Index: lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java =================================================================== diff -u -r43dfd9f833c87c58f4dc4a61f386b6c2cf961720 -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java (.../LDAPAuthenticator.java) (revision 43dfd9f833c87c58f4dc4a61f386b6c2cf961720) +++ lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java (.../LDAPAuthenticator.java) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -127,9 +127,18 @@ } } + // check user is disabled in ldap + if (getLdapService().getDisabledBoolean(attrs)) { + log.debug("===> User is disabled in LDAP."); + User user = getService().getUserByLogin(username); + if (user != null) { + getService().disableUser(user.getUserId()); + } + return false; + } + if (Configuration.getAsBoolean(ConfigurationKeys.LDAP_UPDATE_ON_LOGIN)) { - UserManagementService service = getService(); - User user = service.getUserByLogin(username); + User user = getService().getUserByLogin(username); if (user != null) { // update user's attributes and org membership getLdapService().updateLDAPUser(user, attrs); Index: lams_common/db/sql/insert_lams_unix_config_data.sql =================================================================== diff -u -r9b9a8c320a611027445fe94db5cd458c2968700d -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/db/sql/insert_lams_unix_config_data.sql (.../insert_lams_unix_config_data.sql) (revision 9b9a8c320a611027445fe94db5cd458c2968700d) +++ lams_common/db/sql/insert_lams_unix_config_data.sql (.../insert_lams_unix_config_data.sql) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -56,6 +56,7 @@ insert into lams_configuration (config_key, config_value) values ('LDAPFaxAttr','facsimileTelephoneNumber'); insert into lams_configuration (config_key, config_value) values ('LDAPMobileAttr','mobile'); insert into lams_configuration (config_key, config_value) values ('LDAPLocaleAttr','preferredLanguage'); +insert into lams_configuration (config_key, config_value) values ('LDAPDisabledAttr','!accountStatus'); insert into lams_configuration (config_key, config_value) values ('LDAPOrgAttr','deetITSchoolCode'); insert into lams_configuration (config_key, config_value) values ('LDAPRolesAttr','memberOf'); insert into lams_configuration (config_key, config_value) values ('LDAPLearnerMap','Student;SchoolSupportStaff;Teacher;SeniorStaff;Principal'); Index: lams_common/db/sql/insert_lams_windows_config_data.sql =================================================================== diff -u -r9b9a8c320a611027445fe94db5cd458c2968700d -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/db/sql/insert_lams_windows_config_data.sql (.../insert_lams_windows_config_data.sql) (revision 9b9a8c320a611027445fe94db5cd458c2968700d) +++ lams_common/db/sql/insert_lams_windows_config_data.sql (.../insert_lams_windows_config_data.sql) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -56,6 +56,7 @@ insert into lams_configuration (config_key, config_value) values ('LDAPFaxAttr','facsimileTelephoneNumber'); insert into lams_configuration (config_key, config_value) values ('LDAPMobileAttr','mobile'); insert into lams_configuration (config_key, config_value) values ('LDAPLocaleAttr','preferredLanguage'); +insert into lams_configuration (config_key, config_value) values ('LDAPDisabledAttr','!accountStatus'); insert into lams_configuration (config_key, config_value) values ('LDAPOrgAttr','deetITSchoolCode'); insert into lams_configuration (config_key, config_value) values ('LDAPRolesAttr','memberOf'); insert into lams_configuration (config_key, config_value) values ('LDAPLearnerMap','Student;SchoolSupportStaff;Teacher;SeniorStaff;Principal'); Index: lams_common/db/sql/updatescripts/alter_205_ldap.sql =================================================================== diff -u -r9b9a8c320a611027445fe94db5cd458c2968700d -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/db/sql/updatescripts/alter_205_ldap.sql (.../alter_205_ldap.sql) (revision 9b9a8c320a611027445fe94db5cd458c2968700d) +++ lams_common/db/sql/updatescripts/alter_205_ldap.sql (.../alter_205_ldap.sql) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -24,6 +24,7 @@ insert into lams_configuration (config_key, config_value) values ('LDAPFaxAttr','facsimileTelephoneNumber'); insert into lams_configuration (config_key, config_value) values ('LDAPMobileAttr','mobile'); insert into lams_configuration (config_key, config_value) values ('LDAPLocaleAttr','preferredLanguage'); +insert into lams_configuration (config_key, config_value) values ('LDAPDisabledAttr','!accountStatus'); insert into lams_configuration (config_key, config_value) values ('LDAPOrgAttr','deetITSchoolCode'); insert into lams_configuration (config_key, config_value) values ('LDAPRolesAttr','memberOf'); insert into lams_configuration (config_key, config_value) values ('LDAPLearnerMap','Student;SchoolSupportStaff;Teacher;SeniorStaff;Principal'); Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/ILdapService.java =================================================================== diff -u -r18df5a739d3e9dff1734cf64ee63595acff7a71e -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/ILdapService.java (.../ILdapService.java) (revision 18df5a739d3e9dff1734cf64ee63595acff7a71e) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/ILdapService.java (.../ILdapService.java) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -23,6 +23,7 @@ /* $Id$ */ package org.lamsfoundation.lams.usermanagement.service; +import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import org.lamsfoundation.lams.usermanagement.User; @@ -33,11 +34,48 @@ */ public interface ILdapService { + /** + * Updates a LAMS user's profile with LDAP attributes. + * @param user + * @param attrs + */ public void