Skip to content

Commit

Permalink
[ENH] ✨ DNs can be configured on ldap stores
Browse files Browse the repository at this point in the history 
Signed-off-by: Cécile Chemin <[email protected]>
  • Loading branch information
@CChemin
CChemin committed Jun 21, 2024
1 parent beb755f commit 55b4d99
Show file tree
Hide file tree
Showing 9 changed files with 107 additions and 70 deletions.
5 changes: 5 additions & 0 deletions docs/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,11 @@ For each realm we have the possibility to configure a default reader and a defau
| fr.insee.sugoi.organizations.maxoutputsize | The default maximum number of organizations outputs allowed | 1000 | 100 |
| fr.insee.sugoi.applications.maxoutputsize | The default maximum number of applications outputs allowed | 1000 | 100 |
| fr.insee.sugoi.ldap.default.connection.timeout | Default response timeout for all types of operations with a ldap provider. | 30000 | 30000 |
| fr.insee.sugoi.ldap.default.user_dn_pattern | The default pattern for the DN of a user with name {id} given the user source is {source}. | uid={id},{source} | uid={id},{source} |
| fr.insee.sugoi.ldap.default.organization_dn_pattern | The default pattern for the DN of an organization with name {id} given the organization source is {source}. | uid={id},{source} | uid={id},{source} |
| fr.insee.sugoi.ldap.default.address_dn_pattern | The default pattern for the DN of an address with name {id} given the address source is {source}. | l={id},{source} | l={id},{source} |
| fr.insee.sugoi.ldap.default.application_dn_pattern | The default pattern for the DN of an application with name {id} given the application source is {source}. | ou={id},{source} | ou={id},{source} |
| fr.insee.sugoi.ldap.default.group_dn_pattern | The default pattern for the DN of a group with name {id} given the group source is {source}. | cn={id},{source} | cn={id},{source} |

#### Jms Specific configuration

Expand Down
25 changes: 15 additions & 10 deletions docs/realm-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,16 +150,21 @@ Userstorage properties on password generation and validation. See [general confi

With an LDAP Store Provider the properties can be :

