List of usage examples for javax.naming.directory Attribute size
int size();
From source file:org.springframework.ldap.core.DirContextAdapter.java
/** * Collect all modifications for the changed attribute. If no changes have * been made, return immediately. If modifications have been made, and the * original size as well as the updated size of the attribute is 1, replace * the attribute. If the size of the updated attribute is 0, remove the * attribute. Otherwise, the attribute is a multi-value attribute; if it's * an ordered one it should be replaced in its entirety to preserve the new * ordering, if not all modifications to the original value (removals and * additions) will be collected individually. * /* w w w . j a v a 2 s . c o m*/ * @param changedAttr the value of the changed attribute. * @param modificationList the list in which to add the modifications. * @throws NamingException if thrown by called Attribute methods. */ private void collectModifications(Attribute changedAttr, List modificationList) throws NamingException { Attribute currentAttribute = originalAttrs.get(changedAttr.getID()); if (changedAttr.equals(currentAttribute)) { // No changes return; } else if (currentAttribute != null && currentAttribute.size() == 1 && changedAttr.size() == 1) { // Replace single-vale attribute. modificationList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() == 0 && currentAttribute != null) { // Attribute has been removed. modificationList.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, changedAttr)); } else if ((currentAttribute == null || currentAttribute.size() == 0) && changedAttr.size() > 0) { // Attribute has been added. modificationList.add(new ModificationItem(DirContext.ADD_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() > 0 && changedAttr.isOrdered()) { // This is a multivalue attribute and it is ordered - the original // value should be replaced with the new values so that the ordering // is preserved. modificationList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() > 0) { // Change of multivalue Attribute. Collect additions and removals // individually. List myModifications = new LinkedList(); collectModifications(currentAttribute, changedAttr, myModifications); if (myModifications.isEmpty()) { // This means that the attributes are not equal, but the // actual values are the same - thus the order must have // changed. This should result in a REPLACE_ATTRIBUTE operation. myModifications.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } modificationList.addAll(myModifications); } }
From source file:org.springframework.ldap.core.DirContextAdapter.java
private void collectModifications(Attribute originalAttr, Attribute changedAttr, List modificationList) throws NamingException { Attribute originalClone = (Attribute) originalAttr.clone(); Attribute addedValuesAttribute = new BasicAttribute(originalAttr.getID()); for (int i = 0; i < changedAttr.size(); i++) { Object attributeValue = changedAttr.get(i); if (!originalClone.remove(attributeValue)) { addedValuesAttribute.add(attributeValue); }/* ww w . ja v a 2 s .c o m*/ } // We have now traversed and removed all values from the original that // were also present in the new values. The remaining values in the // original must be the ones that were removed. if (originalClone.size() > 0) { modificationList.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, originalClone)); } if (addedValuesAttribute.size() > 0) { modificationList.add(new ModificationItem(DirContext.ADD_ATTRIBUTE, addedValuesAttribute)); } }
From source file:nl.nn.adapterframework.ldap.LdapSender.java
private String performOperationCreate(String entryName, ParameterResolutionContext prc, Map paramValueMap, Attributes attrs) throws SenderException, ParameterException { if (manipulationSubject.equals(MANIPULATION_ATTRIBUTE)) { String result = null;/*www.j a v a 2 s. c o m*/ NamingEnumeration na = attrs.getAll(); while (na.hasMoreElements()) { Attribute a = (Attribute) na.nextElement(); log.debug("Create attribute: " + a.getID()); NamingEnumeration values; try { values = a.getAll(); } catch (NamingException e1) { storeLdapException(e1, prc); throw new SenderException("cannot obtain values of Attribute [" + a.getID() + "]", e1); } while (values.hasMoreElements()) { Attributes partialAttrs = new BasicAttributes(); Attribute singleValuedAttribute; String id = a.getID(); Object value = values.nextElement(); if (log.isDebugEnabled()) { if (id.toLowerCase().contains("password") || id.toLowerCase().contains("pwd")) { log.debug("Create value: ***"); } else { log.debug("Create value: " + value); } } if (unicodePwd && "unicodePwd".equalsIgnoreCase(id)) { singleValuedAttribute = new BasicAttribute(id, encodeUnicodePwd(value)); } else { singleValuedAttribute = new BasicAttribute(id, value); } partialAttrs.put(singleValuedAttribute); DirContext dirContext = null; try { dirContext = getDirContext(paramValueMap); dirContext.modifyAttributes(entryName, DirContext.ADD_ATTRIBUTE, partialAttrs); } catch (NamingException e) { // https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes: // 20 LDAP_TYPE_OR_VALUE_EXISTS Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute. // Sun: // [LDAP: error code 20 - Attribute Or Value Exists] if (e.getMessage().startsWith("[LDAP: error code 20 - ")) { if (log.isDebugEnabled()) log.debug("Operation [" + getOperation() + "] successful: " + e.getMessage()); result = DEFAULT_RESULT_CREATE_OK; } else { storeLdapException(e, prc); throw new SenderException( "Exception in operation [" + getOperation() + "] entryName [" + entryName + "]", e); } } finally { closeDirContext(dirContext); } } } if (result != null) { return result; } return DEFAULT_RESULT; } else { DirContext dirContext = null; try { if (unicodePwd) { Enumeration enumeration = attrs.getIDs(); while (enumeration.hasMoreElements()) { String id = (String) enumeration.nextElement(); if ("unicodePwd".equalsIgnoreCase(id)) { Attribute attr = attrs.get(id); for (int i = 0; i < attr.size(); i++) { attr.set(i, encodeUnicodePwd(attr.get(i))); } } } } dirContext = getDirContext(paramValueMap); dirContext.bind(entryName, null, attrs); return DEFAULT_RESULT; } catch (NamingException e) { // if (log.isDebugEnabled()) log.debug("Exception in operation [" + getOperation()+ "] entryName ["+entryName+"]", e); if (log.isDebugEnabled()) log.debug("Exception in operation [" + getOperation() + "] entryName [" + entryName + "]: " + e.getMessage()); // https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes: // 68 LDAP_ALREADY_EXISTS Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists. // Sun: // [LDAP: error code 68 - Entry Already Exists] if (e.getMessage().startsWith("[LDAP: error code 68 - ")) { return DEFAULT_RESULT_CREATE_OK; } else { storeLdapException(e, prc); throw new SenderException(e); } } finally { closeDirContext(dirContext); } } }
From source file:org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore.java
/** * Obtains the roles for the given user. * * @param username the user name to fetch user data. * @return the list of roles to which the user is associated to. * @throws NamingException LDAP error obtaining roles fro the given user * @throws IOException //from ww w. j av a2 s .c om */ protected String[] selectRolesByUsername(String username) throws NamingException, IOException { List userRoles = new ArrayList(); InitialLdapContext ctx = null; try { ctx = createLdapInitialContext(getUseBindCredentials()); } catch (NamingException e) { if (getUseBindCredentials()) { // in case we are using virtual identity store return (String[]) userRoles.toArray(new String[userRoles.size()]); } else { throw e; } } StartTlsResponse tls = null; if (getEnableStartTls()) { tls = startTls(ctx); } String rolesCtxDN = getRolesCtxDN(); // Search for any roles associated with the user if (rolesCtxDN != null) { // The attribute where user DN is stored in roles : String uidAttributeID = getUidAttributeID(); if (uidAttributeID == null) uidAttributeID = "uniquemember"; // The attribute that identifies the role name String roleAttrName = getRoleAttributeID(); if (roleAttrName == null) roleAttrName = "roles"; String userDN; if ("UID".equals(getRoleMatchingMode())) { // Use User ID to match the role userDN = username; } else { // Default behaviour: Match the role using the User DN, not just the username : userDN = selectUserDN(username); } if (userDN != null) { if (logger.isDebugEnabled()) logger.debug("Searching Roles for user '" + userDN + "' in Uid attribute name '" + uidAttributeID + "'"); try { if (userDN.contains("\\")) { logger.debug("Escaping '\\' character"); userDN = userDN.replace("\\", "\\\\\\"); } NamingEnumeration answer = ctx.search(rolesCtxDN, "(&(" + uidAttributeID + "=" + userDN + "))", getSearchControls()); if (logger.isDebugEnabled()) logger.debug("Search Name: " + rolesCtxDN); if (logger.isDebugEnabled()) logger.debug("Search Filter: (&(" + uidAttributeID + "=" + userDN + "))"); if (!answer.hasMore()) logger.info("No role where found for user " + username); while (answer.hasMore()) { SearchResult sr = (SearchResult) answer.next(); Attributes attrs = sr.getAttributes(); Attribute roles = attrs.get(roleAttrName); for (int r = 0; r < roles.size(); r++) { Object value = roles.get(r); String roleName = null; // The role attribute value is the role name roleName = value.toString(); if (roleName != null) { if (logger.isDebugEnabled()) logger.debug("Saving role '" + roleName + "' for user '" + username + "'"); userRoles.add(roleName); } } } } catch (NamingException e) { if (logger.isDebugEnabled()) logger.debug("Failed to locate roles", e); } } } // Close the context to release the connection if (tls != null) { tls.close(); } ctx.close(); return (String[]) userRoles.toArray(new String[userRoles.size()]); }
From source file:nl.nn.adapterframework.ldap.LdapSender.java
protected XmlBuilder attributesToXml(Attributes atts) throws NamingException { XmlBuilder attributesElem = new XmlBuilder("attributes"); NamingEnumeration all = atts.getAll(); while (all.hasMore()) { Attribute attribute = (Attribute) all.next(); XmlBuilder attributeElem = new XmlBuilder("attribute"); attributeElem.addAttribute("name", attribute.getID()); if (attribute.size() == 1 && attribute.get() != null) { attributeElem.addAttribute("value", attribute.get().toString()); } else {//from w w w.jav a 2 s. c o m NamingEnumeration values = attribute.getAll(); while (values.hasMore()) { Object value = values.next(); XmlBuilder itemElem = new XmlBuilder("item"); itemElem.addAttribute("value", value.toString()); attributeElem.addSubElement(itemElem); } } attributesElem.addSubElement(attributeElem); } return attributesElem; }
From source file:org.lsc.jndi.JndiServices.java
/** * Return the LDAP schema./*from www. ja va 2 s .com*/ * * @param attrsToReturn * list of attribute names to return (or null for all * 'standard' attributes) * @return the map of name => attribute * @throws NamingException * thrown if something goes wrong (bad */ @SuppressWarnings("unchecked") public Map<String, List<String>> getSchema(final String[] attrsToReturn) throws NamingException { Map<String, List<String>> attrsResult = new HashMap<String, List<String>>(); // connect to directory Hashtable<String, String> props = (Hashtable<String, String>) ctx.getEnvironment(); String baseUrl = (String) props.get(Context.PROVIDER_URL); baseUrl = baseUrl.substring(0, baseUrl.lastIndexOf('/')); props.put(Context.PROVIDER_URL, baseUrl); DirContext schemaCtx = new InitialLdapContext(props, null); // find schema entry SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.OBJECT_SCOPE); sc.setReturningAttributes(new String[] { "subschemaSubentry" }); NamingEnumeration<SearchResult> schemaDnSR = schemaCtx.search("", "(objectclass=*)", sc); SearchResult sr = null; Attribute subschemaSubentry = null; String subschemaSubentryDN = null; if (schemaDnSR.hasMore()) { sr = schemaDnSR.next(); } if (sr != null) { subschemaSubentry = sr.getAttributes().get("subschemaSubentry"); } if (subschemaSubentry != null && subschemaSubentry.size() > 0) { subschemaSubentryDN = (String) subschemaSubentry.get(); } if (subschemaSubentryDN != null) { // get schema attributes from subschemaSubentryDN Attributes schemaAttrs = schemaCtx.getAttributes(subschemaSubentryDN, attrsToReturn != null ? attrsToReturn : new String[] { "*", "+" }); if (schemaAttrs != null) { for (String attr : attrsToReturn) { Attribute schemaAttr = schemaAttrs.get(attr); if (schemaAttr != null) { attrsResult.put(schemaAttr.getID(), (List<String>) Collections.list(schemaAttr.getAll())); } } } } return attrsResult; }
From source file:fedora.server.security.servletfilters.ldap.FilterLdap.java
