psdi.security.ldap

Class AbstractLdapSynchronizer

  • Direct Known Subclasses:
    ActiveDirectorySynchronizer, GenericDirectorySynchronizer, NovellDirectorySynchronizer

    public abstract class AbstractLdapSynchronizer
extends LdapSynchronizer
    An abstract class that implements the common synchronization logic needed to retrieve user and group object information from LDAP Directory Server. This class must be extended further to provide concrete implementations to the appropriate Directory Server related synchronization. The code written here would work for LDAP Servers that support version LDAPv3 and above. The code written here does not take care of referrals that are returned as part of search. The code must be enhanced, if referral support is needed.

    • Field Summary

      Fields 
      Modifier and Type Field and Description
      protected java.sql.Connection connection
      A database connection used for writing the appropriate user and group data to MAXIMO tables.
      protected LdapContextSettings contextSettings
      LDAP Server related settings provided in the configuration file.
      protected int errorCount
      Number of errors in this cycle.
      protected boolean fullSyncNeeded
      A boolean flag to indicate whether a full synchronization is needed or not.
      static int GROUP_SEARCH_PAGE_SIZE
      The default search page result for group searches
      protected GroupSettings groupSettings
      Group settings provided in the configuration file.
      protected LdapSyncListener ldapSyncListener
      Synchronization listener object that will receive notifications for each user or group that need to be synchronized to MAXIMO database tables.
      protected MXLogger logger
      Logger object used to output any messages to indicate the progress of the synchronization.
      protected static int maxErrors
      The maximum number of errors allowed per cycle.
      protected int noGroupsSynchronized
      A number used to indicate how many group objects are synchronized with respect to MAXIMO tables when a synchronization task is performed.
      protected int noUsersSynchronized
      A number used to indicate how many user objects are synchronized with respect to MAXIMO tables when a synchronization task is performed.
      protected MXLogger sqlLogger
      Logger object used to output any SQL messages to indicate the progress of the synchronization.
      protected SynchronizerSettings synchronizerSettings
      Synchronization settings provided in the configuration file.
      protected boolean syncNeeded
      A boolean flag to indicate whether synchronization is needed or not.
      protected SyncParameters syncParameters
      Synchronization parameters.
      static int USER_SEARCH_PAGE_SIZE
      The default search page result for user searches
      protected UserSettings userSettings
      User settings provided in the configuration file.

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method and Description
      protected java.lang.String buildURL(java.lang.String host, int port, boolean sslEnabled)
      Builds a URL to be used as the provider URL to perform directory operations.
      protected void closeContext(javax.naming.Context ctx)
      Closes the given context.
      protected void commitGroupChanges()
      Perform a database commit operation and logs a message.
      protected void commitGroupChanges(int objectsProcessed)
      Perform a database commit operation based on the number of group objects processed.
      protected void commitUserChanges()
      Perform a database commit operation and logs a message.
      protected void commitUserChanges(int objectsProcessed)
      Perform a database commit operation based on the number of user objects processed.
      protected javax.naming.ldap.LdapContext createDefaultLdapContext()
      Creates a default LDAP context based on the configuration settings provided.
      protected javax.naming.ldap.LdapContext createSearchLdapContext()
      Creates a LDAP context to be used for searches.
      protected abstract void determineSynchronizationNeed()
      Determines whether synchronization is needed or not.
      protected java.util.Hashtable getDefaultLdapContextEnvironment()
      Returns the default context environment to be used for creating the context.
      protected java.lang.String[] getGroupAttributes()
      Returns list of attributes for which values need to be obtained from the directory server when performing group search.
      protected abstract java.lang.String getGroupDNAttributeName()
      Returns the attribute used for identifying the distinguished name of a group object.
      protected java.lang.String getGroupMemberAsGroupAttribute()
      Returns the attribute name used for indentifying group of a group.
      protected java.lang.String getGroupMemberAsUserAttribute()
      Returns the attribute name used for indentifying user of a group.
      protected java.lang.String getGroupMembersAttribute()
      Returns the attribute name of group member
      protected abstract java.lang.String getGroupObjectClass()
      Returns the object class used to indentify group objects.
      protected java.lang.String getGroupSearchBase()
      Returns the base distinguished name of the directory hirerarchy to be used for searching group objects.
      protected javax.naming.directory.SearchControls getGroupSearchControls()
      Returns the search controls used for group searches.
      protected java.lang.String getGroupSearchFilter()
      Returns the search filter (LDAP query) to be used for performing search for group objects.
      protected int getGroupSearchPageSize()
      Returns the maximum numbers of objects to be returned in every page result.
      protected int getGroupSearchScope()
      Returns the sarch scope to be used for group searches.
      LdapSyncListener getLDAPSyncListener()
      Returns the listener object that receives synchronization events.
      protected java.util.Hashtable getSearchLdapContextEnvironment()
      Returns the search context environment to be used for creating the context.
      SynchronizerSettings getSynchronizerSettings()
      Returns synchronizer settings configured.
      SyncParameters getSyncParameters()
      Returns the synchronization parameters used during the synchronization.
      protected java.lang.String[] getUserAttributes()
      Returns list of attributes for which values need to be obtained from the directory server when performing user search.
      protected abstract java.lang.String getUserDNAttributeName()
      Returns the attribute used for identifying the distinguished name of a user object.
      protected abstract java.lang.String getUserObjectClass()
      Returns the object class used to indentify user objects.
      protected java.lang.String getUserSearchBase()
      Returns the base distinguished name of the directory hirerarchy to be used for searching user objects.
      protected javax.naming.directory.SearchControls getUserSearchControls()
      Returns the search controls used for user searches.
      protected java.lang.String getUserSearchFilter()
      Returns the search filter (LDAP query) to be used for performing search for user objects.
      protected int getUserSearchPageSize()
      Returns the maximum numbers of objects to be returned in every page result.
      protected int getUserSearchScope()
      Returns the sarch scope to be used for user searches.
      void init(LdapSynchronizerInitData initData)
      Initializes the synchronizer with the initialization data that's obtained from configuration values.
      protected void initSync()
      Called to let the synchronizer initialize itself before the synchronization work starts.
      boolean isFullSyncNeeded()
      Returns whether a full synchronizaiton is needed or not.
      boolean isSyncNeeded()
      Returns whether synchronization is needed or not.
      void performSync(java.sql.Connection con, SyncParameters syncParams, UserInfo userInfo)
      Performs the synchronization operation based on the synchronization parameters.
      protected abstract java.util.Set retrieveAllGroupMembers(java.lang.String groupDN)
      Retrieves all the group members of the given group distinguished name.
      protected void setFullSyncNeeded(boolean needed)
      Sets the flag to indicate whether full synchronization is needed or not.
      void setLDAPSyncListener(LdapSyncListener ldapSyncListener)
      Sets the listener object that gets notification events during synchronization process.
      void setOwner(LdapSyncTask val)
      Set reference to the calling class
      protected void setSyncNeeded(boolean needed)
      Sets the flag to indicate whether synchronization is needed or not.
      protected void syncGroupMembers(SyncData groupSyncData, java.util.Set groupMembers)
      Sends an event to the listener with the list of members of a group to synchronize the data to MAXIMO tables.
      protected void syncGroups()
      Performs LDAP query against the LDAP Directory server and retrieves the results page by page and processes each page result.
      protected void syncUsers()
      Performs LDAP query against the LDAP Directory server and retrieves the results page by page and processes each page result.
      protected void updateSyncParameters()
      Called when the synchronization task is completed successfully.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • USER_SEARCH_PAGE_SIZE

        public static final int USER_SEARCH_PAGE_SIZE
        The default search page result for user searches
        See Also:
        Constant Field Values

      • GROUP_SEARCH_PAGE_SIZE

        public static final int GROUP_SEARCH_PAGE_SIZE
        The default search page result for group searches
        See Also:
        Constant Field Values

      • syncParameters

        protected SyncParameters syncParameters
        Synchronization parameters.

      • synchronizerSettings

        protected SynchronizerSettings synchronizerSettings
        Synchronization settings provided in the configuration file.

      • contextSettings

        protected LdapContextSettings contextSettings
        LDAP Server related settings provided in the configuration file.

      • userSettings

        protected UserSettings userSettings
        User settings provided in the configuration file. These settings include list of attributes, the search filter to be used and also the appropriate data mappings to MAXIMO tables.

      • groupSettings

        protected GroupSettings groupSettings
        Group settings provided in the configuration file. These settings include list of attributes, the search filter to be used and also the appropriate data mappings to MAXIMO tables.

      • logger

        protected MXLogger logger
        Logger object used to output any messages to indicate the progress of the synchronization.

      • sqlLogger

        protected MXLogger sqlLogger
        Logger object used to output any SQL messages to indicate the progress of the synchronization.

      • ldapSyncListener

        protected LdapSyncListener ldapSyncListener
        Synchronization listener object that will receive notifications for each user or group that need to be synchronized to MAXIMO database tables.

      • fullSyncNeeded

        protected boolean fullSyncNeeded
        A boolean flag to indicate whether a full synchronization is needed or not. If this setting is false, an incremental synchronization is performed.

      • syncNeeded

        protected boolean syncNeeded
        A boolean flag to indicate whether synchronization is needed or not. If a synchronization is performed and when the next scheduled synchronization starts, if data in the LDAP Server is not changed, we do not have do do any work. A value of true indicate that synchronization is needed. An additional flag indicates whether a full or incremental synchronization is needed or not.

      • noUsersSynchronized

        protected int noUsersSynchronized
        A number used to indicate how many user objects are synchronized with respect to MAXIMO tables when a synchronization task is performed.

      • noGroupsSynchronized

        protected int noGroupsSynchronized
        A number used to indicate how many group objects are synchronized with respect to MAXIMO tables when a synchronization task is performed.

      • connection

        protected java.sql.Connection connection
        A database connection used for writing the appropriate user and group data to MAXIMO tables.

      • errorCount

        protected int errorCount
        Number of errors in this cycle.

      • maxErrors

        protected static int maxErrors
        The maximum number of errors allowed per cycle. From property mxe.LDAPMaxErrors.

    • Constructor Detail

      • AbstractLdapSynchronizer

        public AbstractLdapSynchronizer()
        A default constructor.

    • Method Detail

      • init

        public void init(LdapSynchronizerInitData initData)
          throws LdapSyncException
        Initializes the synchronizer with the initialization data that's obtained from configuration values. Based on the initialization data, instantiates the lsterner object that receives notification events.
        Specified by:
        init in class LdapSynchronizer
        Parameters:
        initData - initialization data
        Throws:
        LdapSyncException - if fail to initialize

      • getSyncParameters

        public SyncParameters getSyncParameters()
        Returns the synchronization parameters used during the synchronization.
        Returns:
        synchronization parameters

      • getSynchronizerSettings

        public SynchronizerSettings getSynchronizerSettings()
        Returns synchronizer settings configured.
        Returns:
        synchronizer settings configured.

      • performSync

        public void performSync(java.sql.Connection con,
                        SyncParameters syncParams,
                        UserInfo userInfo)
                 throws LdapSyncException
        Performs the synchronization operation based on the synchronization parameters. The synchronization parameters contain the necessary data required for this operation and also contain the values that are used by the last synchronization operation.
        Specified by:
        performSync in class LdapSynchronizer
        Parameters:
        con - database connection to be used for synchronizing LDAP data with MAXIMO database tables.
        syncParams - synchronization prameters
        Throws:
        LdapSyncException - if fails to synchronize

      • setOwner

        public void setOwner(LdapSyncTask val)
        Set reference to the calling class

      • closeContext

        protected void closeContext(javax.naming.Context ctx)
        Closes the given context.
        Parameters:
        ctx - context to be closed.

      • updateSyncParameters

        protected void updateSyncParameters()
        Called when the synchronization task is completed successfully. The cocrete implementation classes should override this method to include any parameters that need to be saved to the database.

      • getDefaultLdapContextEnvironment

        protected java.util.Hashtable getDefaultLdapContextEnvironment()
        Returns the default context environment to be used for creating the context.

      • createDefaultLdapContext

        protected javax.naming.ldap.LdapContext createDefaultLdapContext()
                                                          throws javax.naming.NamingException
        Creates a default LDAP context based on the configuration settings provided. This method needs to be enhanced for client certificate authentication.
        Returns:
        the context to be used for getting information from the LDAP server based on the configuraiton settings.
        Throws:
        javax.naming.NamingException - if fails to create the context.

      • buildURL

        protected java.lang.String buildURL(java.lang.String host,
                                    int port,
                                    boolean sslEnabled)
        Builds a URL to be used as the provider URL to perform directory operations.
        Parameters:
        host - host name of the LDAP Server
        port - port number
        sslEnabled - indicates whether the port is for SSL or not.
        Returns:
        a url in string form.

      • getSearchLdapContextEnvironment

        protected java.util.Hashtable getSearchLdapContextEnvironment()
        Returns the search context environment to be used for creating the context.

