edu.amc.sakai.user

Class SimpleLdapAttributeMapper

java.lang.Object

edu.amc.sakai.user.SimpleLdapAttributeMapper

All Implemented Interfaces:

LdapAttributeMapper

Direct Known Subclasses:

EmailAddressDerivingLdapAttributeMapper, MultipleEmailLdapAttributeMapper, SimpleLdapCandidateAttributeMapper

public class SimpleLdapAttributeMapper
extends Object
implements LdapAttributeMapper

Implements LDAP attribute mappings and filter generations using an attribute map keyed by constants in AttributeMappingConstants. The strategy for calculating Sakai user type can be injected as a UserTypeMapper. This strategy defaults to EmptyStringUserTypeMapper, which will match <= 2.3.0 OOTB behavior.

Author:

Dan McCallum, Unicon Inc

Constructor Summary

Constructors

Constructor and Description
SimpleLdapAttributeMapper()

Method Summary

Modifier and Type	Method and Description
String	escapeSearchFilterTerm(String term) Scrubs the given search filter term (i.e. a value to be matched, or not, in a search predicate) for reserved characters.
String	getAttributeMapping(String key) Map the given logical attribute name to a physical attribute name.
Map<String,String>	getAttributeMappings() Returns a direct reference to the currently cached mappings.
String	getFindUserByAidFilter(String aid) Output a filter string for searching the directory with the specified user aid as a key.
String	getFindUserByCrossAttributeSearchFilter(String criteria) Builds a filter to perform a wildcard search for criteria in uid, email, first name or last name In order to minimise hitting the limits of searches, this only performs a wildcard match on anything after the supplied criteria.
String	getFindUserByEidFilter(String eid) Builds a filter of the form <login-attr>=<eid>
String	getFindUserByEmailFilter(String emailAddr) Builds a filter of the form <email-attr>=<emailAddr>
String	getManyUsersInOneSearch(Set<String> criteria) Builds a filter to a uid search against many users at once For reference, the LDAP search filter is of the form: "(|(uid=sample.user)(uid=john.doe)(uid=jane.smith))"
protected Map<String,Collection<String>>	getReverseAttributeMap()
Collection<String>	getReverseAttributeMappings(String physicalAttrName) Access the configured logical names associated with the given physical attribute name.
String[]	getSearchResultAttributes() Implemented to return the current values of {link #getAttributeMappings().values() as a String array.
String	getUserBindDn(LdapUserData userData) Determine the DN to which to bind when executing an authentication attempt for the given user.
protected String	getUserDataDn(LdapUserData userData)
UserTypeMapper	getUserTypeMapper() Access the strategy for calculating the Sakai user type given a LDAPEntry
Map<String,MessageFormat>	getValueMappings()
void	init() Completes configuration of this instance.
protected void	mapLdapAttributeOntoUserData(com.novell.ldap.LDAPAttribute attribute, LdapUserData userData, Collection<String> logicalAttrNames) Map the given LDAPAttribute onto the given LdapUserData.
protected void	mapLdapAttributeOntoUserData(com.novell.ldap.LDAPAttribute attribute, LdapUserData userData, String logicalAttrName) A delegate of mapLdapAttributeOntoUserData(LDAPAttribute, LdapUserData, Collection) that allows for discrete handling of each logical attribute name associated with the given LDAPAttribute
void	mapLdapEntryOntoUserData(com.novell.ldap.LDAPEntry ldapEntry, LdapUserData userData) Performs LDAPEntry-to- attribute mappings.
protected String	mapLdapEntryToSakaiUserType(com.novell.ldap.LDAPEntry ldapEntry) Passes the given LDAPEntry and a reference to this SimpleLdapAttributeMapper to UserTypeMapper.mapLdapEntryToSakaiUserType(LDAPEntry, LdapAttributeMapper).
void	mapUserDataOntoUserEdit(LdapUserData userData, UserEdit userEdit) Straightforward LdapUserData to UserEdit field-to-field mapping, including properties.
protected Map<String,Collection<String>>	reverseAttributeMap(Map<String,String> toReverse) Creates a reverse lookup map of a given attribute map's values.
void	setAttributeMappings(Map<String,String> attributeMappings) Caches the given Map reference and takes a snapshot of the values therein for future use by getSearchResultAttributes().
protected void	setUserDataDn(com.novell.ldap.LDAPEntry entry, LdapUserData targetUserData)
void	setUserTypeMapper(UserTypeMapper userTypeMapper) Assign the strategy for calculating the Sakai user type given a LDAPEntry
void	setValueMappings(Map<String,MessageFormat> valueMappings)
protected String	usePreferredFirstName(LdapUserData userData) Determines if a user has a preferredFirstName set and if so, returns it for use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimpleLdapAttributeMapper

public SimpleLdapAttributeMapper()

Method Detail

init

public void init()

Completes configuration of this instance.

Initializes internal mappings to a copy of AttributeMappingConstants.DEFAULT_ATTR_MAPPINGS if the current map is empty. Initializes user type mapping strategy to a EmptyStringUserTypeMapper if no strategy has been specified.

