Merge pull request #46 from aservo/feature/directory-delegating-auto-…

…create-user-flag

Fix and extend behavior for delegating directories

index.adoc

@@ -3979,6 +3979,42 @@ endif::internal-generation[]
 | 
 |  
 
+| groupDn 
+|  
+| String  
+| 
+|  
+
+| groupObjectClass 
+|  
+| String  
+| 
+|  
+
+| groupObjectFilter 
+|  
+| String  
+| 
+|  
+
+| groupNameAttribute 
+|  
+| String  
+| 
+|  
+
+| groupDescriptionAttribute 
+|  
+| String  
+| 
+|  
+
+| groupMembersAttribute 
+|  
+| String  
+| 
+|  
+
 |===
 
 
@@ -4022,6 +4058,12 @@ endif::internal-generation[]
 | 
 |  
 
+| synchronizeUsers 
+|  
+| Boolean  
+| 
+|  
+
 | synchronizeUserDetails 
 |  
 | Boolean  
@@ -4034,6 +4076,12 @@ endif::internal-generation[]
 | 
 |  
 
+| useUserMembershipAttribute 
+|  
+| Boolean  
+| 
+|  
+
 | usePagedResults 
 |  
 | Boolean  
@@ -4892,6 +4940,12 @@ endif::internal-generation[]
 | 
 |  
 
+| active 
+|  
+| Boolean  
+| 
+|  
+
 | password 
 |  
 | String  

pom.xml

@@ -66,7 +66,7 @@
         <amps.version>8.0.2</amps.version>
         <atlassian.plugin.key>${project.groupId}.${project.artifactId}</atlassian.plugin.key>
         <atlassian.spring.scanner.version>2.1.5</atlassian.spring.scanner.version>
-        <confapi-commons.version>0.2.0-SNAPSHOT</confapi-commons.version>
+        <confapi-commons.version>0.2.0</confapi-commons.version>
         <plugin.testrunner.version>2.0.1</plugin.testrunner.version>
         <!-- Compiler must be 8 so that the plugin can run on Crowd instances using Java 8 -->
         <maven.compiler.source>8</maven.compiler.source>

src/main/java/de/aservo/confapi/crowd/model/util/DirectoryBeanUtil.java

@@ -2,12 +2,17 @@
 
 import com.atlassian.crowd.directory.AbstractInternalDirectory;
 import com.atlassian.crowd.directory.DelegatedAuthenticationDirectory;
+import com.atlassian.crowd.directory.DirectoryProperties;
+import com.atlassian.crowd.directory.InternalDirectory;
+import com.atlassian.crowd.directory.MicrosoftActiveDirectory;
 import com.atlassian.crowd.directory.SynchronisableDirectoryProperties;
 import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapper;
 import com.atlassian.crowd.directory.ldap.LdapSecureMode;
+import com.atlassian.crowd.directory.monitor.poller.PollerConfig;
 import com.atlassian.crowd.embedded.api.Directory;
 import com.atlassian.crowd.embedded.api.DirectoryType;
 import com.atlassian.crowd.embedded.api.OperationType;
+import com.atlassian.crowd.model.directory.DirectoryImpl;
 import com.atlassian.crowd.model.directory.ImmutableDirectory;
 import de.aservo.confapi.commons.model.AbstractDirectoryBean;
 import de.aservo.confapi.commons.model.DirectoryCrowdBean;
@@ -104,8 +109,10 @@ public static DirectoryDelegatingBean toDirectoryDelegatingBean(
         directoryBean.getConnector().setSsl(toDirectoryDelegatingConnectorSslType(directory));
         directoryBean.getConnector().setUseNodeReferrals(toBoolean(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_REFERRAL_KEY)));
         directoryBean.getConnector().setNestedGroupsDisabled(toBoolean(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_NESTED_GROUPS_DISABLED)));
-        directoryBean.getConnector().setSynchronizeUserDetails(toBoolean(directory.getAttributes().get(SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED)));
-        directoryBean.getConnector().setSynchronizeGroupMemberships(toBoolean(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP)));
+        directoryBean.getConnector().setSynchronizeUsers(toBoolean(directory.getAttributes().get(DelegatedAuthenticationDirectory.ATTRIBUTE_CREATE_USER_ON_AUTH)));
+        directoryBean.getConnector().setSynchronizeUserDetails(toBoolean(directory.getAttributes().get(DelegatedAuthenticationDirectory.ATTRIBUTE_UPDATE_USER_ON_AUTH)));
+        directoryBean.getConnector().setSynchronizeGroupMemberships(toBoolean(directory.getAttributes().get(DelegatedAuthenticationDirectory.ATTRIBUTE_KEY_IMPORT_GROUPS)));
+        directoryBean.getConnector().setUseUserMembershipAttribute(toBoolean(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE)));
         directoryBean.getConnector().setUsePagedResults(toBoolean(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_KEY)));
         directoryBean.getConnector().setPagedResultsSize(toLong(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_SIZE)));
         directoryBean.getConnector().setReadTimeoutInMillis(toLong(directory.getAttributes().get(SynchronisableDirectoryProperties.READ_TIMEOUT_IN_MILLISECONDS)));
@@ -126,6 +133,12 @@ public static DirectoryDelegatingBean toDirectoryDelegatingBean(
         directoryBean.getConfiguration().setUserEmailAttribute(directory.getAttributes().get(LDAPPropertiesMapper.USER_EMAIL_KEY));
         directoryBean.getConfiguration().setUserGroupAttribute(directory.getAttributes().get(LDAPPropertiesMapper.USER_GROUP_KEY));
         directoryBean.getConfiguration().setUserUniqueIdAttribute(directory.getAttributes().get(LDAPPropertiesMapper.LDAP_EXTERNAL_ID));
+        directoryBean.getConfiguration().setGroupDn(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_DN_ADDITION));
+        directoryBean.getConfiguration().setGroupObjectClass(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_OBJECTCLASS_KEY));
+        directoryBean.getConfiguration().setGroupObjectFilter(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_OBJECTFILTER_KEY));
+        directoryBean.getConfiguration().setGroupNameAttribute(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_NAME_KEY));
+        directoryBean.getConfiguration().setGroupDescriptionAttribute(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_DESCRIPTION_KEY));
+        directoryBean.getConfiguration().setGroupMembersAttribute(directory.getAttributes().get(LDAPPropertiesMapper.GROUP_USERNAMES_KEY));
 
         setDirectoryBeanPermissions(directoryBean, directory);
 
@@ -316,17 +329,16 @@ private static String toDirectoryImplClass(
             @Nonnull final AbstractDirectoryBean directoryBean) {
 
         if (DirectoryDelegatingBean.class.equals(directoryBean.getClass())) {
-            final DirectoryDelegatingBean directoryDelegatingBean = (DirectoryDelegatingBean) directoryBean;
-            return toDirectoryDelegatedConnectorTypeImplClass(directoryDelegatingBean.getConnector().getType());
+            return DelegatedAuthenticationDirectory.class.getCanonicalName();
         } else if (DirectoryInternalBean.class.equals(directoryBean.getClass())) {
-            return "com.atlassian.crowd.directory.InternalDirectory";
+            return InternalDirectory.class.getCanonicalName();
         }
 
         return null;
     }
 
     @Nullable
-    private static String toDirectoryDelegatedConnectorTypeImplClass(
+    private static String toDirectoryDelegatedConnectorTypeClass(
             @Nullable final DirectoryDelegatingBean.DirectoryDelegatingConnector.ConnectorType connectorType) {
 
         if (connectorType == null) {
@@ -368,19 +380,22 @@ private static void setDirectoryAttributes(
         }
     }
 
