1
2
3
4
5
6
7
8
9
10 package gov.bnl.gums.ldap;
11
12 import gov.bnl.gums.GUMS;
13 import java.util.Iterator;
14 import java.util.List;
15 import org.apache.commons.logging.Log;
16 import org.apache.commons.logging.LogFactory;
17
18 /***
19 *
20 * @author carcassi
21 */
22 public class LDAPGroupIDAssigner {
23 private Log log = LogFactory.getLog(LDAPGroupIDAssigner.class);
24 private Log adminLog = LogFactory.getLog(GUMS.resourceAdminLog);
25
26 private LDAPPersistenceFactory factory;
27 private List domains;
28
29 /***
30 * Creates a new instance of LDAPGroupIDAssigner for a given LDAP factory and
31 * a given list of domains.
32 * @param factory The factory that will provide the LDAP connectivity
33 * @param domains A list of Strings conatining the domains relative to the
34 * default DN of the LDAP connection
35 */
36 public LDAPGroupIDAssigner(LDAPPersistenceFactory factory, List domains) {
37 this.factory = factory;
38 this.domains = domains;
39 log.trace("LDAPGroupIDAssigner created - factory " + factory + " domains '" + domains + "'");
40 }
41
42 /***
43 * Changes the primary group and assigns the secondary groups to the given account.
44 * @param username A UNIX username (i.e. 'carcassi')
45 * @param primary A UNIX group name (i.e. 'usatlas')
46 * @param secondary A list of Strings representing secondary UNIX group names
47 */
48 public void assignGroups(String username, String primary, List secondary) {
49 if (domains == null) {
50 log.trace("No domain for assigning groups: - account '" + username + "' - primary group '" + primary + "' - secondary '" + secondary + "'");
51 return;
52 }
53 Iterator iter = domains.iterator();
54 while (iter.hasNext()) {
55 String domain = (String) iter.next();
56 assignGroups(domain, username, primary, secondary);
57 }
58 }
59
60 /***
61 * Reassigns the groups to the username, refreshing something that should be
62 * already be present in LDAP. The LDAP factory controls whether this
63 * actually is performed by setting the synchGroups property.
64 * @param username A UNIX username (i.e. 'carcassi')
65 * @param primary A UNIX group name (i.e. 'usatlas')
66 * @param secondary A list of Strings representing secondary UNIX group names
67 */
68 public void reassignGroups(String username, String primary, List secondary) {
69 if (factory.isSynchGroups()) {
70 assignGroups(username, primary, secondary);
71 } else {
72 log.trace("Skip reassign groups for username '" + username + "' - primary group '" + primary + "' - secondary '" + secondary + "'");
73 }
74 }
75
76 /***
77 * Assigns the groups to the username for a particular domain.
78 * @param domain The domain in which to assign the groups
79 * @param username A UNIX username (i.e. 'carcassi')
80 * @param primary A UNIX group name (i.e. 'usatlas')
81 * @param secondary A list of Strings representing secondary UNIX group names
82 */
83 void assignGroups(String domain, String username, String primary, List secondary) {
84 try {
85 factory.changeGroupID(domain, username, primary);
86 log.trace("Assigned '" + primary + "' to '" + username + "' for domain '" + domain + "'");
87 if (secondary == null) return;
88 Iterator iter = secondary.iterator();
89 while (iter.hasNext()) {
90 String group = (String) iter.next();
91 factory.addToSecondaryGroup(domain, username, group);
92 log.trace("Assigned secondary group '" + group + "' to '" + username + "' for domain '" + domain + "'");
93 }
94 } catch (Exception e) {
95 log.info("Couldn't assign GIDs. Domain '" + domain + "' - account '" + username + "' - primary group '" + primary + "' - secondary '" + secondary + "'", e);
96 adminLog.error("Couldn't assign GIDs: " + e.getMessage() + ". Domain '" + domain + "' - account '" + username + "' - primary group '" + primary + "' - secondary '" + secondary + "'");
97 throw new RuntimeException("Couldn't assign GIDs: " + e.getMessage() + ". Domain '" + domain + "' - account '" + username + "' - primary group '" + primary + "' - secondary '" + secondary + "'", e);
98 }
99 }
100
101 }