org.alfresco.repo.security.sync.ldap
Class LDAPUserRegistry

java.lang.Object
  extended by org.alfresco.repo.security.sync.ldap.LDAPUserRegistry
All Implemented Interfaces:
ActivateableBean, LDAPNameResolver, UserRegistry, org.springframework.beans.factory.InitializingBean

public class LDAPUserRegistry
extends java.lang.Object
implements UserRegistry, LDAPNameResolver, org.springframework.beans.factory.InitializingBean, ActivateableBean

A UserRegistry implementation with the ability to query Alfresco-like descriptions of users and groups from an LDAP directory, optionally restricted to those modified since a certain time.


Nested Class Summary
 class LDAPUserRegistry.PersonCollection
          Wraps the LDAP user query as a virtual Collection.
protected static interface LDAPUserRegistry.SearchCallback
          An interface for callbacks passed to the LDAPUserRegistry.processQuery(SearchCallback, String, String, String[]) method.
 
Constructor Summary
LDAPUserRegistry()
          Instantiates a new lDAP user registry.
 
Method Summary
 void afterPropertiesSet()
           
 java.util.Collection getGroupNames()
          Gets the names of all groups in the registry.
 java.util.Collection getGroups(java.util.Date modifiedSince)
          Gets descriptions of all the groups in the user registry or all those changed since a certain date.
 java.util.Set getPersonMappedProperties()
          Gets the set of property names that are auto-mapped by this user registry.
 java.util.Collection getPersonNames()
          Gets the names of all persons in the registry.
 java.util.Collection getPersons(java.util.Date modifiedSince)
          Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.
 boolean isActive()
          Determines whether this bean is active.
 java.lang.String resolveDistinguishedName(java.lang.String userId)
          Resolves a user ID to a distinguished name.
 void setActive(boolean active)
          Controls whether this bean is active.
 void setAttributeBatchSize(int attributeBatchSize)
          Sets the attribute batch size.
 void setEnableProgressEstimation(boolean enableProgressEstimation)
          Controls whether progress estimation is enabled.
 void setErrorOnDuplicateGID(boolean errorOnDuplicateGID)
          Decides whether to error on duplicate group IDs.
 void setErrorOnMissingGID(boolean errorOnMissingGID)
          Decides whether to error on missing group IDs.
 void setErrorOnMissingMembers(boolean errorOnMissingMembers)
          Decides whether to error on missing group members.
 void setErrorOnMissingUID(boolean errorOnMissingUID)
          Decides whether to error on missing user IDs.
 void setGroupAttributeDefaults(java.util.Map groupAttributeDefaults)
          Sets the group attribute defaults.
 void setGroupAttributeMapping(java.util.Map groupAttributeMapping)
          Sets the group attribute mapping.
 void setGroupDifferentialQuery(java.lang.String groupDifferentialQuery)
          Sets the group differential query.
 void setGroupIdAttributeName(java.lang.String groupIdAttributeName)
          Sets the group id attribute name.
 void setGroupQuery(java.lang.String groupQuery)
          Sets the group query.
 void setGroupSearchBase(java.lang.String groupSearchBase)
          Sets the group search base.
 void setGroupType(java.lang.String groupType)
          Sets the group type.
 void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
          Sets the LDAP initial dir context factory.
 void setMemberAttribute(java.lang.String memberAttribute)
          Sets the member attribute name.
 void setModifyTimestampAttributeName(java.lang.String modifyTimestampAttributeName)
          Sets the modification timestamp attribute name.
 void setNamespaceService(org.alfresco.service.namespace.NamespaceService namespaceService)
          Sets the namespace service.
 void setPersonAttributeDefaults(java.util.Map personAttributeDefaults)
          Sets the person attribute defaults.
 void setPersonAttributeMapping(java.util.Map personAttributeMapping)
          Sets the person attribute mapping.
 void setPersonDifferentialQuery(java.lang.String personDifferentialQuery)
          Sets the person differential query.
 void setPersonQuery(java.lang.String personQuery)
          Sets the person query.
 void setPersonType(java.lang.String personType)
          Sets the person type.
 void setQueryBatchSize(int queryBatchSize)
          Sets the query batch size.
 void setTimestampFormat(java.lang.String timestampFormat)
          Sets the timestamp format.
 void setUserIdAttributeName(java.lang.String userIdAttributeName)
          Sets the user id attribute name.
 void setUserSearchBase(java.lang.String userSearchBase)
          Sets the user search base.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LDAPUserRegistry

public LDAPUserRegistry()
Instantiates a new lDAP user registry.