private void getAttributes(Attributes attributes, Map map) throws Throwable { String m = FilterSetup.getFilterNameAbbrev(FILTER_NAME) + " getAttributes() "; log.debug(m + ">"); try {/*from w w w . j a va2 s . c om*/ for (String key : ATTRIBUTES2RETURN) { log.debug(m + "looking for return attribute==" + key); Attribute attribute = attributes.get(key); if (attribute == null) { log.error(m + "null object...continue to next attr sought"); continue; } if (GROUPS_NAME != null && !"".equals(GROUPS_NAME)) { key = GROUPS_NAME; log.debug(m + "values collected and interpreted as groups==" + key); } Set values; if (map.containsKey(key)) { log.debug(m + "already a value-set for attribute==" + key); values = (Set) map.get(key); } else { log.debug(m + "making+storing a value-set for attribute==" + key); values = new HashSet(); map.put(key, values); } int size = attribute.size(); log.debug(m + "object with n==" + size); for (int j = 0; j < size; j++) { Object o = attribute.get(j); values.add(o); log.debug(m + "added value==" + o.toString() + ", class==" + o.getClass().getName()); } } } finally { log.debug(m + "<"); } }
From source file:com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.java
protected void importUsers(LDAPImportContext ldapImportContext, long userGroupId, Attribute usersLdapAttribute) throws Exception { StopWatch stopWatch = new StopWatch(); if (_log.isDebugEnabled()) { stopWatch.start();/* w w w . j av a 2 s . c o m*/ int size = usersLdapAttribute.size(); _log.debug(StringBundler.concat("Importing ", String.valueOf(size), " users from LDAP server ", String.valueOf(ldapImportContext.getLdapServerId()), " to company ", String.valueOf(ldapImportContext.getCompanyId()))); } Set<Long> newUserIds = new LinkedHashSet<>(usersLdapAttribute.size()); for (int i = 0; i < usersLdapAttribute.size(); i++) { String fullUserDN = (String) usersLdapAttribute.get(i); Long userId = ldapImportContext.getImportedUserId(fullUserDN); if (userId != null) { newUserIds.add(userId); } else { Attributes userAttributes = null; try { userAttributes = _portalLDAP.getUserAttributes(ldapImportContext.getLdapServerId(), ldapImportContext.getCompanyId(), ldapImportContext.getLdapContext(), fullUserDN); } catch (NameNotFoundException nnfe) { _log.error("LDAP user not found with fullUserDN " + fullUserDN, nnfe); continue; } try { User user = importUser(ldapImportContext, fullUserDN, userAttributes, null); if (user != null) { if (_log.isDebugEnabled()) { _log.debug(StringBundler.concat("Adding user ", String.valueOf(user), " to user group ", String.valueOf(userGroupId))); } newUserIds.add(user.getUserId()); } } catch (GroupFriendlyURLException gfurle) { int type = gfurle.getType(); if (type == GroupFriendlyURLException.DUPLICATE) { _log.error("Unable to import user " + userAttributes + " because of a duplicate group friendly URL", gfurle); } else { _log.error("Unable to import user " + userAttributes, gfurle); } } catch (Exception e) { _log.error("Unable to load user " + userAttributes, e); } } } Set<Long> deletedUserIds = new LinkedHashSet<>(); List<User> userGroupUsers = _userLocalService.getUserGroupUsers(userGroupId); for (User user : userGroupUsers) { if ((ldapImportContext.getLdapServerId() == user.getLdapServerId()) && !newUserIds.contains(user.getUserId())) { if (_log.isDebugEnabled()) { _log.debug(StringBundler.concat("Removing user ", String.valueOf(user), " from user group ", String.valueOf(userGroupId))); } deletedUserIds.add(user.getUserId()); } } _userLocalService.addUserGroupUsers(userGroupId, ArrayUtil.toLongArray(newUserIds)); _userLocalService.deleteUserGroupUsers(userGroupId, ArrayUtil.toLongArray(deletedUserIds)); }
From source file:com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.java
protected void importGroups(LDAPImportContext ldapImportContext, Attributes userAttributes, User user) throws Exception { Properties groupMappings = ldapImportContext.getGroupMappings(); String groupMappingsUser = groupMappings.getProperty("user"); Set<Long> newUserGroupIds = new LinkedHashSet<>(); LDAPServerConfiguration ldapServerConfiguration = _ldapServerConfigurationProvider .getConfiguration(ldapImportContext.getCompanyId(), ldapImportContext.getLdapServerId()); if (Validator.isNotNull(groupMappingsUser) && ldapServerConfiguration.groupSearchFilterEnabled()) { String baseDN = ldapServerConfiguration.baseDN(); StringBundler sb = new