      • createSearchLdapContext

        protected javax.naming.ldap.LdapContext createSearchLdapContext()
                                                         throws javax.naming.NamingException
        Creates a LDAP context to be used for searches. This method, by default retuns the default context. The concrete implementations can override this method to use a different context (may be a different port) for searches.
        Returns:
        context to be used for search operations.
        Throws:
        javax.naming.NamingException

      • isFullSyncNeeded

        public boolean isFullSyncNeeded()
        Returns whether a full synchronizaiton is needed or not.
        Returns:
        true to indicate full synchronization is needed, otherwise false.

      • isSyncNeeded

        public boolean isSyncNeeded()
        Returns whether synchronization is needed or not.
        Returns:
        true to indicate synchronization is needed, otherwise false.

      • setFullSyncNeeded

        protected void setFullSyncNeeded(boolean needed)
        Sets the flag to indicate whether full synchronization is needed or not. A true value indicates full synchronization is needed.
        Parameters:
        needed - true value indicates full synchronization is needed.

      • setSyncNeeded

        protected void setSyncNeeded(boolean needed)
        Sets the flag to indicate whether synchronization is needed or not. A true value indicates synchronization is needed.
        Parameters:
        needed - true value indicates synchronization is needed.

      • initSync

        protected void initSync()
                 throws LdapSyncException
        Called to let the synchronizer initialize itself before the synchronization work starts.
        Throws:
        LdapSyncException - if fails to initialize

      • getUserSearchBase

        protected java.lang.String getUserSearchBase()
        Returns the base distinguished name of the directory hirerarchy to be used for searching user objects.
        Returns:
        the base distinguished name

      • getUserSearchFilter

        protected java.lang.String getUserSearchFilter()
        Returns the search filter (LDAP query) to be used for performing search for user objects. This method returns the search filter configured. The concrete synchronizer code should override and add additional criteria to be included, if needed.
        Returns:
        the search filter to be used to find users

      • getUserSearchControls

        protected javax.naming.directory.SearchControls getUserSearchControls()
        Returns the search controls used for user searches.
        Returns:
        the search controls used for user searches.

      • getUserAttributes

        protected java.lang.String[] getUserAttributes()
        Returns list of attributes for which values need to be obtained from the directory server when performing user search. This method by default, returns all the configured attributes. The concrete implementations can override this method to include additional attributes, if neeed.
        Returns:
        a list of attributes to be included in the search.

      • getUserSearchScope

        protected int getUserSearchScope()
        Returns the sarch scope to be used for user searches. If invalid search scope is defined, returns SearchControls.SUBTREE_SCOPE
        Returns:
        the sarch scope to be used for user searches

      • getUserSearchPageSize

        protected int getUserSearchPageSize()
        Returns the maximum numbers of objects to be returned in every page result. This number can be tuned depending on the size of data returned and the network speed.
        Returns:
        the maximum numbers of objects to be returned in every page result for user search

      • syncUsers

        protected void syncUsers()
                  throws LdapSyncException
        Performs LDAP query against the LDAP Directory server and retrieves the results page by page and processes each page result. For each object that's obtained in the result, a notification event will be fired to the listener to synchronize the changes to MAXIMO database tables.
        Throws:
        LdapSyncException

      • commitUserChanges

        protected void commitUserChanges(int objectsProcessed)
                          throws LdapSyncException
        Perform a database commit operation based on the number of user objects processed. The default strategy is to commit every page of result processed. The concrete implementations can override this default strategy.
        Parameters:
        objectsProcessed - number of user objects processed.
        Throws:
        LdapSyncException - if fails to commit the changes.

      • commitUserChanges

        protected void commitUserChanges()
                          throws LdapSyncException
        Perform a database commit operation and logs a message.
        Throws:
        LdapSyncException - if fails to commit the changes.

      • commitGroupChanges

        protected void commitGroupChanges(int objectsProcessed)
                           throws LdapSyncException
        Perform a database commit operation based on the number of group objects processed. The default strategy is to commit every page of result processed. The concrete implementations can override this default strategy.
        Parameters:
        objectsProcessed - number of group objects processed.
        Throws:
        LdapSyncException - if fails to commit the changes.

      • commitGroupChanges

        protected void commitGroupChanges()
                           throws LdapSyncException
        Perform a database commit operation and logs a message.
        Throws:
        LdapSyncException - if fails to commit the changes.

      • determineSynchronizationNeed

        protected abstract void determineSynchronizationNeed()
                                              throws LdapSyncException
        Determines whether synchronization is needed or not. This method is responsible for setting appropriate flags to indicate the need for synchronization and also the need for full or incremental synchronization.
        Throws:
        LdapSyncException - if fails to determine the need

      • getUserObjectClass

        protected abstract java.lang.String getUserObjectClass()
        Returns the object class used to indentify user objects.