Method Detail

setActive

public void setActive(boolean active)
Controls whether this bean is active. I.e. should this part of the subsystem be used?

Parameters:
active - true if this bean is active

setEnableProgressEstimation

public void setEnableProgressEstimation(boolean enableProgressEstimation)
Controls whether progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.

Parameters:
enableProgressEstimation - true if progress estimation is enabled

setGroupIdAttributeName

public void setGroupIdAttributeName(java.lang.String groupIdAttributeName)
Sets the group id attribute name.

Parameters:
groupIdAttributeName - the group id attribute name

setGroupQuery

public void setGroupQuery(java.lang.String groupQuery)
Sets the group query.

Parameters:
groupQuery - the group query

setGroupDifferentialQuery

public void setGroupDifferentialQuery(java.lang.String groupDifferentialQuery)
Sets the group differential query.

Parameters:
groupDifferentialQuery - the group differential query

setPersonQuery

public void setPersonQuery(java.lang.String personQuery)
Sets the person query.

Parameters:
personQuery - the person query

setPersonDifferentialQuery

public void setPersonDifferentialQuery(java.lang.String personDifferentialQuery)
Sets the person differential query.

Parameters:
personDifferentialQuery - the person differential query

setGroupType

public void setGroupType(java.lang.String groupType)
Sets the group type.

Parameters:
groupType - the group type

setMemberAttribute

public void setMemberAttribute(java.lang.String memberAttribute)
Sets the member attribute name.

Parameters:
memberAttribute - the member attribute name

setPersonType

public void setPersonType(java.lang.String personType)
Sets the person type.

Parameters:
personType - the person type

setGroupSearchBase

public void setGroupSearchBase(java.lang.String groupSearchBase)
Sets the group search base.

Parameters:
groupSearchBase - the group search base

setUserSearchBase

public void setUserSearchBase(java.lang.String userSearchBase)
Sets the user search base.

Parameters:
userSearchBase - the user search base

setUserIdAttributeName

public void setUserIdAttributeName(java.lang.String userIdAttributeName)
Sets the user id attribute name.

Parameters:
userIdAttributeName - the user id attribute name

setModifyTimestampAttributeName

public void setModifyTimestampAttributeName(java.lang.String modifyTimestampAttributeName)
Sets the modification timestamp attribute name.

Parameters:
modifyTimestampAttributeName - the modification timestamp attribute name

setTimestampFormat

public void setTimestampFormat(java.lang.String timestampFormat)
Sets the timestamp format. Unfortunately, this varies between directory servers.

Parameters:
timestampFormat - the timestamp format
  • OpenLDAP: "yyyyMMddHHmmss'Z'"
  • Active Directory: "yyyyMMddHHmmss'.0Z'"

setErrorOnMissingMembers

public void setErrorOnMissingMembers(boolean errorOnMissingMembers)
Decides whether to error on missing group members.

Parameters:
errorOnMissingMembers - true if we should error on missing group members

setErrorOnMissingGID

public void setErrorOnMissingGID(boolean errorOnMissingGID)
Decides whether to error on missing group IDs.

Parameters:
errorOnMissingGID - true if we should error on missing group IDs

setErrorOnMissingUID

public void setErrorOnMissingUID(boolean errorOnMissingUID)
Decides whether to error on missing user IDs.

Parameters:
errorOnMissingUID - true if we should error on missing user IDs

setErrorOnDuplicateGID

public void setErrorOnDuplicateGID(boolean errorOnDuplicateGID)
Decides whether to error on duplicate group IDs.

Parameters:
errorOnDuplicateGID - true if we should error on duplicate group IDs

setLDAPInitialDirContextFactory

public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
Sets the LDAP initial dir context factory.

