📄 activedirectoryuserdatabase.java
字号:
try {
while (results != null && results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
// This fixes the problem with / in OU's or
// usernames;
// using sr.getName returns a quoted string for some
// dns
// which is wrong
String dn = getDN(sr);
if (log.isDebugEnabled())
log.debug("Found group " + dn);
if (!inBasesList(excludedOUBasesList, dn)) {
Attributes ar = sr.getAttributes();
Attribute attr = ar.get("sAMAccountName");
if(attr==null)
continue;
String sAMAccountName = (String) attr.get();
ActiveDirectoryGroup role = new ActiveDirectoryGroup();
role.setSAMAccountName(sAMAccountName);
role.setDN(dn);
role.setRID(getRIDFromSID(((byte[]) ar.get("objectSID").get())));
Vector parents = new Vector();
// Now look for parent groups
if (ar.get("memberOf") != null) {
attr = (Attribute) ar.get("memberOf");
for (int j = 0; j < attr.size(); j++) {
String parentDN = (String) (attr).get(j);
if (!inBasesList(excludedOUBasesList, parentDN)) {
// This is a valid parent so record
parents.add(parentDN);
}
}
}
roles.put(role, dn, parents);
}
}
} catch (PartialResultException pre) {
// We're paging so we dont care and don't log anymore
}
// Examine the paged results control response
Control[] controls = ctx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc =
(PagedResultsResponseControl)controls[i];
cookie = prrc.getCookie();
} else {
// Handle other response controls (if any)
}
}
}
// Re-activate paged results
try {
ctx.setRequestControls(new Control[]{
new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} catch(IOException ex) {
log.warn("Tried to reconfigure paged result controls with error", ex);
}
startPosition = startPosition + pageSize;
endPosition = endPosition + pageSize;
currentPage++;
} while ((cookie != null) && (cookie.length != 0));
}
} catch (NamingException ex) {
lastError = ex;
if (log.isInfoEnabled())
log.info("Possible groups configuration error in AD! Did you enter your OUs correctly?", ex);
}
if (roles.size() == 0 && lastError != null)
throw lastError;
if (log.isDebugEnabled())
log.debug("Found " + roles.size() + " groups");
if (log.isInfoEnabled())
log.info("Building role hierarchy");
roles.buildHierarchy();
return roles;
}
}
/**
* The application must supply a PrivilegedAction that is to be run inside a
* Subject.doAs() or Subject.doAsPrivileged().
*/
class UserDetailsAction implements java.security.PrivilegedAction {
String username;
String password;
DirContext ctx;
UserDetailsAction(String username, String password) {
this.username = username;
this.password = password;
}
public Object run() {
try {
if (log.isDebugEnabled())
log.debug("Running user details action for user " + username);
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Follow referrals
if (System.getProperty("sslexplorer.followADReferrals", "false").equalsIgnoreCase("true"))
env.put(Context.REFERRAL, "follow");
// Must use fully qualified hostname
env.put(Context.PROVIDER_URL, adURL);
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("java.naming.ldap.version", "3");
env.put("com.sun.jndi.ldap.connect.pool", "true");
/* Create initial context */
ctx = new InitialDirContext(env);
// NOTE - BPS - 20/2/06 - This does nothing?
// ActiveDirectoryUser user = new ActiveDirectoryUser(username);
return populateUserInfo(ctx, username);
} catch (NamingException ex) {
log.error("Failed to get user details.", ex);
return ex;
} catch (UserDatabaseException ude) {
log.error("Failed to list users.", ude);
return ude;
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException ex1) {
}
}
}
}
}
class ListUsersAction implements java.security.PrivilegedAction {
InitialLdapContext ctx;
String filter;
ListUsersAction(String filter) {
this.filter = filter;
}
public Object run() {
try {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Follow referrals
if (System.getProperty("sslexplorer.followADReferrals", "false").equalsIgnoreCase("true"))
env.put(Context.REFERRAL, "follow");
// Must use fully qualified hostname
env.put(Context.PROVIDER_URL, adURL);
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("java.naming.ldap.version", "3");
env.put("com.sun.jndi.ldap.connect.pool", "true");
/* Create initial context */
ctx = new InitialLdapContext(env, null);
return listUsers(filter);
} catch (NamingException ex) {
log.error("Failed to list users.", ex);
return ex;
} catch (UserDatabaseException ude) {
log.warn("Failed to list users.", ude);
return ude;
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException ex1) {
}
}
}
}
Map listUsers(String filter) throws NamingException, UserDatabaseException {
Map users = new TreeMap();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//constraints.setCountLimit(0);
int pageSize = 500;
try {
pageSize = CoreServlet.getServlet().getPropertyDatabase().getPropertyInt(0, null, "activeDirectory.pageSize");
} catch(Exception ex) {
log.error("Could not find activeDirectory.pageSize property!",ex);
}
int currentPage = 1;
int startPosition = 0;
int endPosition = 9;
byte[] cookie = null;
String range;
try {
Control[] ctls = new Control[]{new PagedResultsControl(pageSize,Control.CRITICAL)};
ctx.setRequestControls(ctls);
} catch(IOException ex) {
log.warn("Tried to configure paged search but got error", ex);
}
NamingException lastError = null;
try {
for (Iterator it = includedOUBasesList.iterator(); it.hasNext();) {
String searchBase = (String) it.next();
if (log.isDebugEnabled())
log.debug("Listing users in " + searchBase);
do {
range = startPosition + "-" + endPosition;
if(log.isDebugEnabled())
log.debug("Starting user search on page " + currentPage + " " + range);
constraints.setReturningAttributes(USER_ATTRS);
NamingEnumeration results = ctx.search(searchBase, USER_FILTER.replaceAll("%USERNAME%", filter), constraints);
// Now step through the search results
try {
while (results != null && results.hasMore()) {
ActiveDirectoryUser user = createUser(ctx, (SearchResult) results.next());
/**
* New permission framework means a user does not
* have to have a role.
*/
users.put(usernamesAreCaseSensitive ? user.getPrincipalName() : user.getPrincipalName().toLowerCase(),
user);
}
} catch (PartialResultException pre) {
// We're now paging so we dont care and don't log
}
// Examine the paged results control response
Control[] controls = ctx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc =
(PagedResultsResponseControl)controls[i];
cookie = prrc.getCookie();
} else {
// Handle other response controls (if any)
}
}
}
// Re-activate paged results
try {
ctx.setRequestControls(new Control[]{
new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} catch(IOException ex) {
log.warn("Tried to reconfigure paged result controls with error", ex);
}
startPosition = startPosition + pageSize;
endPosition = endPosition + pageSize;
currentPage++;
} while ((cookie != null) && (cookie.length != 0));
}
} catch (NamingException ex) {
lastError = ex;
if (log.isInfoEnabled())
log.info("Possible user configuration error in AD! Did you enter your OUs correctly?", ex);
}
if (users.size() == 0 && lastError != null)
throw lastError;
return users;
}
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -