cancel
Showing results for 
Search instead for 
Did you mean: 

Get Immutable Properties of LDAP with java alfresco service

4535992
Star Collaborator
Star Collaborator

Hi, i need to retrieve the immutable properties of ldap on the users of alfresco, with some java service of alfresco:

For example:

//GET ALL USERNAME
PagingResults<PersonInfo> users = personService.getPeople("*", new ArrayList<QName>(), new ArrayList<Pair<QName,Boolean>>(), new PagingRequest(personService.countPeople()));
            logger.info("The number of users in the system" + personService.countPeople());
            for(;users.hasMoreItems():smileywink:
            {
                for(PersonInfo personInfo : users.getPage()) {
                    String authority = personInfo.getUserName();

                    //HOW RETRIEVE THE IMMMUTABLE PROPERTIES LDAP INFORMATIONS

                   

                    //MY GOAL IS RETRIEVE IF THE USER DERIVED FROM A LDAP

                    if(userDerivedFromLdap(personInfo)){

                                 ...........................

                     }

               }

            }

1 ACCEPTED ANSWER

afaust
Legendary Innovator
Legendary Innovator

There is no Java service marked as public API that will give you the set of properties considered immutable because they have been synchronized from LDAP. Since LDAP integration is done via subsystems, there can also be multiple, differing sets of properties depending on which LDAP subsystem a specific user originated from.

Technically speaking - without regards to what Alfresco declares as "public API" - you can use the UserRegistrySynchronizer component (bean name "userRegistrySynchronizer") to retrieve the mapped person properties for any specific user, using the user name as the key. That component will automatically handle the question of "where does the user originate from" and check the correct LDAP subsystem for its set of mapped properties.

View answer in original post

4 REPLIES 4

afaust
Legendary Innovator
Legendary Innovator

There is no Java service marked as public API that will give you the set of properties considered immutable because they have been synchronized from LDAP. Since LDAP integration is done via subsystems, there can also be multiple, differing sets of properties depending on which LDAP subsystem a specific user originated from.

Technically speaking - without regards to what Alfresco declares as "public API" - you can use the UserRegistrySynchronizer component (bean name "userRegistrySynchronizer") to retrieve the mapped person properties for any specific user, using the user name as the key. That component will automatically handle the question of "where does the user originate from" and check the correct LDAP subsystem for its set of mapped properties.

4535992
Star Collaborator
Star Collaborator

Sorry to bother faust , your suggestion seems correct , but i must doing something wrong, in the java code , can you tell me if it's enough to call the method userRegistrySynchronizer.createMissingPerson(username) or i must set up some authenticator object like the CIFS?

Below a litte example of the code i'm tring to use.

The code i come up until now.

service-context.xml

 <bean id="my-action" class="my.stupid.java.action.testLdap" parent="action-executer">
         <property name="nodeService" ref="NodeService" />
         <property name="ownableService" ref="OwnableService" />
         <property name="personService" ref="PersonService" />
         <property name="permissionService" ref="PermissionService" />
         <property name="authorityService" ref="AuthorityService" />
         <property name="searchService" ref="SearchService" />
    <property name="userRegistrySynchronizer" ref="userRegistrySynchronizer" />
    <property name="CifsAuthenticator" ref="cifsAuthenticator" />
     </bean>
testLdap.java
public class testLdap extends ActionExecuterAbstractBase {
    private NodeService nodeService;
    private OwnableService ownableService;
    private PersonService personService;
    private PermissionService permissionService;
    private AuthorityService authorityService;
    private SearchService searchService;
    private EnterpriseCifsAuthenticator cifsAuthenticator;
    private UserRegistrySynchronizer userRegistrySynchronizer

    
    private static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(testLdap.class);
    
    @Override
    protected void executeImpl(Action action, NodeRef actionedUponNodeRef)  {
        logger.debug("Eseguo l'azione RiparaOwnerAction");
        try
        {  
            .......
            //GET USERNAME OF  USERS ON ALFRESCO FROM LOCAL AND LDAP
            String userNameToAnalize = "XXXXXXXX":
            if(isLdapUser(userNameToAnalize)){
                  ......................
            }
         }
      } 
private boolean isLDAPUser(String userNameToAnalize){              
        try
        {   
          // IS THIS ENOUGH TO tell IS A LDAP USER?
         boolean testLdap1 = userRegistrySynchronizer.createMissingPerson(username)  
         //OR I MUS USE SOME MORE ELABORATE authentication like cifs ?
         //NOTE: THE CODE "getAuthenticationComponent()"SEEM ABSENT ON ALFRESCO 5.2 API   
        ((AbstractAuthenticationComponent) cifsAuthenticator
.getAuthenticationComponent())
.
setUserRegistrySynchronizer(userRegistrySynchronizer);
       
            String userNameLdap =               cifsAuthenticator.mapUserNameToPerson(userNameToAnalize, false);
            if(userNameToAnalize.equals(userNameLdap) || testLdap1){
                logger.info("User retrieve from LDAP");
                return true;
            }else{
                logger.warn("User that does not exist in repository should not login when autoCreatePeopleOnLogin is not allowed");
                return false;
            }
        }
        catch (AuthenticationException expected)
        {
            logger.error(expected.getMessage());
            return false;
        }
    }
}

afaust
Legendary Innovator
Legendary Innovator

Why are you working with the CIFS authenticator for this? Why are you trying to set the user registry synchronizer to the authentication component? Also calling createMissingPerson() will create a person object if it does not already exist - this is way more than just asking if the user is an LDAP user and if your input is not sanitised / validated before may end up creating countless invalid / redundant person nodes.

Delete all code related to usage of the CIFS authenticator. You shouldn't have to map a user name to a person in the first place...

Do not call createMissingPerson for a read-only operation - ever...

Only call the operation you need to, i.e. userRegistrySynchronizer.getPersonMappedProperties(userName)

If the user does not originate from LDAP / an external user registry, the result will be an empty set.

4535992
Star Collaborator
Star Collaborator

ty i know i have been using the bean in a wrong way.