Parameters:
ldapInitialDirContextFactory - the new LDAP initial dir context factory

setNamespaceService

public void setNamespaceService(org.alfresco.service.namespace.NamespaceService namespaceService)
Sets the namespace service.

Parameters:
namespaceService - the namespace service

setPersonAttributeDefaults

public void setPersonAttributeDefaults(java.util.Map personAttributeDefaults)
Sets the person attribute defaults.

Parameters:
personAttributeDefaults - the person attribute defaults

setPersonAttributeMapping

public void setPersonAttributeMapping(java.util.Map personAttributeMapping)
Sets the person attribute mapping.

Parameters:
personAttributeMapping - the person attribute mapping

setGroupAttributeDefaults

public void setGroupAttributeDefaults(java.util.Map groupAttributeDefaults)
Sets the group attribute defaults.

Parameters:
groupAttributeDefaults - the group attribute defaults

setGroupAttributeMapping

public void setGroupAttributeMapping(java.util.Map groupAttributeMapping)
Sets the group attribute mapping.

Parameters:
groupAttributeMapping - the group attribute mapping

setQueryBatchSize

public void setQueryBatchSize(int queryBatchSize)
Sets the query batch size.

Parameters:
queryBatchSize - If positive, indicates that RFC 2696 paged results should be used to split query results into batches of the specified size. Overcomes any size limits imposed by the LDAP server.

setAttributeBatchSize

public void setAttributeBatchSize(int attributeBatchSize)
Sets the attribute batch size.

Parameters:
attributeBatchSize - If positive, indicates that range retrieval should be used to fetch multi-valued attributes (such as member) in batches of the specified size. Overcomes any size limits imposed by the LDAP server.

isActive

public boolean isActive()
Description copied from interface: ActivateableBean
Determines whether this bean is active.

Specified by:
isActive in interface ActivateableBean
Returns:
true if this bean is active

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
java.lang.Exception

getPersonMappedProperties

public java.util.Set getPersonMappedProperties()
Description copied from interface: UserRegistry
Gets the set of property names that are auto-mapped by this user registry. These should remain read-only for this registry's users in the UI.

Specified by:
getPersonMappedProperties in interface UserRegistry
Returns:
the person mapped properties

getPersons

public java.util.Collection getPersons(java.util.Date modifiedSince)
Description copied from interface: UserRegistry
Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.

Specified by:
getPersons in interface UserRegistry
Parameters:
modifiedSince - if non-null, then only descriptions of users modified since this date should be returned; if null then descriptions of all users should be returned.
Returns:
a Collection of NodeDescriptions of all the persons (users) in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco person node.

getPersonNames

public java.util.Collection getPersonNames()
Description copied from interface: UserRegistry
Gets the names of all persons in the registry. Used to detect local persons to be deleted. Note that the treatment of these names will depend on Alfresco's username case-sensitivity setting.

Specified by:
getPersonNames in interface UserRegistry
Returns:
the person names

getGroupNames

public java.util.Collection getGroupNames()
Description copied from interface: UserRegistry
Gets the names of all groups in the registry. Used to detect local groups to be deleted.

Specified by:
getGroupNames in interface UserRegistry
Returns:
the person names

getGroups

public java.util.Collection getGroups(java.util.Date modifiedSince)
Description copied from interface: UserRegistry
Gets descriptions of all the groups in the user registry or all those changed since a certain date.

Specified by:
getGroups in interface UserRegistry
Parameters:
modifiedSince - if non-null, then only descriptions of groups modified since this date should be returned; if null then descriptions of all groups should be returned.
Returns:
a Collection of NodeDescriptions of all the groups in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco authority node.

resolveDistinguishedName

public java.lang.String resolveDistinguishedName(java.lang.String userId)
                                          throws org.alfresco.repo.security.authentication.AuthenticationException
Description copied from interface: LDAPNameResolver
Resolves a user ID to a distinguished name.

Specified by:
resolveDistinguishedName in interface LDAPNameResolver
Parameters:
userId - the user id
Returns:
the DN
Throws:
org.alfresco.repo.security.authentication.AuthenticationException - if the user ID cannot be resolved


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.