      • getGroupObjectClass

        protected abstract java.lang.String getGroupObjectClass()
        Returns the object class used to indentify group objects.

      • getUserDNAttributeName

        protected abstract java.lang.String getUserDNAttributeName()
        Returns the attribute used for identifying the distinguished name of a user object.

      • getGroupDNAttributeName

        protected abstract java.lang.String getGroupDNAttributeName()
        Returns the attribute used for identifying the distinguished name of a group object.

      • getGroupMembersAttribute

        protected java.lang.String getGroupMembersAttribute()
        Returns the attribute name of group member
        Returns:

      • getGroupMemberAsUserAttribute

        protected java.lang.String getGroupMemberAsUserAttribute()
        Returns the attribute name used for indentifying user of a group.
        Returns:
        the attribute name used for indentifying user of a group.

      • getGroupMemberAsGroupAttribute

        protected java.lang.String getGroupMemberAsGroupAttribute()
        Returns the attribute name used for indentifying group of a group.
        Returns:
        the attribute name used for indentifying group of a group.

      • getGroupSearchBase

        protected java.lang.String getGroupSearchBase()
        Returns the base distinguished name of the directory hirerarchy to be used for searching group objects.
        Returns:
        the base distinguished name for group searches

      • getGroupSearchFilter

        protected java.lang.String getGroupSearchFilter()
        Returns the search filter (LDAP query) to be used for performing search for group objects. This method returns the search filter configured. The concrete synchronizer code should override and add additional criteria to be included, if needed.
        Returns:
        the search filter to be used to find groups

      • getGroupSearchControls

        protected javax.naming.directory.SearchControls getGroupSearchControls()
        Returns the search controls used for group searches.
        Returns:
        the search controls used for group searches.

      • getGroupAttributes

        protected java.lang.String[] getGroupAttributes()
        Returns list of attributes for which values need to be obtained from the directory server when performing group search. This method by default, returns all the configured attributes. The concrete implementations can override this method to include additional attributes, if neeed.
        Returns:
        a list of attributes to be included in the search.

      • getGroupSearchScope

        protected int getGroupSearchScope()
        Returns the sarch scope to be used for group searches. If invalid search scope is defined, returns SearchControls.SUBTREE_SCOPE
        Returns:
        the sarch scope to be used for group searches

      • getGroupSearchPageSize

        protected int getGroupSearchPageSize()
        Returns the maximum numbers of objects to be returned in every page result. This number can be tuned depending on the size of data returned and the network speed.
        Returns:
        the maximum numbers of objects to be returned in every page result for group search

      • syncGroups

        protected void syncGroups()
                   throws LdapSyncException
        Performs LDAP query against the LDAP Directory server and retrieves the results page by page and processes each page result. For each object that's obtained in the result, a notification event will be fired to the listener to synchronize the changes to MAXIMO database tables. This method also retrieves all the users of each group object processed in the search result.
        Throws:
        LdapSyncException

      • retrieveAllGroupMembers

        protected abstract java.util.Set retrieveAllGroupMembers(java.lang.String groupDN)
                                                  throws LdapSyncException
        Retrieves all the group members of the given group distinguished name. If a group has another group as a member, then this method should figure out the users of that nested group. The returned set should include complete list of all the user account names of the given group.
        Parameters:
        groupDN - group distinguished name for which users need to be retrieved.
        Returns:
        A set of all users that are members of the given group.
        Throws:
        LdapSyncException - if fails to retrieve members.

      • syncGroupMembers

        protected void syncGroupMembers(SyncData groupSyncData,
                                java.util.Set groupMembers)
                         throws LdapSyncException
        Sends an event to the listener with the list of members of a group to synchronize the data to MAXIMO tables.
        Parameters:
        groupSyncData - data obtained from LDAP server for the group
        groupMembers - list of user account names
        Throws:
        LdapSyncException - if fails to synchronize members.

      • setLDAPSyncListener

        public void setLDAPSyncListener(LdapSyncListener ldapSyncListener)
        Sets the listener object that gets notification events during synchronization process.
        Parameters:
        ldapSyncListener - a listener object that need to receive synchronization events.

      • getLDAPSyncListener

        public LdapSyncListener getLDAPSyncListener()
        Returns the listener object that receives synchronization events.
        Returns:
        the listener object that receives synchronization events.
Skip navigation links