|  Key | Example | Optional | Default | Description |
|---------------------------|:--------------------------------------------------------------------:|---------:|----------------------------------------------------------------------------------------------------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| group_filter_pattern | "(cn={group}\_{appliname})" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_filter_pattern | Describe how should be name a group. {appliname} is replaced by the name of the application the group belongs to and {group} is replaced by a group name. If not set, cannot manage groups. |
| group_source_pattern | "ou={appliname}\_Objets,ou={appliname},ou=Applications,o=insee,c=fr" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_source_pattern | Describe where a group belonging to the application of name {appliname} should be fetch. |
| user_object_class | "top,person" | yes | value of property fr.insee.sugoi.ldap.default.user-object-classes or top,person | Object classes to put on a new user in ldap storage |
| organization_object_class | "top,organization" | yes | value of property fr.insee.sugoi.ldap.default.organization-object-classes or top,organization | Object classes to put on a new organization in ldap storage |
| group_object_class | "top,groupOfUniqueNames" | yes | value of property fr.insee.sugoi.ldap.default.group-object-classes or top,groupOfUniqueNames | Object classes to put on a new group in ldap storage |
| application_object_class | "top,organizationalUnit" | yes | value of property fr.insee.sugoi.ldap.default.application-object-classes or top,organizationalUnit | Object classes to put on a new application in ldap storage |
| address_object_class | "top,locality" | yes | value of property fr.insee.sugoi.ldap.default.adress-object-classes or top,locality | Object classes to put on a new address in ldap storage **not supported yet** |
| ldap_connection_timeout | "60000" | yes | value of property fr.insee.sugoi.ldap.default.connection.timeout | Response timeout for all types of operations with a ldap provider |
|  Key | Example | Optional | Default | Description |
|---------------------------|:--------------------------------------------------------------------:|---------:|-------------------------------------------------------------------------------------------------------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| group_filter_pattern | "(cn={group}\_{appliname})" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_filter_pattern | Describe how should be name a group. {appliname} is replaced by the name of the application the group belongs to and {group} is replaced by a group name. If not set, cannot manage groups. |
| group_source_pattern | "ou={appliname}\_Objets,ou={appliname},ou=Applications,o=insee,c=fr" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_source_pattern | Describe where a group belonging to the application of name {appliname} should be fetch. |
| user_object_class | "top,person" | yes | value of property fr.insee.sugoi.ldap.default.user-object-classes or top,person | Object classes to put on a new user in ldap storage |
| organization_object_class | "top,organization" | yes | value of property fr.insee.sugoi.ldap.default.organization-object-classes or top,organization | Object classes to put on a new organization in ldap storage |
| group_object_class | "top,groupOfUniqueNames" | yes | value of property fr.insee.sugoi.ldap.default.group-object-classes or top,groupOfUniqueNames | Object classes to put on a new group in ldap storage |
| application_object_class | "top,organizationalUnit" | yes | value of property fr.insee.sugoi.ldap.default.application-object-classes or top,organizationalUnit | Object classes to put on a new application in ldap storage |
| address_object_class | "top,locality" | yes | value of property fr.insee.sugoi.ldap.default.adress-object-classes or top,locality | Object classes to put on a new address in ldap storage **not supported yet** |
| ldap_connection_timeout | "60000" | yes | value of property fr.insee.sugoi.ldap.default.connection.timeout | Response timeout for all types of operations with a ldap provider |
| user_dn_pattern | "uid={id},{source}" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.user_dn_pattern | The DN of a user with name {id} given the user source is {source} |
| organization_dn_pattern | "uid={id},{source}" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.organization_dn_pattern | The DN of an organization with name {id} given the organization source is {source} |
| address_dn_pattern | "l={id},{source}" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.address_dn_pattern | The DN of an address with name {id} given the address source is {source} |
| application_dn_pattern | "ou={id},{source}" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.application_dn_pattern | The DN of an application with name {id} given the application source is {source} |
| group_dn_pattern | "cn={id},{source}" | yes | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_dn_pattern | The DN of a group with name {id} given the group source is {source} |


## Realm and Userstorage mappings with a LDAP Store Provider
Expand Down
54 changes: 20 additions & 34 deletions sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,59 +90,45 @@ protected boolean matchGroupWildcardPattern(String appName, String groupName) {

protected String getApplicationDN(String applicationName) {
if (StringUtils.isNotBlank(config.get(GlobalKeysConfig.APP_SOURCE))) {
return String.format(
"%s=%s,%s",
// TODO should be a param
"ou",
//
applicationName,
config.get(GlobalKeysConfig.APP_SOURCE));
return config
.get(LdapConfigKeys.APPLICATION_DN_PATTERN)
.replace("{id}", applicationName)
.replace("{source}", config.get(GlobalKeysConfig.APP_SOURCE));
} else {
throw new UnsupportedOperationException("Applications feature not configured for this realm");
}
}

protected String getGroupDN(String applicationName, String groupName) {
return String.format(
"%s=%s,%s",
// TODO should be a param
"cn",
//
groupName,
getGroupSource(applicationName));
return config
.get(LdapConfigKeys.GROUP_DN_PATTERN)
.replace("{id}", groupName)
.replace("{source}", getGroupSource(applicationName));
}

protected String getOrganizationDN(String organizationId) {
if (StringUtils.isNotBlank(config.get(GlobalKeysConfig.ORGANIZATION_SOURCE))) {
return String.format(
"%s=%s,%s", // TODO should be a param
"uid",
//
organizationId,
config.get(GlobalKeysConfig.ORGANIZATION_SOURCE));
return config
.get(LdapConfigKeys.ORGANIZATION_DN_PATTERN)
.replace("{id}", organizationId)
.replace("{source}", config.get(GlobalKeysConfig.ORGANIZATION_SOURCE));
} else {
throw new UnsupportedOperationException(
"Organizations feature not configured for this storage");
}
}

