lines
12 KiB
Java
package org.gcube.portal.ldapexport;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
import java.util.Properties;
|
|
import java.util.Random;
|
|
|
|
import javax.naming.Context;
|
|
import javax.naming.NamingEnumeration;
|
|
import javax.naming.NamingException;
|
|
import javax.naming.directory.Attribute;
|
|
import javax.naming.directory.Attributes;
|
|
import javax.naming.directory.BasicAttribute;
|
|
import javax.naming.directory.BasicAttributes;
|
|
import javax.naming.directory.DirContext;
|
|
import javax.naming.directory.InitialDirContext;
|
|
import javax.naming.directory.SearchControls;
|
|
import javax.naming.directory.SearchResult;
|
|
|
|
import org.gcube.common.portal.PortalContext;
|
|
import org.gcube.portal.custom.communitymanager.OrganizationsUtil;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
import com.liferay.portal.kernel.cache.CacheRegistryUtil;
|
|
import com.liferay.portal.kernel.exception.PortalException;
|
|
import com.liferay.portal.kernel.exception.SystemException;
|
|
import com.liferay.portal.model.Organization;
|
|
import com.liferay.portal.model.User;
|
|
import com.liferay.portal.service.OrganizationLocalServiceUtil;
|
|
import com.liferay.portal.service.UserLocalServiceUtil;
|
|
|
|
public class LDAPSync implements Runnable {
|
|
private static final Logger _log = LoggerFactory.getLogger(LDAPSync.class);
|
|
|
|
private static final String LDAP_ORG_FILTER = "(objectClass=organizationalUnit)";
|
|
private static final String LDAP_GROUP_FILTER = "(objectClass=posixGroup)";
|
|
|
|
private String ldapUrl;
|
|
private String filter;
|
|
private String principal;
|
|
private String pwd;
|
|
|
|
|
|
public LDAPSync(String ldapUrl, String filter, String principal, String pwd) {
|
|
this.ldapUrl = ldapUrl;
|
|
this.filter = filter;
|
|
this.principal = principal;
|
|
this.pwd = pwd;
|
|
_log.info("Starting LDAPSync over " + ldapUrl);
|
|
}
|
|
|
|
/**
|
|
*
|
|
* @return the Liferay mapped as Root Organization
|
|
*/
|
|
private Organization getRootVO() {
|
|
String rootVoName = PortalContext.getConfiguration().getInfrastructureName();
|
|
_log.debug("Root organization name found: " + rootVoName);
|
|
|
|
//start of iteration of the actual groups
|
|
List<Organization> organizations;
|
|
try {
|
|
organizations = OrganizationLocalServiceUtil.getOrganizations(0, OrganizationLocalServiceUtil.getOrganizationsCount());
|
|
for (Organization organization : organizations) {
|
|
if (organization.getName().equals(rootVoName)) {
|
|
return organization;
|
|
}
|
|
}
|
|
}
|
|
catch (SystemException e) {
|
|
_log.error("There were problems retrieving root organization", e);
|
|
}
|
|
_log.error("Could not find any root organization");
|
|
return null;
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
public void run() {
|
|
_log.debug("Reading Portal Users ...");
|
|
List<User> users = null;
|
|
try {
|
|
users = getAllLiferayUsers();
|
|
_log.debug("\n***Read " + users.size() + " from LR DB\n");
|
|
} catch (Exception e1) {
|
|
e1.printStackTrace();
|
|
}
|
|
_log.debug("Reading Portal Organizations ...");
|
|
Organization rootVO = getRootVO();
|
|
|
|
_log.debug("Initializing LDAP exporter ...");
|
|
|
|
Properties env = new Properties();
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
|
|
env.put(Context.PROVIDER_URL, ldapUrl);
|
|
env.put(Context.SECURITY_PRINCIPAL, principal);
|
|
env.put(Context.SECURITY_CREDENTIALS, pwd);
|
|
|
|
try {
|
|
DirContext ctx = new InitialDirContext(env);
|
|
_log.debug("Initiating LDAP Sync ...");
|
|
//update the whole list of users (uid="+username+",ou=People,o=Liferay,ou=Organizations,dc=d4science,dc=org")
|
|
exportSingleUsers(ctx, env, users);
|
|
|
|
//crate or update the whole list of organizations (objectClass=organizationalUnit, ou="+orgName+",dc=d4science,dc=org) and groups ( objectClass=top and POSIXGroup)
|
|
updateGroups(ctx, rootVO);
|
|
|
|
} catch (NamingException e) {
|
|
_log.error("Something went Wrong during LDAP Sync in Exporting to LDAP");
|
|
e.printStackTrace();
|
|
} catch (SystemException es) {
|
|
_log.error("Something went Wrong during LDAP Sync in retrieving Liferay Organization");
|
|
es.printStackTrace();
|
|
}
|
|
}
|
|
|
|
private void updateGroups(DirContext ctx, Organization root) throws NamingException, SystemException {
