in ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/UserSync.java [130:292]
public void getAllUsers(LdapContext ldapContext) throws Throwable {
int noOfUsers = 0;
Attribute userNameAttr = null;
Attribute groupMemberAttr;
NamingEnumeration<SearchResult> userSearchResultEnum = null;
SearchControls userSearchControls = new SearchControls();
Set<String> userSearchAttributes = new HashSet<>();
userSearchControls.setSearchScope(config.getUserSearchScope());
if (userNameAttribute != null) {
userSearchAttributes.add(userNameAttribute);
}
if (userGroupMemberName != null) {
userSearchAttributes.add(userGroupMemberName);
}
if (!userSearchAttributes.isEmpty()) {
userSearchControls.setReturningAttributes(userSearchAttributes.toArray(new String[userSearchAttributes.size()]));
} else {
userSearchControls.setReturningAttributes(new java.lang.String[] {"*", "+"});
}
String extendedUserSearchFilter = "(objectclass=" + userObjClassName + ")";
if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
String customFilter = userSearchFilter.trim();
if (!customFilter.startsWith("(")) {
customFilter = "(" + customFilter + ")";
}
extendedUserSearchFilter = "(&" + extendedUserSearchFilter + customFilter + ")";
}
byte[] cookie = null;
logFile.println();
logFile.println("INFO: First 20 Users and associated groups are:");
try {
do {
userSearchResultEnum = ldapContext.search(userSearchBase, extendedUserSearchFilter, userSearchControls);
while (userSearchResultEnum.hasMore()) {
final SearchResult userEntry = userSearchResultEnum.next();
if (userEntry == null) {
logFile.println("WARN: userEntry null");
continue;
}
Attributes attributes = userEntry.getAttributes();
if (attributes == null) {
logFile.println("WARN: Attributes missing for entry " + userEntry.getNameInNamespace());
continue;
}
if (userNameAttribute == null || userNameAttribute.isEmpty()) {
for (String userNameAttrValue : userNameAttrValues) {
userNameAttr = attributes.get(userNameAttrValue);
if (userNameAttr != null) {
userNameAttribute = userNameAttrValue;
break;
}
}
if (userNameAttr == null) {
logFile.print("WARN: Failed to find any of ( ");
for (String userNameAttrValue : userNameAttrValues) {
logFile.print(userNameAttrValue + " ");
}
logFile.println(") for entry " + userEntry.getNameInNamespace());
continue;
}
} else {
userNameAttr = attributes.get(userNameAttribute);
if (userNameAttr == null) {
logFile.println("WARN: Failed to find " + userNameAttribute + " for entry " + userEntry.getNameInNamespace());
continue;
}
}
String userName = userNameAttr.get().toString();
if (userName == null || userName.trim().isEmpty()) {
logFile.println("WARN: " + userNameAttribute + " empty for entry " + userEntry.getNameInNamespace());
continue;
}
userName = userName.toLowerCase();
Set<String> groups = new HashSet<>();
groupMemberAttr = attributes.get(userGroupMemberName);
if (groupMemberAttr != null) {
NamingEnumeration<?> groupEnum = groupMemberAttr.getAll();
while (groupEnum.hasMore()) {
String groupRes = groupEnum.next().toString();
groups.add(groupRes);
if (groupName == null || groupName.isEmpty()) {
groupName = groupRes;
}
}
}
if (noOfUsers < 20) {
logFile.println("Username: " + userName + ", Groups: " + groups);
}
noOfUsers++;
}
// Examine the paged results control response
Control[] controls = ldapContext.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
cookie = prrc.getCookie();
}
}
} else {
logFile.println("WARN: No controls were sent from the server");
}
// Re-activate paged results
if (config.isPagedResultsEnabled()) {
ldapContext.setRequestControls(new Control[] {new PagedResultsControl(config.getPagedResultsSize(), cookie, Control.CRITICAL)});
}
}
while (cookie != null);
logFile.println("\nINFO: Total no. of users = " + noOfUsers);
} catch (NamingException ne) {
String msg = "Exception occured while retreiving users\n";
if ((config.getUserNameAttribute() != null && !config.getUserNameAttribute().isEmpty()) ||
(config.getUserObjectClass() != null && !config.getUserObjectClass().isEmpty()) ||
(config.getGroupNameAttribute() != null && !config.getGroupNameAttribute().isEmpty()) ||
(config.getUserSearchBase() != null && !config.getUserSearchBase().isEmpty()) ||
(config.getUserSearchFilter() != null && !config.getUserSearchFilter().isEmpty())) {
throw new Exception("Please verify values for:\n ranger.usersync.ldap.user.nameattribute\n " + "ranger.usersync.ldap.user.objectclass\n" + "ranger.usersync.ldap.user.groupnameattribute\n" + "ranger.usersync.ldap.user.searchbase\n" + "ranger.usersync.ldap.user.searchfilter\n");
} else {
throw new Exception(msg + ne);
}
} finally {
if (userSearchResultEnum != null) {
userSearchResultEnum.close();
}
}
}