public virtual void testFilterByGroupMemberPosix()
{
// by default the configuration does not use posix groups
LdapConfiguration ldapConfiguration = new LdapConfiguration();
ldapConfiguration.GroupMemberAttribute = "memberUid";
ldapConfiguration.GroupSearchFilter = "(someFilter)";
LdapIdentityProviderSession session = new LdapIdentityProviderSessionAnonymousInnerClass(this, ldapConfiguration);
// if I query for groups by group member
LdapGroupQuery query = new LdapGroupQuery();
query.groupMember("jonny");
// then the full DN is requested. This is the default behavior.
string filter = session.getGroupSearchFilter(query);
assertEquals("(&(someFilter)(memberUid=jonny, fullDn))", filter);
// If I turn on posix groups
ldapConfiguration.UsePosixGroups = true;
// then the filter string does not contain the full DN for the
// user but the simple (unqualified) userId as provided in the query
filter = session.getGroupSearchFilter(query);
assertEquals("(&(someFilter)(memberUid=jonny))", filter);
}
protected internal virtual string getGroupSearchFilter(LdapGroupQuery query)
{
StringWriter search = new StringWriter();
search.write("(&");
// restrict to groups
search.write(ldapConfiguration.GroupSearchFilter);
// add additional filters from query
if (!string.ReferenceEquals(query.Id, null))
{
addFilter(ldapConfiguration.GroupIdAttribute, query.Id, search);
}
if (query.Ids != null && query.Ids.Length > 0)
{
search.write("(|");
foreach (string id in query.Ids)
{
addFilter(ldapConfiguration.GroupIdAttribute, id, search);
}
search.write(")");
}
if (!string.ReferenceEquals(query.Name, null))
{
addFilter(ldapConfiguration.GroupNameAttribute, query.Name, search);
}
if (!string.ReferenceEquals(query.NameLike, null))
{
addFilter(ldapConfiguration.GroupNameAttribute, query.NameLike, search);
}
if (!string.ReferenceEquals(query.UserId, null))
{
string userDn = null;
if (ldapConfiguration.UsePosixGroups)
{
userDn = query.UserId;
}
else
{
userDn = getDnForUser(query.UserId);
}
addFilter(ldapConfiguration.GroupMemberAttribute, escapeLDAPSearchFilter(userDn), search);
}
search.write(")");
return(search.ToString());
}
public virtual IList <Group> findGroupByQueryCriteria(LdapGroupQuery query)
{
ensureContextInitialized();
string groupBaseDn = composeDn(ldapConfiguration.GroupSearchBase, ldapConfiguration.BaseDn);
if (ldapConfiguration.SortControlSupported)
{
applyRequestControls(query);
}
NamingEnumeration <SearchResult> enumeration = null;
try
{
string filter = getGroupSearchFilter(query);
enumeration = initialContext.search(groupBaseDn, filter, ldapConfiguration.SearchControls);
// perform client-side paging
int resultCount = 0;
IList <Group> groupList = new List <Group>();
StringBuilder resultLogger = new StringBuilder();
if (LdapPluginLogger.INSTANCE.DebugEnabled)
{
resultLogger.Append("LDAP group query results: [");
}
while (enumeration.hasMoreElements() && groupList.Count < query.MaxResults)
{
SearchResult result = enumeration.nextElement();
GroupEntity group = transformGroup(result);
string groupId = group.Id;
if (string.ReferenceEquals(groupId, null))
{
LdapPluginLogger.INSTANCE.invalidLdapGroupReturned(group, result);
}
else
{
if (isAuthorized(READ, GROUP, groupId))
{
if (resultCount >= query.FirstResult)
{
if (LdapPluginLogger.INSTANCE.DebugEnabled)
{
resultLogger.Append(group);
resultLogger.Append(" based on ");
resultLogger.Append(result);
resultLogger.Append(", ");
}
groupList.Add(group);
}
resultCount++;
}
}
}
if (LdapPluginLogger.INSTANCE.DebugEnabled)
{
resultLogger.Append("]");
LdapPluginLogger.INSTANCE.groupQueryResult(resultLogger.ToString());
}
return(groupList);
}
catch (NamingException e)
{
throw new IdentityProviderException("Could not query for users", e);
}
finally
{
try
{
if (enumeration != null)
{
enumeration.close();
}
}
catch (Exception)
{
// ignore silently
}
}
}
public virtual long findGroupCountByQueryCriteria(LdapGroupQuery ldapGroupQuery)
{
ensureContextInitialized();
return(findGroupByQueryCriteria(ldapGroupQuery).Count);
}
