001
014
015 package com.liferay.portal.security.ldap;
016
017 import com.liferay.portal.kernel.ldap.LDAPUtil;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.security.pacl.DoPrivileged;
021 import com.liferay.portal.kernel.util.PropsKeys;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.kernel.workflow.WorkflowConstants;
024 import com.liferay.portal.model.Contact;
025 import com.liferay.portal.model.User;
026 import com.liferay.portal.model.UserGroup;
027 import com.liferay.portal.security.auth.AuthSettingsUtil;
028 import com.liferay.portal.service.UserGroupLocalServiceUtil;
029 import com.liferay.portal.service.UserLocalServiceUtil;
030 import com.liferay.portal.util.PrefsPropsUtil;
031
032 import java.io.Serializable;
033
034 import java.util.Date;
035 import java.util.List;
036 import java.util.Map;
037 import java.util.Properties;
038
039 import javax.naming.Binding;
040 import javax.naming.CompositeName;
041 import javax.naming.Name;
042 import javax.naming.NameNotFoundException;
043 import javax.naming.directory.Attribute;
044 import javax.naming.directory.Attributes;
045 import javax.naming.directory.ModificationItem;
046 import javax.naming.directory.SchemaViolationException;
047 import javax.naming.ldap.LdapContext;
048
049
056 @DoPrivileged
057 public class PortalLDAPExporterImpl implements PortalLDAPExporter {
058
059 @Override
060 public void exportToLDAP(
061 Contact contact, Map<String, Serializable> contactExpandoAttributes)
062 throws Exception {
063
064 long companyId = contact.getCompanyId();
065
066 if (!AuthSettingsUtil.isLDAPAuthEnabled(companyId) ||
067 !LDAPSettingsUtil.isExportEnabled(companyId)) {
068
069 return;
070 }
071
072 User user = UserLocalServiceUtil.getUserByContactId(
073 contact.getContactId());
074
075 if (user.isDefaultUser() ||
076 (user.getStatus() != WorkflowConstants.STATUS_APPROVED)) {
077
078 return;
079 }
080
081 long ldapServerId = PortalLDAPUtil.getLdapServerId(
082 companyId, user.getScreenName(), user.getEmailAddress());
083
084 LdapContext ldapContext = PortalLDAPUtil.getContext(
085 ldapServerId, companyId);
086
087 try {
088 if (ldapContext == null) {
089 return;
090 }
091
092 Properties contactMappings = LDAPSettingsUtil.getContactMappings(
093 ldapServerId, companyId);
094 Properties contactExpandoMappings =
095 LDAPSettingsUtil.getContactExpandoMappings(
096 ldapServerId, companyId);
097
098 Binding binding = PortalLDAPUtil.getUser(
099 ldapServerId, contact.getCompanyId(), user.getScreenName(),
100 user.getEmailAddress());
101
102 if (binding == null) {
103 Properties userMappings = LDAPSettingsUtil.getUserMappings(
104 ldapServerId, companyId);
105
106 binding = addUser(
107 ldapServerId, ldapContext, user, userMappings);
108 }
109
110 Name name = new CompositeName();
111
112 name.add(
113 PortalLDAPUtil.getNameInNamespace(
114 ldapServerId, companyId, binding));
115
116 Modifications modifications =
117 _portalToLDAPConverter.getLDAPContactModifications(
118 contact, contactExpandoAttributes, contactMappings,
119 contactExpandoMappings);
120
121 if (modifications == null) {
122 return;
123 }
124
125 ModificationItem[] modificationItems = modifications.getItems();
126
127 ldapContext.modifyAttributes(name, modificationItems);
128 }
129 finally {
130 if (ldapContext != null) {
131 ldapContext.close();
132 }
133 }
134 }
135
136 @Override
137 public void exportToLDAP(
138 long userId, long userGroupId, LDAPOperation ldapOperation)
139 throws Exception {
140
141 User user = UserLocalServiceUtil.getUser(userId);
142