+    @SuppressWarnings("deprecation")
     private static void setDirectoryAttributes(
             @Nonnull final Map<String, String> attributes,
             @Nonnull final DirectoryDelegatingBean directoryDelegatingBean) {
 
         final DirectoryDelegatingBean.DirectoryDelegatingConnector connector = directoryDelegatingBean.getConnector();
         if (connector != null) {
-            setAttributeIfNotNull(attributes, DelegatedAuthenticationDirectory.ATTRIBUTE_LDAP_DIRECTORY_CLASS, toDirectoryDelegatedConnectorTypeImplClass(connector.getType()));
+            setAttributeIfNotNull(attributes, DelegatedAuthenticationDirectory.ATTRIBUTE_LDAP_DIRECTORY_CLASS, toDirectoryDelegatedConnectorTypeClass(connector.getType()));
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_URL_KEY, connector.getUrl());
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_SECURE_KEY, toDirectoryDelegatingConnectorSecureModeName(connector.getSsl()));
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_REFERRAL_KEY, fromBoolean(connector.getUseNodeReferrals()));
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_NESTED_GROUPS_DISABLED, fromBoolean(connector.getNestedGroupsDisabled()));
-            setAttributeIfNotNull(attributes, SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED, fromBoolean(connector.getSynchronizeUserDetails()));
-            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP, fromBoolean(connector.getSynchronizeGroupMemberships()));
+            setAttributeIfNotNull(attributes, DelegatedAuthenticationDirectory.ATTRIBUTE_CREATE_USER_ON_AUTH, fromBoolean(connector.getSynchronizeUsers()));
+            setAttributeIfNotNull(attributes, DelegatedAuthenticationDirectory.ATTRIBUTE_UPDATE_USER_ON_AUTH, fromBoolean(connector.getSynchronizeUserDetails()));
+            setAttributeIfNotNull(attributes, DelegatedAuthenticationDirectory.ATTRIBUTE_KEY_IMPORT_GROUPS, fromBoolean(connector.getSynchronizeGroupMemberships()));
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE, fromBoolean(connector.getUseUserMembershipAttribute()));
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_PAGEDRESULTS_KEY, fromBoolean(connector.getUsePagedResults()));
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_PAGEDRESULTS_SIZE, fromLong(connector.getPagedResultsSize()));
             setAttributeIfNotNull(attributes, SynchronisableDirectoryProperties.READ_TIMEOUT_IN_MILLISECONDS, fromLong(connector.getReadTimeoutInMillis()));
@@ -404,7 +419,31 @@ private static void setDirectoryAttributes(
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.USER_EMAIL_KEY, configuration.getUserEmailAttribute());
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.USER_GROUP_KEY, configuration.getUserGroupAttribute());
             setAttributeIfNotNull(attributes, LDAPPropertiesMapper.LDAP_EXTERNAL_ID, configuration.getUserUniqueIdAttribute());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_DN_ADDITION, configuration.getGroupDn());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_OBJECTCLASS_KEY, configuration.getGroupObjectClass());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_OBJECTFILTER_KEY, configuration.getGroupObjectFilter());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_NAME_KEY, configuration.getGroupNameAttribute());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_DESCRIPTION_KEY, configuration.getGroupDescriptionAttribute());
+            setAttributeIfNotNull(attributes, LDAPPropertiesMapper.GROUP_USERNAMES_KEY, configuration.getGroupMembersAttribute());
         }
+
+        // Also set some defaults for directory delegating.
+        // It is unclear yet how exactly they are set and whether they can change...
+        final PollerConfig pollerConfig = new PollerConfig();
+        attributes.putIfAbsent(DirectoryImpl.ATTRIBUTE_KEY_LOCAL_USER_STATUS, Boolean.toString(false));
+        attributes.putIfAbsent(DirectoryImpl.ATTRIBUTE_KEY_USE_PRIMARY_GROUP, Boolean.toString(false));
+        attributes.putIfAbsent(DirectoryProperties.CACHE_ENABLED, Boolean.toString(false));
+        attributes.putIfAbsent(LDAPPropertiesMapper.LDAP_FILTER_EXPIRED_USERS, Boolean.toString(false));
+        attributes.putIfAbsent(LDAPPropertiesMapper.LDAP_POOL_TYPE, "JNDI");
+        attributes.putIfAbsent(LDAPPropertiesMapper.LDAP_RELAXED_DN_STANDARDISATION, Boolean.toString(false));
+        attributes.putIfAbsent(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP, Boolean.toString(false));
+        attributes.putIfAbsent(LDAPPropertiesMapper.LOCAL_GROUPS, Boolean.toString(false));
+        attributes.putIfAbsent(LDAPPropertiesMapper.ROLES_DISABLED, Boolean.toString(true));
+        attributes.putIfAbsent(SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED, Boolean.toString(false));
+        attributes.putIfAbsent(SynchronisableDirectoryProperties.CACHE_SYNCHRONISE_CRON, pollerConfig.getCronExpression());
+        attributes.putIfAbsent(SynchronisableDirectoryProperties.CACHE_SYNCHRONISE_INTERVAL, Long.toString(pollerConfig.getPollingIntervalInMin() * 60));
+        attributes.putIfAbsent(SynchronisableDirectoryProperties.CACHE_SYNCHRONISATION_TYPE, pollerConfig.getSynchronisationType());
+        attributes.putIfAbsent(SynchronisableDirectoryProperties.SYNC_GROUP_MEMBERSHIP_AFTER_SUCCESSFUL_USER_AUTH_ENABLED, SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth.DEFAULT.getValue());
     }
 
     private static void setDirectoryAllowedOperations(
@@ -463,7 +502,7 @@ private static void setAllowedOperationIfNotNull(
 
     @Getter
     enum DirectoryDelegatingConnectorTypeImplClass {
-        MICROSOFT_ACTIVE_DIRECTORY("com.atlassian.crowd.directory.MicrosoftActiveDirectory");
+        MICROSOFT_ACTIVE_DIRECTORY(MicrosoftActiveDirectory.class.getCanonicalName());
 
         private final String implClass;
 

src/test/java/de/aservo/confapi/crowd/model/util/DirectoryBeanUtilTest.java

@@ -119,8 +119,10 @@ private void assertDirectoryDelegatingAttributesForConnectorMatch(
         AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_SECURE_KEY), LdapSecureMode.valueOf(directoryDelegatingBean.getConnector().getSsl().name()).getName(), firstParameterIsExpected);
         AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_REFERRAL_KEY), String.valueOf(directoryDelegatingBean.getConnector().getUseNodeReferrals()), firstParameterIsExpected);
         AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_NESTED_GROUPS_DISABLED), String.valueOf(directoryDelegatingBean.getConnector().getNestedGroupsDisabled()), firstParameterIsExpected);
-        AssertUtil.assertEquals(directory.getValue(SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED), String.valueOf(directoryDelegatingBean.getConnector().getSynchronizeUserDetails()), firstParameterIsExpected);
-        AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP), String.valueOf(directoryDelegatingBean.getConnector().getSynchronizeGroupMemberships()), firstParameterIsExpected);
+        AssertUtil.assertEquals(directory.getValue(DelegatedAuthenticationDirectory.ATTRIBUTE_CREATE_USER_ON_AUTH), String.valueOf(directoryDelegatingBean.getConnector().getSynchronizeUsers()), firstParameterIsExpected);
+        AssertUtil.assertEquals(directory.getValue(DelegatedAuthenticationDirectory.ATTRIBUTE_UPDATE_USER_ON_AUTH), String.valueOf(directoryDelegatingBean.getConnector().getSynchronizeUserDetails()), firstParameterIsExpected);
+        AssertUtil.assertEquals(directory.getValue(DelegatedAuthenticationDirectory.ATTRIBUTE_KEY_IMPORT_GROUPS), String.valueOf(directoryDelegatingBean.getConnector().getSynchronizeGroupMemberships()), firstParameterIsExpected);
+        AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE), String.valueOf(directoryDelegatingBean.getConnector().getUseUserMembershipAttribute()), firstParameterIsExpected);
         AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_KEY), String.valueOf(directoryDelegatingBean.getConnector().getUsePagedResults()), firstParameterIsExpected);
         AssertUtil.assertEquals(directory.getValue(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_SIZE), String.valueOf(directoryDelegatingBean.getConnector().getPagedResultsSize()), firstParameterIsExpected);
         AssertUtil.assertEquals(directory.getValue(SynchronisableDirectoryProperties.READ_TIMEOUT_IN_MILLISECONDS), String.valueOf(directoryDelegatingBean.getConnector().getReadTimeoutInMillis()), firstParameterIsExpected);
@@ -146,6 +148,12 @@ private void assertDirectoryDelegatingAttributesForConfigurationMatch(
         AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.USER_EMAIL_KEY), directoryDelegatingBeanExpected.getConfiguration().getUserEmailAttribute(), firstParameterIsExpected);
         AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.USER_GROUP_KEY), directoryDelegatingBeanExpected.getConfiguration().getUserGroupAttribute(), firstParameterIsExpected);
         AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.LDAP_EXTERNAL_ID), directoryDelegatingBeanExpected.getConfiguration().getUserUniqueIdAttribute(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_DN_ADDITION), directoryDelegatingBeanExpected.getConfiguration().getGroupDn(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_OBJECTCLASS_KEY), directoryDelegatingBeanExpected.getConfiguration().getGroupObjectClass(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_OBJECTFILTER_KEY), directoryDelegatingBeanExpected.getConfiguration().getGroupObjectFilter(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_NAME_KEY), directoryDelegatingBeanExpected.getConfiguration().getGroupNameAttribute(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_DESCRIPTION_KEY), directoryDelegatingBeanExpected.getConfiguration().getGroupDescriptionAttribute(), firstParameterIsExpected);
+        AssertUtil.assertEquals(directoryActual.getValue(LDAPPropertiesMapper.GROUP_USERNAMES_KEY), directoryDelegatingBeanExpected.getConfiguration().getGroupMembersAttribute(), firstParameterIsExpected);
     }
 
     private void assertDirectoryAllowedOperationsMatches(
@@ -175,8 +183,10 @@ private Directory getDirectoryDelegating() {
                 .setAttribute(LDAPPropertiesMapper.LDAP_SECURE_KEY, LdapSecureMode.START_TLS.getName())
                 .setAttribute(LDAPPropertiesMapper.LDAP_REFERRAL_KEY, String.valueOf(true))
                 .setAttribute(LDAPPropertiesMapper.LDAP_NESTED_GROUPS_DISABLED, String.valueOf(false))
-                .setAttribute(SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED, String.valueOf(true))
-                .setAttribute(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP, String.valueOf(true))
+                .setAttribute(DelegatedAuthenticationDirectory.ATTRIBUTE_CREATE_USER_ON_AUTH, String.valueOf(false))
+                .setAttribute(DelegatedAuthenticationDirectory.ATTRIBUTE_UPDATE_USER_ON_AUTH, String.valueOf(false))
+                .setAttribute(DelegatedAuthenticationDirectory.ATTRIBUTE_KEY_IMPORT_GROUPS, String.valueOf(false))
+                .setAttribute(LDAPPropertiesMapper.LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE, String.valueOf(false))
                 .setAttribute(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_KEY, String.valueOf(true))
                 .setAttribute(LDAPPropertiesMapper.LDAP_PAGEDRESULTS_SIZE, String.valueOf(999L))
                 .setAttribute(SynchronisableDirectoryProperties.READ_TIMEOUT_IN_MILLISECONDS, String.valueOf(123000L))
@@ -197,6 +207,12 @@ private Directory getDirectoryDelegating() {
                 .setAttribute(LDAPPropertiesMapper.USER_EMAIL_KEY, "userEmail")
                 .setAttribute(LDAPPropertiesMapper.USER_GROUP_KEY, "userGroup")
                 .setAttribute(LDAPPropertiesMapper.LDAP_EXTERNAL_ID, "userUniqueId")
+                .setAttribute(LDAPPropertiesMapper.GROUP_DN_ADDITION, "groupDnAddition")
+                .setAttribute(LDAPPropertiesMapper.GROUP_OBJECTCLASS_KEY, "groupObjectClass")
+                .setAttribute(LDAPPropertiesMapper.GROUP_OBJECTFILTER_KEY, "groupObjectFilter")
+                .setAttribute(LDAPPropertiesMapper.GROUP_NAME_KEY, "groupName")
+                .setAttribute(LDAPPropertiesMapper.GROUP_DESCRIPTION_KEY, "groupDescription")
+                .setAttribute(LDAPPropertiesMapper.GROUP_USERNAMES_KEY, "groupMembers")
                 ;
 
         return directoryBuilder.build();