in ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java [707:926]
private long getGroups(boolean computeDeletes) throws Throwable {
NamingEnumeration<SearchResult> groupSearchResultEnum = null;
DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
long highestdeltaSyncGroupTime = deltaSyncGroupTime;
try {
createLdapContext();
int total;
// Activate paged results
if (pagedResultsEnabled) {
ldapContext.setRequestControls(new Control[] {new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL)});
}
extendedGroupSearchFilter = "(objectclass=" + groupObjectClass + ")";
if (groupSearchFilter != null && !groupSearchFilter.trim().isEmpty()) {
String customFilter = groupSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedGroupSearchFilter = extendedGroupSearchFilter + customFilter;
}
if (!config.isDeltaSyncEnabled() || (computeDeletes)) {
// Perform full sync when incremental sync is not enabled
deltaSyncGroupTime = 0;
deltaSyncGroupTimeStamp = dateFormat.format(new Date(0));
}
extendedAllGroupsSearchFilter = "(&" + extendedGroupSearchFilter + "(|(uSNChanged>=" + deltaSyncGroupTime + ")(modifyTimestamp>=" + deltaSyncGroupTimeStamp + "Z)))";
LOG.info("extendedAllGroupsSearchFilter = {}", extendedAllGroupsSearchFilter);
for (String s : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
try {
int paged = 0;
do {
groupSearchResultEnum = ldapContext.search(s, extendedAllGroupsSearchFilter, groupSearchControls);
while (groupSearchResultEnum.hasMore()) {
final SearchResult groupEntry = groupSearchResultEnum.next();
if (groupEntry == null) {
LOG.info("groupEntry null, skipping sync for the entry");
continue;
}
counter++;
Attributes attributes = groupEntry.getAttributes();
Attribute groupNameAttr = attributes.get(groupNameAttribute);
if (groupNameAttr == null) {
LOG.info("{} empty for entry {}, skipping sync", groupNameAttribute, groupEntry.getNameInNamespace());
continue;
}
String groupFullName = (groupEntry.getNameInNamespace());
String gName = (String) groupNameAttr.get();
Map<String, String> groupAttrMap = new HashMap<>();
groupAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, gName);
groupAttrMap.put(UgsyncCommonConstants.FULL_NAME, groupFullName);
groupAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
groupAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
Attribute groupCloudIdAttr = attributes.get(groupCloudIdAttribute);
if (groupCloudIdAttr != null) {
addToAttrMap(groupAttrMap, "cloud_id", groupCloudIdAttr, config.getGroupCloudIdAttributeDataType());
}
for (String otherGroupAttribute : otherGroupAttributes) {
if (attributes.get(otherGroupAttribute) != null) {
String attrType = config.getOtherGroupAttributeDataType(otherGroupAttribute);
addToAttrMap(groupAttrMap, otherGroupAttribute, attributes.get(otherGroupAttribute), attrType);
}
}
sourceGroups.put(groupFullName, groupAttrMap);
Attribute timeStampAttr = attributes.get("uSNChanged");
if (timeStampAttr != null) {
String uSNChangedVal = (String) timeStampAttr.get();
long currentDeltaSyncTime = Long.parseLong(uSNChangedVal);
if (currentDeltaSyncTime > highestdeltaSyncGroupTime) {
highestdeltaSyncGroupTime = currentDeltaSyncTime;
}
} else {
timeStampAttr = attributes.get("modifytimestamp");
if (timeStampAttr != null) {
String timeStampVal = (String) timeStampAttr.get();
Date parseDate = dateFormat.parse(timeStampVal);
long currentDeltaSyncTime = parseDate.getTime();
LOG.info("timeStampVal = {} and currentDeltaSyncTime = {}", timeStampVal, currentDeltaSyncTime);
if (currentDeltaSyncTime > highestdeltaSyncGroupTime) {
highestdeltaSyncGroupTime = currentDeltaSyncTime;
deltaSyncGroupTimeStamp = timeStampVal;
}
}
}
Attribute groupMemberAttr = attributes.get(groupMemberAttributeName);
int userCount = 0;
if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
try {
LOG.info("No members available for {}", gName);
} catch (Exception e) {
throw new RuntimeException(e);
}
sourceGroupUsers.put(groupFullName, new HashSet<>());
continue;
}
NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
while (userEnum.hasMore()) {
String originalUserFullName = (String) userEnum.next();
if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
sourceGroupUsers.put(groupFullName, new HashSet<>());
continue;
}
userCount++;
if (!userSearchEnabled) {
Map<String, String> userAttrMap = new HashMap<>();
String userName = getShortName(originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, userName);
userAttrMap.put(UgsyncCommonConstants.FULL_NAME, originalUserFullName);
userAttrMap.put(UgsyncCommonConstants.SYNC_SOURCE, currentSyncSource);
userAttrMap.put(UgsyncCommonConstants.LDAP_URL, config.getLdapUrl());
sourceUsers.put(originalUserFullName, userAttrMap);
LOG.debug("As usersearch is disabled, adding user {} from group member attribute for group {}", userName, gName);
}
groupUserTable.put(groupFullName, originalUserFullName, originalUserFullName);
}
LOG.info("No. of members in the group {} = {}", gName, userCount);
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
total = prrc.getResultSize();
if (total != 0) {
LOG.debug("END-OF-PAGE total: {}", total);
} else {
LOG.debug("END-OF-PAGE total: unknown");
}
cookie = prrc.getCookie();
}
}
} else {
LOG.debug("No controls were sent from the server");
}
// Re-activate paged results
if (pagedResultsEnabled) {
LOG.debug("Fetched paged results round: {}", ++paged);
ldapContext.setRequestControls(new Control[] {new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL)});
}
}
while (cookie != null);
LOG.info("LdapUserGroupBuilder.getGroups() completed with group count: {}", counter);
} catch (Exception t) {
LOG.error("LdapUserGroupBuilder.getGroups() failed with exception: ", t);
LOG.info("LdapUserGroupBuilder.getGroups() group count: {}", counter);
}
}
} finally {
if (groupSearchResultEnum != null) {
groupSearchResultEnum.close();
}
closeLdapContext();
}
if (groupHierarchyLevels > 0) {
LOG.debug("deltaSyncGroupTime = {}", deltaSyncGroupTime);
if (deltaSyncGroupTime > 0) {
LOG.info("LdapUserGroupBuilder.getGroups(): Going through group hierarchy for nested group evaluation for deltasync");
goUpGroupHierarchyLdap(sourceGroups.keySet(), groupHierarchyLevels - 1);
}
}
LOG.debug("highestdeltaSyncGroupTime = {}", highestdeltaSyncGroupTime);
return highestdeltaSyncGroupTime;
}