This defaulting enables UDP config forward-compatibility.

Specified by:

init in interface LdapAttributeMapper

getFindUserByEmailFilter

public String getFindUserByEmailFilter(String emailAddr)

Builds a filter of the form <email-attr>=<emailAddr>

Specified by:

getFindUserByEmailFilter in interface LdapAttributeMapper

Parameters:

emailAddr - an email address to search on

Returns:

an LDAP search filter

getFindUserByEidFilter

public String getFindUserByEidFilter(String eid)

Builds a filter of the form <login-attr>=<eid>

Specified by:

getFindUserByEidFilter in interface LdapAttributeMapper

Parameters:

eid - a user eid to search on

Returns:

an LDAP search filter

getFindUserByAidFilter

public String getFindUserByAidFilter(String aid)

Description copied from interface: LdapAttributeMapper

Output a filter string for searching the directory with the specified user aid as a key.

Specified by:

getFindUserByAidFilter in interface LdapAttributeMapper

Parameters:

aid - a user authentication id.

Returns:

an LDAP search filter

mapLdapEntryOntoUserData

public void mapLdapEntryOntoUserData(com.novell.ldap.LDAPEntry ldapEntry,
                                     LdapUserData userData)

Performs LDAPEntry-to- attribute mappings. Assigns the given LDAPEntry's DN to the LdapUserData as a property keyed by AttributeMappingConstants.USER_DN_PROPERTY. Then iterates over LDAPEntry.getAttributeSet(), handing each attribute to mapLdapAttributeOntoUserData(LDAPAttribute, LdapUserData, Collection). Then enforces the preferred first name field, if it exists. Finally, assigns a "type" to the LdapUserData as defined by mapLdapEntryToSakaiUserType(LDAPEntry).

Specified by:

mapLdapEntryOntoUserData in interface LdapAttributeMapper

Parameters:

ldapEntry - the user's directory entry

userData - target LdapUserData

See Also:

UserTypeMapper

getUserBindDn

public String getUserBindDn(LdapUserData userData)

Description copied from interface: LdapAttributeMapper

Determine the DN to which to bind when executing an authentication attempt for the given user. An invocation implies that the DN can be derived from attributes already mapped onto the given LdapUserData by this LdapAttributeMapper. For example, the mapper could have cached the DN in the user's property map, or the bind DN could be reliably calculated from a combination of the user's eid and some other configured RDN string.

Specified by:

getUserBindDn in interface LdapAttributeMapper

Parameters:

userData - a mapped collection of user attributes from which to derive a bindable DN. Should not be null

Returns:

a bindable DN derived from userData or null if the DN is not known.

getUserDataDn

protected String getUserDataDn(LdapUserData userData)

setUserDataDn

protected void setUserDataDn(com.novell.ldap.LDAPEntry entry,
                             LdapUserData targetUserData)

mapLdapAttributeOntoUserData

protected void mapLdapAttributeOntoUserData(com.novell.ldap.LDAPAttribute attribute,
                                            LdapUserData userData,
                                            Collection<String> logicalAttrNames)

Map the given LDAPAttribute onto the given LdapUserData. Client can specify the logical attribute name(s) which have been configured for the given LDAPAttribute. This implementation has specific handling for the following logical attribute names:

• AttributeMappingConstants.LOGIN_ATTR_MAPPING_KEY - LdapUserData.setEid(String)
• AttributeMappingConstants.FIRST_NAME_ATTR_MAPPING_KEY - LdapUserData.setFirstName(String)
• AttributeMappingConstants.LAST_NAME_ATTR_MAPPING_KEY - LdapUserData.setLastName(String)
• AttributeMappingConstants.EMAIL_ATTR_MAPPING_KEY - LdapUserData.setEmail(String)

Any other logical attribute names passed in logicalAttrNames will be mapped onto userData as a property using the logical attribute name as a key.

Parameters:

attribute - the LDAPAttribute to map

userData - the target LdapUserData instance

logicalAttrNames - logical name(s) of the attribute. May be null or empty, indicating no configured logical name(s).

mapLdapAttributeOntoUserData

protected void mapLdapAttributeOntoUserData(com.novell.ldap.LDAPAttribute attribute,
                                            LdapUserData userData,
                                            String logicalAttrName)

A delegate of mapLdapAttributeOntoUserData(LDAPAttribute, LdapUserData, Collection) that allows for discrete handling of each logical attribute name associated with the given LDAPAttribute

Parameters:

attribute -

userData -

logicalAttrName -

mapLdapEntryToSakaiUserType

protected String mapLdapEntryToSakaiUserType(com.novell.ldap.LDAPEntry ldapEntry)

Passes the given LDAPEntry and a reference to this SimpleLdapAttributeMapper to UserTypeMapper.mapLdapEntryToSakaiUserType(LDAPEntry, LdapAttributeMapper). By default, this will just return an empty String.

