Repository: incubator-ranger Updated Branches: refs/heads/stack 286acf6d2 -> 23f2a09f0
RANGER-212: Ranger should support computing user group memberships by searching for users and groups Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/78cc53a1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/78cc53a1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/78cc53a1 Branch: refs/heads/stack Commit: 78cc53a11a5c987e9c9533f0b421cdb68f4e52b9 Parents: 765266e Author: Dilli Dorai Arumugam <[email protected]> Authored: Tue Jan 6 21:44:21 2015 +0530 Committer: Dilli Dorai Arumugam <[email protected]> Committed: Thu Jan 22 06:47:26 2015 -0800 ---------------------------------------------------------------------- .../process/LdapUserGroupBuilder.java | 280 ++++++++++++++----- .../config/UserGroupSyncConfig.java | 171 +++++++++-- 2 files changed, 367 insertions(+), 84 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/78cc53a1/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index 8c1c760..f2fbf02 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -39,6 +39,7 @@ import javax.naming.ldap.LdapContext; import javax.naming.ldap.PagedResultsControl; import javax.naming.ldap.PagedResultsResponseControl; +import com.sun.jndi.toolkit.dir.SearchFilter; import org.apache.log4j.Logger; import org.apache.ranger.unixusersync.config.UserGroupSyncConfig; import org.apache.ranger.usergroupsync.UserGroupSink; @@ -48,23 +49,49 @@ public class LdapUserGroupBuilder implements UserGroupSource { private static final Logger LOG = Logger.getLogger(LdapUserGroupBuilder.class); - private static final int PAGE_SIZE = 100; + private static final int PAGE_SIZE = 500; private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance(); - - private String userSearchBase; - private String extendedSearchFilter; + + private String ldapUrl; + private String ldapBindDn; + private String ldapBindPassword; + private String ldapAuthenticationMechanism; + + private String searchBase; + + private String userSearchBase; private String userNameAttribute; - + private int userSearchScope; + private String userObjectClass; + private String userSearchFilter; + private String extendedUserSearchFilter; + private SearchControls userSearchControls; + private Set<String> userGroupNameAttributeSet; + + private boolean pagedResultsEnabled = true; + private int pagedResultsSize = 500; + + private boolean groupSearchEnabled = true; + private String groupSearchBase; + private int groupSearchScope; + private String groupObjectClass; + private String groupSearchFilter; + private String extendedGroupSearchFilter; + private String extendedAllGroupsSearchFilter; + private SearchControls groupSearchControls; + private String groupMemberAttributeName; + private String groupNameAttribute; + private LdapContext ldapContext; - private SearchControls searchControls; - + private boolean userNameCaseConversionFlag = false ; private boolean groupNameCaseConversionFlag = false ; private boolean userNameLowerCaseFlag = false ; private boolean groupNameLowerCaseFlag = false ; - + private boolean groupUserMapSyncEnabled = false; + public static void main(String[] args) throws Throwable { LdapUserGroupBuilder ugBuilder = new LdapUserGroupBuilder(); ugBuilder.init(); @@ -102,11 +129,13 @@ public class LdapUserGroupBuilder implements UserGroupSource { private void createLdapContext() throws Throwable { LOG.info("LdapUserGroupBuilder initialization started"); - String ldapUrl = config.getLdapUrl(); - String ldapBindDn = config.getLdapBindDn(); - String ldapBindPassword = config.getLdapBindPassword(); - String ldapAuthenticationMechanism = config.getLdapAuthenticationMechanism(); - + + ldapUrl = config.getLdapUrl(); + ldapBindDn = config.getLdapBindDn(); + ldapBindPassword = config.getLdapBindPassword(); + //ldapBindPassword = "admin-password"; + ldapAuthenticationMechanism = config.getLdapAuthenticationMechanism(); + Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); @@ -118,18 +147,20 @@ public class LdapUserGroupBuilder implements UserGroupSource { env.put(Context.REFERRAL, "follow") ; ldapContext = new InitialLdapContext(env, null); - + + searchBase = config.getSearchBase(); + userSearchBase = config.getUserSearchBase(); - int userSearchScope = config.getUserSearchScope(); - String userObjectClass = config.getUserObjectClass(); - String userSearchFilter = config.getUserSearchFilter(); - extendedSearchFilter = "(objectclass=" + userObjectClass + ")"; + userSearchScope = config.getUserSearchScope(); + userObjectClass = config.getUserObjectClass(); + userSearchFilter = config.getUserSearchFilter(); + extendedUserSearchFilter = "(objectclass=" + userObjectClass + ")"; if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) { String customFilter = userSearchFilter.trim(); if (!customFilter.startsWith("(")) { customFilter = "(" + customFilter + ")"; } - extendedSearchFilter = "(&" + extendedSearchFilter + customFilter + ")"; + extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")"; } userNameAttribute = config.getUserNameAttribute(); @@ -137,31 +168,76 @@ public class LdapUserGroupBuilder implements UserGroupSource { Set<String> userSearchAttributes = new HashSet<String>(); userSearchAttributes.add(userNameAttribute); - Set<String> userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); + userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); for (String useGroupNameAttribute : userGroupNameAttributeSet) { userSearchAttributes.add(useGroupNameAttribute); } - searchControls = new SearchControls(); - searchControls.setSearchScope(userSearchScope); - searchControls.setReturningAttributes(userSearchAttributes.toArray( + userSearchControls = new SearchControls(); + userSearchControls.setSearchScope(userSearchScope); + userSearchControls.setReturningAttributes(userSearchAttributes.toArray( new String[userSearchAttributes.size()])); - + userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); + + pagedResultsEnabled = config.isPagedResultsEnabled(); + pagedResultsSize = config.getPagedResultsSize(); + + groupSearchEnabled = config.isGroupSearchEnabled(); + groupSearchBase = config.getGroupSearchBase(); + groupSearchScope = config.getGroupSearchScope(); + groupObjectClass = config.getGroupObjectClass(); + groupSearchFilter = config.getGroupSearchFilter(); + groupMemberAttributeName = config.getUserGroupMemberAttributeName(); + groupNameAttribute = config.getGroupNameAttribute(); + + extendedGroupSearchFilter = "(objectclass=" + groupObjectClass + ")"; + if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) { + String customFilter = groupSearchFilter.trim(); + if (!customFilter.startsWith("(")) { + customFilter = "(" + customFilter + ")"; + } + extendedGroupSearchFilter = extendedGroupSearchFilter + customFilter; + } + extendedAllGroupsSearchFilter = "(&" + extendedGroupSearchFilter + ")"; + extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(" + groupMemberAttributeName + "={0})" + ")"; + + groupUserMapSyncEnabled = config.isGroupUserMapSyncEnabled(); + + groupSearchControls = new SearchControls(); + groupSearchControls.setSearchScope(groupSearchScope); + String[] groupSearchAttributes = new String[]{groupNameAttribute}; + groupSearchControls.setReturningAttributes(groupSearchAttributes); + if (LOG.isInfoEnabled()) { LOG.info("LdapUserGroupBuilder initialization completed with -- " + "ldapUrl: " + ldapUrl + ", ldapBindDn: " + ldapBindDn + ", ldapBindPassword: ***** " - + ", ldapAuthenticationMechanism: " - + ldapAuthenticationMechanism + ", userSearchBase: " - + userSearchBase + ", userSearchScope: " + userSearchScope + + ", ldapAuthenticationMechanism: " + ldapAuthenticationMechanism + + ", searchBase: " + searchBase + + ", userSearchBase: " + userSearchBase + + ", userSearchScope: " + userSearchScope + ", userObjectClass: " + userObjectClass + ", userSearchFilter: " + userSearchFilter - + ", extendedSearchFilter: " + extendedSearchFilter + + ", extendedUserSearchFilter: " + extendedUserSearchFilter + ", userNameAttribute: " + userNameAttribute - + ", userSearchAttributes: " + userSearchAttributes ); + + ", userSearchAttributes: " + userSearchAttributes + + ", userGroupNameAttributeSet: " + userGroupNameAttributeSet + + ", pagedResultsEnabled: " + pagedResultsEnabled + + ", pagedResultsSize: " + pagedResultsSize + + ", groupSearchEnabled: " + groupSearchEnabled + + ", groupSearchBase: " + groupSearchBase + + ", groupSearchScope: " + groupSearchScope + + ", groupObjectClass: " + groupObjectClass + + ", groupSearchFilter: " + groupSearchFilter + + ", extendedGroupSearchFilter: " + extendedGroupSearchFilter + + ", extendedAllGroupsSearchFilter: " + extendedAllGroupsSearchFilter + + ", groupMemberAttributeName: " + groupMemberAttributeName + + ", groupNameAttribute: " + groupNameAttribute + + ", groupUserMapSyncEnabled: " + groupUserMapSyncEnabled + ); } - + } private void closeLdapContext() throws Throwable { @@ -179,24 +255,26 @@ public class LdapUserGroupBuilder implements UserGroupSource { @Override public void updateSink(UserGroupSink sink) throws Throwable { LOG.info("LDAPUserGroupBuilder updateSink started"); - NamingEnumeration<SearchResult> searchResultEnum = null; + NamingEnumeration<SearchResult> userSearchResultEnum = null; + NamingEnumeration<SearchResult> groupSearchResultEnum = null; try { createLdapContext(); - - // Activate paged results - byte[] cookie = null; - ldapContext.setRequestControls(new Control[]{ - new PagedResultsControl(PAGE_SIZE, Control.NONCRITICAL) }); - int total; - + int total; + // Activate paged results + byte[] cookie = null; + if (pagedResultsEnabled) { + ldapContext.setRequestControls(new Control[]{ + new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) }); + } + int counter = 0; do { - searchResultEnum = ldapContext - .search(userSearchBase, extendedSearchFilter, - searchControls); - while (searchResultEnum.hasMore()) { + userSearchResultEnum = ldapContext + .search(userSearchBase, extendedUserSearchFilter, + userSearchControls); + while (userSearchResultEnum.hasMore()) { // searchResults contains all the user entries - final SearchResult userEntry = searchResultEnum.next(); + final SearchResult userEntry = userSearchResultEnum.next(); String userName = (String) userEntry.getAttributes() .get(userNameAttribute).get(); @@ -209,27 +287,53 @@ public class LdapUserGroupBuilder implements UserGroupSource { userName = userName.toUpperCase() ; } } - - Set<String> groups = new HashSet<String>(); - Set<String> userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); - for (String useGroupNameAttribute : userGroupNameAttributeSet) { - Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute); - if(userGroupfAttribute != null) { - NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll(); - while (groupEnum.hasMore()) { - String gName = getShortGroupName((String) groupEnum - .next()); - if (groupNameCaseConversionFlag) { - if (groupNameLowerCaseFlag) { - gName = gName.toLowerCase(); - } else { - gName = gName.toUpperCase(); - } - } - groups.add(gName); - } - } - } + + Set<String> groups = new HashSet<String>(); + + for (String useGroupNameAttribute : userGroupNameAttributeSet) { + Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute); + if (userGroupfAttribute != null) { + NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll(); + while (groupEnum.hasMore()) { + String gName = getShortGroupName((String) groupEnum + .next()); + if (groupNameCaseConversionFlag) { + if (groupNameLowerCaseFlag) { + gName = gName.toLowerCase(); + } else { + gName = gName.toUpperCase(); + } + } + groups.add(gName); + } + } + } + + if (groupSearchEnabled && groupUserMapSyncEnabled) { + LOG.info("groupSearch and groupUserMapSync are enabled, would search for groups and compute memberships"); + groupSearchResultEnum = ldapContext + .search(groupSearchBase, extendedGroupSearchFilter, + new Object[]{userEntry.getNameInNamespace()}, + groupSearchControls); + Set<String> computedGroups = new HashSet<String>(); + while (groupSearchResultEnum.hasMore()) { + final SearchResult groupEntry = groupSearchResultEnum.next(); + String gName = (String) groupEntry.getAttributes() + .get(groupNameAttribute).get(); + if (groupNameCaseConversionFlag) { + if (groupNameLowerCaseFlag) { + gName = gName.toLowerCase(); + } else { + gName = gName.toUpperCase(); + } + } + computedGroups.add(gName); + } + if (LOG.isInfoEnabled()) { + LOG.info("computed groups for user: " + userName +", groups: " + computedGroups); + } + groups.addAll(computedGroups); + } List<String> groupList = new ArrayList<String>(groups); counter++; @@ -275,14 +379,54 @@ public class LdapUserGroupBuilder implements UserGroupSource { LOG.debug("No controls were sent from the server"); } // Re-activate paged results - ldapContext.setRequestControls(new Control[]{ - new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) }); + if (pagedResultsEnabled) { + ldapContext.setRequestControls(new Control[]{ + new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) }); + } } while (cookie != null); LOG.info("LDAPUserGroupBuilder.updateSink() completed with user count: " + counter); + + if (groupSearchEnabled && !groupUserMapSyncEnabled) { + if (LOG.isInfoEnabled()) { + LOG.info("groupSearch enabled and groupUserMapSync not enabled, " + + "would search for groups, would not compute memberships"); + } + Set <String> groupNames = new HashSet<String>(); + groupSearchResultEnum = ldapContext + .search(groupSearchBase, extendedAllGroupsSearchFilter, + groupSearchControls); + + while (groupSearchResultEnum.hasMore()) { + final SearchResult groupEntry = groupSearchResultEnum.next(); + String gName = (String) groupEntry.getAttributes() + .get(groupNameAttribute).get(); + if (groupNameCaseConversionFlag) { + if (groupNameLowerCaseFlag) { + gName = gName.toLowerCase(); + } else { + gName = gName.toUpperCase(); + } + } + groupNames.add(gName); + } + if (LOG.isInfoEnabled()) { + LOG.info("found groups from ldap source: " + groupNames); + } + + // TODO: push groupNames to ranger + // POST http://<IP>:6080/service/xusers/secure/groups create group + // PUT http://<IP>:6080/service/xusers/secure/groups/{id} update group + // sink.addOrUpdateUser(groupNames); + + } + } finally { - if (searchResultEnum != null) { - searchResultEnum.close(); + if (userSearchResultEnum != null) { + userSearchResultEnum.close(); + } + if (groupSearchResultEnum != null) { + groupSearchResultEnum.close(); } closeLdapContext(); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/78cc53a1/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 181b107..4dd8724 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -85,37 +85,67 @@ public class UserGroupSyncConfig { private static final String LGSYNC_LDAP_BIND_PASSWORD = "ldapGroupSync.ldapBindPassword"; private static final String LGSYNC_LDAP_AUTHENTICATION_MECHANISM = "ldapGroupSync.ldapAuthenticationMechanism"; - - private static final String LGSYNC_USER_SEARCH_BASE = "ldapGroupSync.userSearchBase"; - + private static final String DEFAULT_AUTHENTICATION_MECHANISM = "simple"; + + private static final String LGSYNC_SEARCH_BASE = "ldapGroupSync.searchBase"; + + private static final String LGSYNC_USER_SEARCH_BASE = "ldapGroupSync.userSearchBase"; + + private static final String LGSYNC_USER_SEARCH_SCOPE = "ldapGroupSync.userSearchScope"; + private static final String LGSYNC_USER_OBJECT_CLASS = "ldapGroupSync.userObjectClass"; + private