143 long companyId = user.getCompanyId();
144
145 if (!AuthSettingsUtil.isLDAPAuthEnabled(companyId) ||
146 !LDAPSettingsUtil.isExportEnabled(companyId) ||
147 !LDAPSettingsUtil.isExportGroupEnabled(companyId)) {
148
149 return;
150 }
151
152 long ldapServerId = PortalLDAPUtil.getLdapServerId(
153 companyId, user.getScreenName(), user.getEmailAddress());
154
155 LdapContext ldapContext = PortalLDAPUtil.getContext(
156 ldapServerId, companyId);
157
158 if (ldapContext == null) {
159 return;
160 }
161
162 UserGroup userGroup = UserGroupLocalServiceUtil.getUserGroup(
163 userGroupId);
164
165 Properties groupMappings = LDAPSettingsUtil.getGroupMappings(
166 ldapServerId, companyId);
167 Properties userMappings = LDAPSettingsUtil.getUserMappings(
168 ldapServerId, companyId);
169
170 Binding binding = PortalLDAPUtil.getGroup(
171 ldapServerId, companyId, userGroup.getName());
172
173 try {
174 if (binding == null) {
175 if (ldapOperation == LDAPOperation.ADD) {
176 addGroup(
177 ldapServerId, ldapContext, userGroup, user,
178 groupMappings, userMappings);
179 }
180
181 return;
182 }
183
184 Name name = new CompositeName();
185
186 name.add(
187 PortalLDAPUtil.getNameInNamespace(
188 ldapServerId, companyId, binding));
189
190 Modifications modifications =
191 _portalToLDAPConverter.getLDAPGroupModifications(
192 ldapServerId, userGroup, user, groupMappings, userMappings,
193 ldapOperation);
194
195 ModificationItem[] modificationItems = modifications.getItems();
196
197 ldapContext.modifyAttributes(name, modificationItems);
198 }
199 catch (SchemaViolationException sve) {
200 String fullGroupDN = PortalLDAPUtil.getNameInNamespace(
201 ldapServerId, companyId, binding);
202
203 Attributes attributes = PortalLDAPUtil.getGroupAttributes(
204 ldapServerId, companyId, ldapContext, fullGroupDN, true);
205
206 Attribute groupMembers = attributes.get(
207 groupMappings.getProperty(GroupConverterKeys.USER));
208
209 if ((groupMembers != null) && (groupMembers.size() == 1)) {
210 ldapContext.unbind(fullGroupDN);
211 }
212 }
213 finally {
214 if (ldapContext != null) {
215 ldapContext.close();
216 }
217 }
218 }
219
220 @Override
221 public void exportToLDAP(
222 User user, Map<String, Serializable> userExpandoAttributes)
223 throws Exception {
224
225 if (user.isDefaultUser() ||
226 (user.getStatus() != WorkflowConstants.STATUS_APPROVED)) {
227
228 return;
229 }
230
231 long companyId = user.getCompanyId();
232
233 if (!AuthSettingsUtil.isLDAPAuthEnabled(companyId) ||
234 !LDAPSettingsUtil.isExportEnabled(companyId)) {
235
236 return;
237 }
238
239 long ldapServerId = PortalLDAPUtil.getLdapServerId(
240 companyId, user.getScreenName(), user.getEmailAddress());
241
242 LdapContext ldapContext = PortalLDAPUtil.getContext(
243 ldapServerId, companyId);
244
245 try {
246 if (ldapContext == null) {
247 return;
248 }
249
250 Properties userMappings = LDAPSettingsUtil.getUserMappings(
251 ldapServerId, companyId);
252 Properties userExpandoMappings =
253 LDAPSettingsUtil.getUserExpandoMappings(
254 ldapServerId, companyId);
255
256 Binding binding = PortalLDAPUtil.getUser(
257 ldapServerId, user.getCompanyId(), user.getScreenName(),
258 user.getEmailAddress(), true);
259
260 if (binding == null) {
261 binding = addUser(
262 ldapServerId, ldapContext, user, userMappings);
263 }
264 else {
265 Attributes attributes = PortalLDAPUtil.getUserAttributes(
266 ldapServerId, companyId, ldapContext,
267 PortalLDAPUtil.getNameInNamespace(
268 ldapServerId, companyId, binding));
269
270 String modifyTimestamp = LDAPUtil.getAttributeString(