Parameters:

ldapEntry - the LDAPEntry to map

Returns:

a String representing a Sakai user type. nulls and empty Strings are possible.

mapUserDataOntoUserEdit

public void mapUserDataOntoUserEdit(LdapUserData userData,
                                    UserEdit userEdit)

Straightforward LdapUserData to UserEdit field-to-field mapping, including properties.

Specified by:

mapUserDataOntoUserEdit in interface LdapAttributeMapper

Parameters:

userData - a non-null user cache entry

userEdit - a non-null user domain object

escapeSearchFilterTerm

public String escapeSearchFilterTerm(String term)

Description copied from interface: LdapAttributeMapper

Scrubs the given search filter term (i.e. a value to be matched, or not, in a search predicate) for reserved characters. I.e. protects against query injection.

Specified by:

escapeSearchFilterTerm in interface LdapAttributeMapper

Parameters:

term - The string value to be scrubbed

Returns:

null if the received String is null, otherwise a copy of the received String with reserved characters escaped.

getAttributeMapping

public String getAttributeMapping(String key)

Map the given logical attribute name to a physical attribute name.

Specified by:

getAttributeMapping in interface LdapAttributeMapper

Parameters:

key - the logical attribute name

Returns:

the corresponding physical attribute name, or null if no mapping exists.

getReverseAttributeMappings

public Collection<String> getReverseAttributeMappings(String physicalAttrName)

Access the configured logical names associated with the given physical attribute name. May return null.

Parameters:

physicalAttrName - a physical LDAP attribute name to reverse map to zero or more logical attribute names

Returns:

a collection of logical attribute names; may be null or empty.

getReverseAttributeMap

protected Map<String,Collection<String>> getReverseAttributeMap()

getSearchResultAttributes

public String[] getSearchResultAttributes()

Implemented to return the current values of {link #getAttributeMappings().values() as a String array.

Specified by:

getSearchResultAttributes in interface LdapAttributeMapper

Returns:

an array of directory attribute names

getAttributeMappings

public Map<String,String> getAttributeMappings()

Returns a direct reference to the currently cached mappings. Note that if this map is modified, the next call to getSearchResultAttributes() may return stale values.

Specified by:

getAttributeMappings in interface LdapAttributeMapper

Returns:

the current attribute map.

setAttributeMappings

public void setAttributeMappings(Map<String,String> attributeMappings)

Caches the given Map reference and takes a snapshot of the values therein for future use by getSearchResultAttributes().

Specified by:

setAttributeMappings in interface LdapAttributeMapper

Parameters:

attributeMappings - the attribute map.

See Also:

getAttributeMappings()

reverseAttributeMap

protected Map<String,Collection<String>> reverseAttributeMap(Map<String,String> toReverse)

Creates a reverse lookup map of a given attribute map's values. That is, creates a map of physical to logical LDAP attribute names. Since a multiple logical names may point to a single physical name, values in this map are actually Collection's.

Protected access control mainly to enable testing

Parameters:

toReverse -

Returns:

getUserTypeMapper

public UserTypeMapper getUserTypeMapper()

Access the strategy for calculating the Sakai user type given a LDAPEntry

setUserTypeMapper

public void setUserTypeMapper(UserTypeMapper userTypeMapper)

Assign the strategy for calculating the Sakai user type given a LDAPEntry

usePreferredFirstName

protected String usePreferredFirstName(LdapUserData userData)

Determines if a user has a preferredFirstName set and if so, returns it for use. Otherwise, returns their firstName as normal.

Parameters:

userData - the LdapUserData for the user

Returns:

a String of the user's first name.

getFindUserByCrossAttributeSearchFilter

public String getFindUserByCrossAttributeSearchFilter(String criteria)

Description copied from interface: LdapAttributeMapper

Builds a filter to perform a wildcard search for criteria in uid, email, first name or last name

In order to minimise hitting the limits of searches, this only performs a wildcard match on anything after the supplied criteria.
For example, a search for 'john' will match 'john' and 'johnson' but not 'gudjohnsen'.

For reference, the LDAP search filter is of the form: "(|(uid=criteria*)(mail=criteria*)(givenName=criteria*)(sn=criteria*))"

Specified by:

getFindUserByCrossAttributeSearchFilter in interface LdapAttributeMapper

Returns:

the formatted search filter

getManyUsersInOneSearch

public String getManyUsersInOneSearch(Set<String> criteria)

Description copied from interface: LdapAttributeMapper

Builds a filter to a uid search against many users at once For reference, the LDAP search filter is of the form: "(|(uid=sample.user)(uid=john.doe)(uid=jane.smith))"

Specified by:

getManyUsersInOneSearch in interface LdapAttributeMapper

Returns:

the formatted search filter

getValueMappings

public Map<String,MessageFormat> getValueMappings()

Returns:

A Map of message formats used for extracting values from LDAP data.

setValueMappings

public void setValueMappings(Map<String,MessageFormat> valueMappings)

Parameters:

valueMappings - A Map of message formats used for extracting values from LDAP data.