static final String DEFAULT_USER_OBJECT_CLASS = "person"; private static final String LGSYNC_USER_SEARCH_FILTER = "ldapGroupSync.userSearchFilter"; private static final String LGSYNC_USER_NAME_ATTRIBUTE = "ldapGroupSync.userNameAttribute"; + private static final String DEFAULT_USER_NAME_ATTRIBUTE = "cn"; private static final String LGSYNC_USER_GROUP_NAME_ATTRIBUTE = "ldapGroupSync.userGroupNameAttribute"; - - private static final String DEFAULT_AUTHENTICATION_MECHANISM = "simple"; - - private static final String DEFAULT_USER_OBJECT_CLASS = "person"; - - private static final String DEFAULT_USER_NAME_ATTRIBUTE = "cn"; + private static final String DEFAULT_USER_GROUP_NAME_ATTRIBUTE = "memberof,ismemberof"; public static final String UGSYNC_NONE_CASE_CONVERSION_VALUE = "none" ; public static final String UGSYNC_LOWER_CASE_CONVERSION_VALUE = "lower" ; public static final String UGSYNC_UPPER_CASE_CONVERSION_VALUE = "upper" ; private static final String UGSYNC_USERNAME_CASE_CONVERSION_PARAM = "ldapGroupSync.username.caseConversion" ; + private static final String DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE = UGSYNC_LOWER_CASE_CONVERSION_VALUE ; + private static final String UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM = "ldapGroupSync.groupname.caseConversion" ; - - private static final String DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE = UGSYNC_LOWER_CASE_CONVERSION_VALUE ; private static final String DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE = UGSYNC_LOWER_CASE_CONVERSION_VALUE ; - private static final String DEFAULT_USER_GROUP_NAME_ATTRIBUTE = "memberof,ismemberof"; - private static final String DEFAULT_USER_GROUP_TEXTFILE_DELIMITER = ","; + private static final String LGSYNC_PAGED_RESULTS_ENABLED = "ldapGroupSync.pagedResultsEnabled"; + private static final boolean DEFAULT_LGSYNC_PAGED_RESULTS_ENABLED = true; + + private static final String LGSYNC_PAGED_RESULTS_SIZE = "ldapGroupSync.pagedResultsSize"; + private static final int DEFAULT_LGSYNC_PAGED_RESULTS_SIZE = 500; + + // get groups only + private static final String LGSYNC_GROUP_SEARCH_ENABLED = "ldapGroupSync.groupSearchEnabled"; + private static final boolean DEFAULT_LGSYNC_GROUP_SEARCH_ENABLED = false; + + // get group -> user link, bosco + private static final String LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = "ldapGroupSync.groupUserMapSyncEnabled"; + private static final boolean DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = false; + + // defaults to value of searchBase if searchBase is not null, else defaults to userSearchBase, bosco + private static final String LGSYNC_GROUP_SEARCH_BASE = "ldapGroupSync.groupSearchBase"; + + private static final String LGSYNC_GROUP_SEARCH_SCOPE = "ldapGroupSync.groupSearchScope"; + + private static final String LGSYNC_GROUP_OBJECT_CLASS = "ldapGroupSync.groupObjectClass"; + private static final String DEFAULT_LGSYNC_GROUP_OBJECT_CLASS = "groupofnames"; + + private static final String LGSYNC_GROUP_SEARCH_FILTER = "ldapGroupSync.groupSearchFilter"; + + private static final String LGSYNC_GROUP_NAME_ATTRIBUTE = "ldapGroupSync.groupNameAttribute"; + private static final String DEFAULT_LGSYNC_GROUP_NAME_ATTRIBUTE = "cn"; + + private static final String LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME = "ldapGroupSync.groupMemberAttributeName"; + private static final String DEFAULT_LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME = "member"; + private Properties prop = new Properties() ; private static UserGroupSyncConfig me = null ; @@ -333,6 +363,9 @@ public class UserGroupSyncConfig { public String getUserSearchBase() throws Throwable { String val = prop.getProperty(LGSYNC_USER_SEARCH_BASE); + if(val == null || val.trim().isEmpty()) { + val = getSearchBase(); + } if(val == null || val.trim().isEmpty()) { throw new