271 attributes, "modifyTimestamp");
272
273 if (Validator.isNotNull(modifyTimestamp)) {
274 Date modifiedDate = LDAPUtil.parseDate(modifyTimestamp);
275
276 if (modifiedDate.equals(user.getModifiedDate())) {
277 if (_log.isDebugEnabled()) {
278 _log.debug(
279 "Skipping user " + user.getEmailAddress() +
280 " because he is already synchronized");
281 }
282
283 return;
284 }
285 }
286 }
287
288 Name name = new CompositeName();
289
290 name.add(
291 PortalLDAPUtil.getNameInNamespace(
292 ldapServerId, companyId, binding));
293
294 Modifications modifications =
295 _portalToLDAPConverter.getLDAPUserModifications(
296 user, userExpandoAttributes, userMappings,
297 userExpandoMappings);
298
299 if (modifications == null) {
300 return;
301 }
302
303 ModificationItem[] modificationItems = modifications.getItems();
304
305 ldapContext.modifyAttributes(name, modificationItems);
306
307 if (!LDAPSettingsUtil.isExportGroupEnabled(companyId)) {
308 return;
309 }
310
311 List<UserGroup> userGroups =
312 UserGroupLocalServiceUtil.getUserUserGroups(user.getUserId());
313
314 for (UserGroup userGroup : userGroups) {
315 exportToLDAP(
316 user.getUserId(), userGroup.getUserGroupId(),
317 LDAPOperation.ADD);
318 }
319
320 Modifications groupModifications =
321 _portalToLDAPConverter.getLDAPUserGroupModifications(
322 ldapServerId, userGroups, user, userMappings);
323
324 ModificationItem[] groupModificationItems =
325 groupModifications.getItems();
326
327 if (groupModificationItems.length > 0) {
328 ldapContext.modifyAttributes(name, groupModificationItems);
329 }
330 }
331 catch (NameNotFoundException nnfe) {
332 if (PrefsPropsUtil.getBoolean(
333 companyId, PropsKeys.LDAP_AUTH_REQUIRED)) {
334
335 throw nnfe;
336 }
337
338 _log.error(nnfe, nnfe);
339 }
340 finally {
341 if (ldapContext != null) {
342 ldapContext.close();
343 }
344 }
345 }
346
347 public void setPortalToLDAPConverter(
348 PortalToLDAPConverter portalToLDAPConverter) {
349
350 _portalToLDAPConverter = portalToLDAPConverter;
351 }
352
353 protected Binding addGroup(
354 long ldapServerId, LdapContext ldapContext, UserGroup userGroup,
355 User user, Properties groupMappings, Properties userMappings)
356 throws Exception {
357
358 Name name = new CompositeName();
359
360 name.add(
361 _portalToLDAPConverter.getGroupDNName(
362 ldapServerId, userGroup, groupMappings));
363
364 Attributes attributes = _portalToLDAPConverter.getLDAPGroupAttributes(
365 ldapServerId, userGroup, user, groupMappings, userMappings);
366
367 ldapContext.bind(name, new PortalLDAPContext(attributes));
368
369 Binding binding = PortalLDAPUtil.getGroup(
370 ldapServerId, userGroup.getCompanyId(), userGroup.getName());
371
372 return binding;
373 }
374
375 protected Binding addUser(
376 long ldapServerId, LdapContext ldapContext, User user,
377 Properties userMappings)
378 throws Exception {
379
380 Name name = new CompositeName();
381
382 name.add(
383 _portalToLDAPConverter.getUserDNName(
384 ldapServerId, user, userMappings));
385
386 Attributes attributes = _portalToLDAPConverter.getLDAPUserAttributes(
387 ldapServerId, user, userMappings);
388
389 ldapContext.bind(name, new PortalLDAPContext(attributes));
390
391 Binding binding = PortalLDAPUtil.getUser(
392 ldapServerId, user.getCompanyId(), user.getScreenName(),
393 user.getEmailAddress());
394
395 return binding;
396 }
397
398 private static Log _log = LogFactoryUtil.getLog(
399 PortalLDAPExporterImpl.class);
400
401 private PortalToLDAPConverter _portalToLDAPConverter;
402
403 }