|
|
String subCtx = getOrgSubContext(root.getName());
|
|
if (!checkIfLDAPOrganizationalUnitExists(ctx, subCtx))
|
|
createOrganizationalUnit(ctx, subCtx);
|
|
for (Organization org : root.getSuborganizations()) {
|
|
String orgSubCtx = "ou="+org.getName()+","+subCtx;
|
|
if (!checkIfLDAPOrganizationalUnitExists(ctx, orgSubCtx))
|
|
createOrganizationalUnit(ctx, orgSubCtx);
|
|
for (Organization vre : org.getSuborganizations()) {
|
|
String vreSubCtx = "cn="+vre.getName()+","+orgSubCtx;
|
|
if (!checkIfLDAPGroupExists(ctx, vreSubCtx))
|
|
createGroupVRE(ctx, vreSubCtx, vre.getName());
|
|
//update the list of users in such VRE
|
|
updateUsersInGroup(ctx, vreSubCtx, vre);
|
|
}
|
|
}
|
|
}
|
|
|
|
private void updateUsersInGroup(DirContext ctx, String vreSubCtx, Organization vre) throws NamingException, SystemException {
|
|
List<User> users = UserLocalServiceUtil.getOrganizationUsers(vre.getOrganizationId());
|
|
for (User userObj : users) {
|
|
String user = userObj.getScreenName();
|
|
try {
|
|
Attribute memberUid = new BasicAttribute("memberUid");
|
|
memberUid.add(user);
|
|
Attributes attributes = new BasicAttributes();
|
|
attributes.put(memberUid);
|
|
ctx.modifyAttributes(vreSubCtx, DirContext.ADD_ATTRIBUTE, attributes);
|
|
_log.info("Adding user: " + user);
|
|
}
|
|
catch (javax.naming.directory.AttributeInUseException ex) {
|
|
_log.trace("Not adding already existing user: " + user);
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
private void exportSingleUsers(DirContext ctx, Properties env, List<User> users) throws NamingException {
|
|
for (User user : users) {
|
|
updateUserInLDAP(user.getScreenName(), user.getFirstName(), user.getLastName(), user.getFullName(), user.getEmailAddress(), "{SHA}"+user.getPassword(), ctx, filter);
|
|
//_log.debug("Updated " + user.getScreenName());
|
|
}
|
|
_log.debug("LDAP Users Sync cycle done");
|
|
if (! users.isEmpty())
|
|
_log.info("LDAP Users Sync Completed OK!");
|
|
else
|
|
_log.warn("LDAP Users Sync cycle skipped this time");
|
|
}
|
|
/**
|
|
*
|
|
* @param ctx
|
|
* @param subContext
|
|
* @throws NamingException
|
|
*/
|
|
private void createOrganizationalUnit(DirContext ctx, String subContext) throws NamingException {
|
|
Attributes attributes = new BasicAttributes();
|
|
Attribute objectClass = new BasicAttribute("objectClass");
|
|
objectClass.add("organizationalUnit");
|
|
attributes.put(objectClass);
|
|
|
|
Attribute description = new BasicAttribute("description");
|
|
description.add("Liferay Organization");
|
|
attributes.put(description);
|
|
ctx.createSubcontext(subContext, attributes);
|
|
_log.info("Added " + subContext);
|
|
}
|
|
/**
|
|
*
|
|
* @param ctx
|
|
* @param subContext
|
|
* @param vreName
|
|
* @throws NamingException
|
|
*/
|
|
private void createGroupVRE(DirContext ctx, String subContext, String vreName) throws NamingException {
|
|
Attributes attributes = new BasicAttributes();
|
|
|
|
Attribute objectClass = new BasicAttribute("objectClass");
|
|
objectClass.add("top");
|
|
objectClass.add("posixGroup");
|
|
// objectClass.add("researchProject");
|
|
// objectClass.add("groupOfMembers");
|
|
attributes.put(objectClass);
|
|
|
|
Attribute cn = new BasicAttribute("cn");
|
|
cn.add(vreName);
|
|
attributes.put(cn);
|
|
|
|
Attribute gidNumber = new BasicAttribute("gidNumber");
|
|
gidNumber.add(getRandomPOSIXidentifier(ctx));
|
|
attributes.put(gidNumber);
|
|
|
|
ctx.createSubcontext(subContext, attributes);
|
|
_log.info("Added " + subContext);
|
|
}
|
|
|
|
private String getOrgSubContext(String orgName) {
|
|
return "ou="+orgName+",dc=d4science,dc=org";
|
|
}
|
|
/**
|
|
*
|
|
* @param ctx
|
|
* @param orgSubctx
|
|
* @return true if exists
|
|
*/
|
|
private boolean checkIfLDAPOrganizationalUnitExists(DirContext ctx, String orgSubctx) {
|
|
SearchControls ctls = new SearchControls();
|
|
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
NamingEnumeration<SearchResult> answer;
|
|
try {
|
|
answer = ctx.search(orgSubctx, LDAP_ORG_FILTER, ctls);
|
|
} catch (NamingException e) {
|
|
_log.debug("not found in LDAP (will add it): Organization: " + orgSubctx);
|
|
return false;
|
|
}
|
|
boolean toReturn = answer.hasMoreElements();
|
|