Exception(LGSYNC_USER_SEARCH_BASE + " for LdapGroupSync is not specified"); } @@ -341,7 +374,7 @@ public class UserGroupSyncConfig { public int getUserSearchScope() { - String val = prop.getProperty(LGSYNC_USER_SEARCH_BASE); + String val = prop.getProperty(LGSYNC_USER_SEARCH_SCOPE); if (val == null || val.trim().isEmpty()) { return 2; //subtree scope } @@ -405,8 +438,114 @@ public class UserGroupSyncConfig { String ret = prop.getProperty(UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM, DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE) ; return ret.trim().toLowerCase() ; } - - public String getProperty(String aPropertyName) { + + public String getSearchBase() { + return prop.getProperty(LGSYNC_SEARCH_BASE); + } + + public boolean isPagedResultsEnabled() { + boolean pagedResultsEnabled; + String val = prop.getProperty(LGSYNC_PAGED_RESULTS_ENABLED); + if(val == null || val.trim().isEmpty()) { + pagedResultsEnabled = DEFAULT_LGSYNC_PAGED_RESULTS_ENABLED; + } else { + pagedResultsEnabled = Boolean.valueOf(val); + } + return pagedResultsEnabled; + } + + public int getPagedResultsSize() { + int pagedResultsSize = DEFAULT_LGSYNC_PAGED_RESULTS_SIZE; + String val = prop.getProperty(LGSYNC_PAGED_RESULTS_SIZE); + if(val == null || val.trim().isEmpty()) { + pagedResultsSize = DEFAULT_LGSYNC_PAGED_RESULTS_SIZE; + } else { + pagedResultsSize = Integer.parseInt(val); + } + if (pagedResultsSize < 1) { + pagedResultsSize = DEFAULT_LGSYNC_PAGED_RESULTS_SIZE; + } + return pagedResultsSize; + } + + public boolean isGroupSearchEnabled() { + boolean groupSearchEnabled; + String val = prop.getProperty(LGSYNC_GROUP_SEARCH_ENABLED); + if(val == null || val.trim().isEmpty()) { + groupSearchEnabled = DEFAULT_LGSYNC_GROUP_SEARCH_ENABLED; + } else { + groupSearchEnabled = Boolean.valueOf(val); + } + return groupSearchEnabled; + } + + public boolean isGroupUserMapSyncEnabled() { + boolean groupUserMapSyncEnabled; + String val = prop.getProperty(LGSYNC_GROUP_USER_MAP_SYNC_ENABLED); + if(val == null || val.trim().isEmpty()) { + groupUserMapSyncEnabled = DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED; + } else { + groupUserMapSyncEnabled = Boolean.valueOf(val); + } + return groupUserMapSyncEnabled; + } + + public String getGroupSearchBase() throws Throwable { + String val = prop.getProperty(LGSYNC_GROUP_SEARCH_BASE); + if(val == null || val.trim().isEmpty()) { + val = getSearchBase(); + } + if(val == null || val.trim().isEmpty()) { + val = getUserSearchBase(); + } + return val; + } + + public int getGroupSearchScope() { + String val = prop.getProperty(LGSYNC_GROUP_SEARCH_SCOPE); + if (val == null || val.trim().isEmpty()) { + return 2; //subtree scope + } + + val = val.trim().toLowerCase(); + if (val.equals("0") || val.startsWith("base")) { + return 0; // object scope + } else if (val.equals("1") || val.startsWith("one")) { + return 1; // one level scope + } else { + return 2; // subtree scope + } + } + + public String getGroupObjectClass() { + String val = prop.getProperty(LGSYNC_GROUP_OBJECT_CLASS); + if (val == null || val.trim().isEmpty()) { + return DEFAULT_LGSYNC_GROUP_OBJECT_CLASS; + } + return val; + } + + public String getGroupSearchFilter() { + return prop.getProperty(LGSYNC_GROUP_SEARCH_FILTER); + } + + public String getUserGroupMemberAttributeName() { + String val = prop.getProperty(LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME); + if (val == null || val.trim().isEmpty()) { + return DEFAULT_LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME; + } + return val; + } + + public String getGroupNameAttribute() { + String val = prop.getProperty(LGSYNC_GROUP_NAME_ATTRIBUTE); + if (val == null || val.trim().isEmpty()) { + return DEFAULT_LGSYNC_GROUP_NAME_ATTRIBUTE; + } + return val; + } + + public String getProperty(String aPropertyName) { return prop.getProperty(aPropertyName) ; }