StringBundler(9); sb.append(StringPool.OPEN_PARENTHESIS); sb.append(StringPool.AMPERSAND); String groupSearchFilter = ldapServerConfiguration.groupSearchFilter(); LDAPUtil.validateFilter(groupSearchFilter, "LDAPServerConfiguration.groupSearchFilter"); sb.append(groupSearchFilter);/* w ww . j a v a2 s. c o m*/ sb.append(StringPool.OPEN_PARENTHESIS); sb.append(groupMappingsUser); sb.append(StringPool.EQUAL); Binding binding = _portalLDAP.getUser(ldapImportContext.getLdapServerId(), ldapImportContext.getCompanyId(), user.getScreenName(), user.getEmailAddress()); String fullUserDN = binding.getNameInNamespace(); sb.append(escapeValue(fullUserDN)); sb.append(StringPool.CLOSE_PARENTHESIS); sb.append(StringPool.CLOSE_PARENTHESIS); byte[] cookie = new byte[0]; while (cookie != null) { List<SearchResult> searchResults = new ArrayList<>(); String groupMappingsGroupName = GetterUtil.getString(groupMappings.getProperty("groupName")); groupMappingsGroupName = StringUtil.toLowerCase(groupMappingsGroupName); cookie = _portalLDAP.searchLDAP(ldapImportContext.getCompanyId(), ldapImportContext.getLdapContext(), cookie, 0, baseDN, sb.toString(), new String[] { groupMappingsGroupName }, searchResults); for (SearchResult searchResult : searchResults) { String fullGroupDN = searchResult.getNameInNamespace(); newUserGroupIds = importGroup(ldapImportContext, fullGroupDN, user, newUserGroupIds); } } } else { Properties userMappings = ldapImportContext.getUserMappings(); String userMappingsGroup = userMappings.getProperty("group"); if (Validator.isNull(userMappingsGroup)) { if (_log.isInfoEnabled()) { _log.info("Skipping group import because no mappings for LDAP " + "groups were specified in user mappings " + userMappings); } return; } Attribute userGroupAttribute = userAttributes.get(userMappingsGroup); if (userGroupAttribute == null) { return; } for (int i = 0; i < userGroupAttribute.size(); i++) { String fullGroupDN = (String) userGroupAttribute.get(i); newUserGroupIds = importGroup(ldapImportContext, fullGroupDN, user, newUserGroupIds); } } addUserGroupsNotAddedByLDAPImport(user.getUserId(), newUserGroupIds); Set<Long> oldUserGroupIds = new LinkedHashSet<>(); List<UserGroup> oldUserGroups = _userGroupLocalService.getUserUserGroups(user.getUserId()); for (UserGroup oldUserGroup : oldUserGroups) { oldUserGroupIds.add(oldUserGroup.getUserGroupId()); } if (!oldUserGroupIds.equals(newUserGroupIds)) { long[] userGroupIds = ArrayUtil.toLongArray(newUserGroupIds); _userGroupLocalService.setUserUserGroups(user.getUserId(), userGroupIds); } }
From source file:de.acosix.alfresco.mtsupport.repo.auth.ldap.EnhancedLDAPUserRegistry.java
protected Collection<String> lookupGroupChildren(final SearchResult searchResult, final String gid, final boolean disjoint, final LdapName groupDistinguishedNamePrefix, final LdapName userDistinguishedNamePrefix) throws NamingException { final InitialDirContext ctx = this.ldapInitialContextFactory.getDefaultIntialDirContext(); try {/*from w w w . ja va 2s .c o m*/ LOGGER.debug("Processing group: {}, from source: {}", gid, searchResult.getNameInNamespace()); final Collection<String> children = new HashSet<>(); final Attributes attributes = searchResult.getAttributes(); Attribute memAttribute = this.getRangeRestrictedAttribute(attributes, this.memberAttributeName); int nextStart = this.attributeBatchSize; while (memAttribute != null) { for (int i = 0; i < memAttribute.size(); i++) { final String attribute = (String) memAttribute.get(i); if (attribute != null && attribute.length() > 0) { try { // Attempt to parse the member attribute as a DN. If this fails we have a fallback // in the catch block final LdapName distinguishedNameForComparison = fixedLdapName( attribute.toLowerCase(Locale.ENGLISH)); Attribute nameAttribute; // If the user and group search bases are different we may be able to recognize user // and group DNs without a secondary lookup if (disjoint) { final LdapName distinguishedName = fixedLdapName(attribute); final Attributes nameAttributes = distinguishedName .getRdn(distinguishedName.size() - 1).toAttributes(); // Recognize user DNs if (distinguishedNameForComparison.startsWith(userDistinguishedNamePrefix) && (nameAttribute = nameAttributes.get(this.userIdAttributeName)) != null) { final Collection<String> attributeValues = this.mapAttribute(nameAttribute, String.class); final String personName = attributeValues.iterator().next(); LOGGER.debug("User DN recognized: {}", personName); children.add(personName); continue; } // Recognize group DNs if (distinguishedNameForComparison.startsWith(groupDistinguishedNamePrefix) && (nameAttribute = nameAttributes .get(this.groupIdAttributeName)) != null) { final Collection<String> attributeValues = this.mapAttribute(nameAttribute, String.class); final String groupName = attributeValues.iterator().next(); LOGGER.debug("Group DN recognized: {}{}", AuthorityType.GROUP.getPrefixString(), groupName); children.add(AuthorityType.GROUP.getPrefixString() + groupName); continue; } } // If we can't determine the name and type from the DN alone, try a directory lookup if (distinguishedNameForComparison.startsWith(userDistinguishedNamePrefix) || distinguishedNameForComparison.startsWith(groupDistinguishedNamePrefix)) { try { final Attributes childAttributes = ctx.getAttributes(jndiName(attribute), new String[] { "objectclass", this.groupIdAttributeName, this.userIdAttributeName }); final Attribute objectClass = childAttributes.get("objectclass"); if (this.hasAttributeValue(objectClass, this.personType)) { nameAttribute = childAttributes.get(this.userIdAttributeName); if (nameAttribute == null) { if (this.errorOnMissingUID) { throw new AlfrescoRuntimeException( "User missing user id attribute DN =" + attribute + " att = " + this.userIdAttributeName); } else { LOGGER.warn("User missing user id attribute DN =" + attribute + " att = " + this.userIdAttributeName); continue; } } final Collection<String> attributeValues = this.mapAttribute(nameAttribute, String.class); final String personName = attributeValues.iterator().next(); LOGGER.debug("User DN recognized by directory lookup: {}", personName); children.add(personName); continue; } else if (this.hasAttributeValue(objectClass, this.groupType)) { nameAttribute = childAttributes.get(this.groupIdAttributeName); if (nameAttribute == null) { if (this.errorOnMissingGID) { final Object[] params = { searchResult.getNameInNamespace(), this.groupIdAttributeName }; throw new AlfrescoRuntimeException( "synchronization.err.ldap.get.group.id.missing", params); } else { LOGGER.warn("Missing GID on {}", childAttributes); continue; } } final Collection<String> attributeValues = this.mapAttribute(nameAttribute, String.class); final String groupName = attributeValues.iterator().next(); LOGGER.debug("Group DN recognized by directory lookup: {}{}", AuthorityType.GROUP.getPrefixString(), groupName); children.add(AuthorityType.GROUP.getPrefixString() + groupName); continue; } } catch (final NamingException e) { // Unresolvable name if (this.errorOnMissingMembers) { final Object[] params = { gid, attribute, e.getLocalizedMessage() }; throw new AlfrescoRuntimeException( "synchronization.err.ldap.group.member.missing.exception", params, e); } LOGGER.warn( "Failed to resolve member of group '{}, ' with distinguished name: {}", gid, attribute, e); continue; } } if (this.errorOnMissingMembers) { final Object[] params = { gid, attribute }; throw new AlfrescoRuntimeException("synchronization.err.ldap.group.member.missing", params); } LOGGER.warn("Failed to resolve member of group '{}' with distinguished name: {}", gid, attribute); } catch (final InvalidNameException e) { // The member attribute didn't parse as a DN. So assume we have a group class like // posixGroup (FDS) that directly lists user names LOGGER.debug("Member DN recognized as posixGroup: {}", attribute); children.add(attribute); } } } // If we are using attribute matching and we haven't got to the end (indicated by an asterisk), // fetch the next batch if (nextStart > 0 && !PATTERN_RANGE_END.matcher(memAttribute.getID().toLowerCase(Locale.ENGLISH)).find()) { final Attributes childAttributes = ctx.getAttributes( jndiName(searchResult.getNameInNamespace()), new String[] { this.memberAttributeName + ";range=" + nextStart + '-' + (nextStart + this.attributeBatchSize - 1) }); memAttribute = this.getRangeRestrictedAttribute(childAttributes, this.memberAttributeName); nextStart += this.attributeBatchSize; } else { memAttribute = null; } } return children; } finally { this.commonAfterQueryCleanup(null, null, ctx); } }