protected String getUserDN(String username) {
return String.format(
"%s=%s,%s",
// TODO should be a param
"uid",
//
username,
config.get(GlobalKeysConfig.USER_SOURCE));
return config
.get(LdapConfigKeys.USER_DN_PATTERN)
.replace("{id}", username)
.replace("{source}", config.get(GlobalKeysConfig.USER_SOURCE));
}

protected String getAddressDN(String addressId) {
return String.format(
"%s=%s,%s",
// TODO should be a param
"l",
//
addressId,
config.get(GlobalKeysConfig.ADDRESS_SOURCE));
return config
.get(LdapConfigKeys.ADDRESS_DN_PATTERN)
.replace("{id}", addressId)
.replace("{source}", config.get(GlobalKeysConfig.ADDRESS_SOURCE));
}
}
40 changes: 40 additions & 0 deletions sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapStoreBeans.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,21 @@ public class LdapStoreBeans {
@Value("${fr.insee.sugoi.ldap.default.group_manager_source_pattern:}")
private String defaultGroupManagerSourcePattern;

@Value("${fr.insee.sugoi.ldap.default.organization_dn_pattern:uid={id},{source}}")
private String defaultOrganizationDnPattern;

@Value("${fr.insee.sugoi.ldap.default.user_dn_pattern:uid={id},{source}}")
private String defaultUserDnPattern;

@Value("${fr.insee.sugoi.ldap.default.address_dn_pattern:l={id},{source}}")
private String defaultAddressDnPattern;

@Value("${fr.insee.sugoi.ldap.default.group_dn_pattern:cn={id},{source}}")
private String defaultGroupDnPattern;

@Value("${fr.insee.sugoi.ldap.default.application_dn_pattern:ou={id},{source}}")
private String defaultApplicationDnPattern;

@Value("${fr.insee.sugoi.ldap.default.vlv.enabled:false}")
private String vlvEnabled;

Expand Down Expand Up @@ -135,6 +150,31 @@ public Map<RealmConfigKeys, String> generateConfig(Realm realm, UserStorage user
config.put(GlobalKeysConfig.APP_SOURCE, realm.getAppSource());
config.put(GlobalKeysConfig.ORGANIZATION_SOURCE, userStorage.getOrganizationSource());
config.put(GlobalKeysConfig.ADDRESS_SOURCE, userStorage.getAddressSource());
config.put(
LdapConfigKeys.ORGANIZATION_DN_PATTERN,
userStorage.getProperties().get(LdapConfigKeys.ORGANIZATION_DN_PATTERN) != null
? userStorage.getProperties().get(LdapConfigKeys.ORGANIZATION_DN_PATTERN).get(0)
: defaultOrganizationDnPattern);
config.put(
LdapConfigKeys.USER_DN_PATTERN,
userStorage.getProperties().get(LdapConfigKeys.USER_DN_PATTERN) != null
? userStorage.getProperties().get(LdapConfigKeys.USER_DN_PATTERN).get(0)
: defaultUserDnPattern);
config.put(
LdapConfigKeys.ADDRESS_DN_PATTERN,
userStorage.getProperties().get(LdapConfigKeys.ADDRESS_DN_PATTERN) != null
? userStorage.getProperties().get(LdapConfigKeys.ADDRESS_DN_PATTERN).get(0)
: defaultAddressDnPattern);
config.put(
LdapConfigKeys.GROUP_DN_PATTERN,
userStorage.getProperties().get(LdapConfigKeys.GROUP_DN_PATTERN) != null
? userStorage.getProperties().get(LdapConfigKeys.GROUP_DN_PATTERN).get(0)
: defaultGroupDnPattern);
config.put(
LdapConfigKeys.APPLICATION_DN_PATTERN,
userStorage.getProperties().get(LdapConfigKeys.APPLICATION_DN_PATTERN) != null
? userStorage.getProperties().get(LdapConfigKeys.APPLICATION_DN_PATTERN).get(0)
: defaultApplicationDnPattern);
config.put(
LdapConfigKeys.GROUP_SOURCE_PATTERN,
realm.getProperties().get(LdapConfigKeys.GROUP_SOURCE_PATTERN) != null
Expand Down
Loading

0 comments on commit 55b4d99

Please sign in to comment.