This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 5d214eafac717b9869935621f079079db3a5b383 Author: Benoit Tellier <[email protected]> AuthorDate: Wed Jun 9 08:36:24 2021 +0700 JAMES-3594 Implement ReadOnlyLDAPUsersDAO with UnboundID library --- .../apache/james/user/ldap/ReadOnlyLDAPUser.java | 11 ++++--- .../james/user/ldap/ReadOnlyLDAPUsersDAO.java | 35 ++++++++++++++-------- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java index 09ecc6c..5baaf02 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java @@ -47,7 +47,6 @@ import reactor.core.publisher.Mono; * */ public class ReadOnlyLDAPUser implements User, Serializable { - private static final long serialVersionUID = -5201235065842464014L; public static final Logger LOGGER = LoggerFactory.getLogger(ReadOnlyLDAPUser.class); /** @@ -76,17 +75,17 @@ public class ReadOnlyLDAPUser implements User, Serializable { /** * Constructs an instance for the given user-details, and which will * authenticate against the given host. - * @param userName + * @param userName * The user-identifier/name. This is the value with which the * field will be initialised, and which will be * returned by invoking {@link #getUserName()}. * @param userDN * The distinguished (unique-key) of the user details as stored * @param connectionPool - * The connectionPool for the LDAP server on which the user details are held. - * This is also the host against which the user will be - * authenticated, when {@link #verifyPassword(String)} is - * invoked. + * The connectionPool for the LDAP server on which the user details are held. + * This is also the host against which the user will be + * authenticated, when {@link #verifyPassword(String)} is + * invoked. * @param configuration */ public ReadOnlyLDAPUser(Username userName, String userDN, LDAPConnectionPool connectionPool, LdapRepositoryConfiguration configuration) { diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java index 772d410..9a4d707 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java @@ -35,8 +35,6 @@ import javax.net.SocketFactory; import org.apache.commons.configuration2.HierarchicalConfiguration; import org.apache.commons.configuration2.ex.ConfigurationException; import org.apache.commons.configuration2.tree.ImmutableNode; -import org.apache.commons.lang3.StringUtils; -import org.apache.directory.api.ldap.model.filter.FilterEncoder; import org.apache.james.core.Username; import org.apache.james.lifecycle.api.Configurable; import org.apache.james.user.api.UsersRepositoryException; @@ -47,10 +45,13 @@ import org.slf4j.LoggerFactory; import com.github.fge.lambdas.Throwing; import com.github.steveash.guavate.Guavate; +import com.unboundid.ldap.sdk.Entry; +import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPConnectionOptions; import com.unboundid.ldap.sdk.LDAPConnectionPool; import com.unboundid.ldap.sdk.LDAPException; +import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; @@ -119,14 +120,21 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { } private Filter createFilter(String username) { + Filter specificUserFilter = Filter.createEqualityFilter(ldapConfiguration.getUserIdAttribute(), username); return Optional.ofNullable(ldapConfiguration.getFilter()) - .map(Throwing.function(userFilter -> Filter.createANDFilter( - Filter.createEqualityFilter("objectClass", ldapConfiguration.getUserObjectClass()), - Filter.createEqualityFilter(ldapConfiguration.getUserIdAttribute(), username), - Filter.create(userFilter)))) - .orElseGet(() -> Filter.createANDFilter( - Filter.createEqualityFilter("objectClass", ldapConfiguration.getUserObjectClass()), - Filter.createEqualityFilter(ldapConfiguration.getUserIdAttribute(), username))); + .map(Throwing.function(userFilter -> + Filter.createANDFilter(objectClassFilter(), specificUserFilter, Filter.create(userFilter)))) + .orElseGet(() -> Filter.createANDFilter(objectClassFilter(), specificUserFilter)); + } + + private Filter objectClassFilter() { + return Filter.createEqualityFilter("objectClass", ldapConfiguration.getUserObjectClass()); + } + + private Filter createFilter() { + return Optional.ofNullable(ldapConfiguration.getFilter()) + .map(Throwing.function(userFilter -> Filter.createANDFilter(objectClassFilter(), Filter.create(userFilter)))) + .orElseGet(this::objectClassFilter); } /** @@ -162,13 +170,16 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { } private Set<String> getAllUsersFromLDAP() throws LDAPException { - SearchResult searchResult = ldapConnectionPool.search(ldapConfiguration.getUserBase(), + SearchRequest searchRequest = new SearchRequest(ldapConfiguration.getUserBase(), SearchScope.SUB, - filterTemplate); + createFilter(), + SearchRequest.NO_ATTRIBUTES); + + SearchResult searchResult = ldapConnectionPool.search(searchRequest); return searchResult.getSearchEntries() .stream() - .map(entry -> entry.getObjectClassAttribute().getName()) + .map(Entry::getDN) .collect(Guavate.toImmutableSet()); } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