_log.debug("Organization: " + orgSubctx + " exists? " + toReturn);
|
|
return toReturn;
|
|
}
|
|
/**
|
|
*
|
|
* @param ctx
|
|
* @param groupSubctx
|
|
* @return true if exists
|
|
*/
|
|
private boolean checkIfLDAPGroupExists(DirContext ctx, String groupSubctx) {
|
|
SearchControls ctls = new SearchControls();
|
|
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
NamingEnumeration<SearchResult> answer;
|
|
try {
|
|
answer = ctx.search(groupSubctx, LDAP_GROUP_FILTER, ctls);
|
|
} catch (NamingException e) {
|
|
_log.debug("not found in LDAP (will add it): Group: " + groupSubctx);
|
|
return false;
|
|
}
|
|
boolean toReturn = answer.hasMoreElements();
|
|
_log.debug("Group: " + groupSubctx + " exists? " + toReturn);
|
|
return toReturn;
|
|
}
|
|
/**
|
|
*
|
|
* @param username
|
|
* @return the single user subContext
|
|
*/
|
|
private String getSubContext(String username) {
|
|
return "uid="+username+",ou=People,o=Liferay,ou=Organizations,dc=d4science,dc=org";
|
|
}
|
|
/**
|
|
*
|
|
* @param username
|
|
* @param ctx
|
|
* @param filter
|
|
* @return true if exists
|
|
*/
|
|
private boolean checkIfLDAPUserExists(String username, DirContext ctx, String filter) {
|
|
SearchControls ctls = new SearchControls();
|
|
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
NamingEnumeration<SearchResult> answer;
|
|
try {
|
|
answer = ctx.search(getSubContext(username), filter, ctls);
|
|
} catch (NamingException e) {
|
|
_log.info("user: " + username + " not found in LDAP, trying to export it");
|
|
return false;
|
|
}
|
|
return answer.hasMoreElements();
|
|
}
|
|
/**
|
|
*
|
|
* @param username
|
|
* @param name
|
|
* @param lastName
|
|
* @param email
|
|
* @param passwd
|
|
* @param ctx
|
|
* @throws NamingException
|
|
*/
|
|
private void updateUserInLDAP(String username, String name, String lastName, String fullName, String email, String passwd, DirContext ctx, String filter) throws NamingException {
|
|
Attributes attributes=new BasicAttributes();
|
|
Attribute objectClass=new BasicAttribute("objectClass");
|
|
objectClass.add("inetOrgPerson");
|
|
attributes.put(objectClass);
|
|
|
|
//the main ldap server uses 'givenName' for the First name, 'cn' for "first name last name', 'sn' for the last name
|
|
Attribute givenName = new BasicAttribute("givenName");
|
|
Attribute cn = new BasicAttribute("cn");
|
|
Attribute sn = new BasicAttribute("sn");
|
|
Attribute mail = new BasicAttribute("mail");
|
|
Attribute userPassword = new BasicAttribute("userPassword");
|
|
|
|
givenName.add(name);
|
|
cn.add(fullName);
|
|
sn.add(lastName);
|
|
mail.add(email);
|
|
userPassword.add(passwd);
|
|
|
|
attributes.put(givenName);
|
|
attributes.put(cn);
|
|
attributes.put(sn);
|
|
attributes.put(mail);
|
|
attributes.put(userPassword);
|
|
|
|
if (checkIfLDAPUserExists(username, ctx, filter)) {
|
|
//_log.debug("User " + username + " already exists, replacing attributes");
|
|
ctx.modifyAttributes(getSubContext(username), DirContext.REPLACE_ATTRIBUTE, attributes);
|
|
}
|
|
else {
|
|
ctx.createSubcontext(getSubContext(username),attributes);
|
|
_log.debug("New User Found with uid=" + username + " created");
|
|
}
|
|
}
|
|
/**
|
|
*
|
|
* @return the whole list of users
|
|
*/
|
|
private List<User> getAllLiferayUsers() {
|
|
String infraName = PortalContext.getConfiguration().getInfrastructureName();
|
|
_log.info("TRY Reading non chached users belonging to: /" + infraName);
|
|
|
|
List<User> toReturn = new ArrayList<User>();
|
|
Organization rootInfra;
|
|
try {
|
|
CacheRegistryUtil.clear(); //needed to avoid cache use by liferay API
|
|
rootInfra = OrganizationLocalServiceUtil.getOrganization(OrganizationsUtil.getCompany().getCompanyId(), infraName);
|
|
toReturn = UserLocalServiceUtil.getOrganizationUsers(rootInfra.getOrganizationId());
|
|
} catch (PortalException | SystemException e) {
|
|
_log.error("Error during LDAP Sync, could not retrieve users from LR DB: " + e.getMessage());
|
|
}
|
|
return toReturn;
|
|
}
|
|
/**
|
|
*
|
|
* @return an integer between 1000 and 2147483647
|
|
*/
|
|
private String getRandomPOSIXidentifier(DirContext ctx) {
|
|
final int Low = 1000;
|
|
final int High = 2147483647;
|
|
Random r = new Random();
|
|
int toReturn = r.nextInt(High-Low) + Low;
|
|
return toReturn+"";
|
|
}
|
|
}
|