updateLDAPUser(User user, Attributes attrs); + /** + * Creates a LAMS user from LDAP attributes. Returns false on failure. + * @param attrs + * @return boolean + */ public boolean createLDAPUser(Attributes attrs); + /** + * Returns LDAP attribute name, removing prefixed '!' char if necessary, + * which is used to toggle the enabled/disabled meaning of the ldap attribute. + * @param ldapAttr + * @return ldapAttr + */ + public String getLdapAttr(String ldapAttr); + + /** + * Convert the LDAP disabled attribute value string to a boolean. + * @param attrs + * @return boolean + */ + public boolean getDisabledBoolean(Attributes attrs); + + /** + * Adds user to organisation with roles specified by the LDAPOrgField, + * LDAPOrgAttr, LDAPRolesAttr attributes. Returns false if it can't do + * one of these tasks. + * @param attrs + * @param userId + * @return boolean + */ public boolean addLDAPUser(Attributes attrs, Integer userId); + /** + * Bulk updates LAMS with LDAP users. + * @return number of LDAP users received. + */ public int updateLAMSFromLdap(); } Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java =================================================================== diff -u -r4f6235f53dbd594d4ccfbad02bca53f3b598336c -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java (.../LdapService.java) (revision 4f6235f53dbd594d4ccfbad02bca53f3b598336c) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java (.../LdapService.java) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -90,6 +90,7 @@ user.setFax(map.get("fax")); user.setMobilePhone(map.get("mobile")); user.setLocale(getLocale(map.get("locale"))); + user.setDisabledFlag(getDisabledBoolean(attrs)); getService().save(user); } @@ -139,7 +140,7 @@ .findById(AuthenticationMethod.class, AuthenticationMethod.LDAP)); user.setFlashTheme(service.getDefaultFlashTheme()); user.setHtmlTheme(service.getDefaultHtmlTheme()); - user.setDisabledFlag(false); + user.setDisabledFlag(getDisabledBoolean(attrs)); user.setCreateDate(new Date()); user.setLocale(getLocale(map.get("locale"))); service.save(user); @@ -173,12 +174,45 @@ map.put("fax", getSingleAttributeString(attrs.get(Configuration.get(ConfigurationKeys.LDAP_FAX_ATTR)))); map.put("mobile", getSingleAttributeString(attrs.get(Configuration.get(ConfigurationKeys.LDAP_MOBILE_ATTR)))); map.put("locale", getSingleAttributeString(attrs.get(Configuration.get(ConfigurationKeys.LDAP_LOCALE_ATTR)))); + map.put("disabled", getSingleAttributeString(attrs.get( + getLdapAttr(Configuration.get(ConfigurationKeys.LDAP_DISABLED_ATTR)))) + ); } catch (Exception e) { log.error("===> Exception occurred while getting LDAP user attributes: ", e); } return map; } + public String getLdapAttr(String ldapAttr) { + if (ldapAttr != null) { + return (ldapAttr.startsWith("!") ? ldapAttr.substring(1) : ldapAttr); + } else { + return ldapAttr; + } + } + + private boolean getAsBoolean(Attribute attr) { + String attrString = getSingleAttributeString(attr); + if (attrString!=null) { + if (attrString.equals("1") || attrString.equals("true")) { + return true; + } + } + return false; + } + + public boolean getDisabledBoolean(Attributes attrs) { + String ldapDisabledAttrStr = Configuration.get(ConfigurationKeys.LDAP_DISABLED_ATTR); + boolean toggleBoolean = false; + if (ldapDisabledAttrStr.startsWith("!")) { + ldapDisabledAttrStr = ldapDisabledAttrStr.substring(1); + toggleBoolean = true; + } + Attribute ldapDisabledAttr = attrs.get(ldapDisabledAttrStr); + boolean booleanValue = getAsBoolean(ldapDisabledAttr); + return (toggleBoolean ? !booleanValue : booleanValue); + } + public boolean addLDAPUser(Attributes attrs, Integer userId) { User user = (User)service.findById(User.class, userId); // get ldap attributes for lams org and roles @@ -349,22 +383,30 @@ Attributes attrs = result.getAttributes(); // add or update this user to LAMS + boolean disabled = getDisabledBoolean(attrs); String login = getSingleAttributeString(attrs.get(Configuration.get(ConfigurationKeys.LDAP_LOGIN_ATTR))); if (login != null && login.trim().length() > 0) { User user = getService().getUserByLogin(login); - if (user == null) { - log.info("Creating new user for LDAP username: " + login); - if (createLDAPUser(attrs)) { - user = getService().getUserByLogin(login); + if (!disabled) { + if (user == null) { + log.info("Creating new user for LDAP username: " + login); + if (createLDAPUser(attrs)) { + user = getService().getUserByLogin(login); + } else { + log.error("Couldn't create new user for LDAP username: "+login); + } } else { - log.error("Couldn't create new user for LDAP username: "+login); - } + updateLDAPUser(user, attrs); + } + if (!addLDAPUser(attrs, user.getUserId())) { + log.error("Couldn't add LDAP user: "+login+" to organisation."); + } } else { - updateLDAPUser(user, attrs); + // remove user from groups and set disabled flag + if (user != null) { + getService().disableUser(user.getUserId()); + } } - if (!addLDAPUser(attrs, user.getUserId())) { - log.error("Couldn't add LDAP user: "+login+" to organisation."); - } } else { log.error("Couldn't find login attribute for user using attribute name: " + Configuration.get(ConfigurationKeys.LDAP_LOGIN_ATTR) + ". Dumping attributes..."); Index: lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java =================================================================== diff -u -r9b9a8c320a611027445fe94db5cd458c2968700d -r109725d30c92dd25ac9cec693a233d6592cfe0e6 --- lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java (.../ConfigurationKeys.java) (revision 9b9a8c320a611027445fe94db5cd458c2968700d) +++ lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java (.../ConfigurationKeys.java) (revision 109725d30c92dd25ac9cec693a233d6592cfe0e6) @@ -181,10 +181,10 @@ public static String LDAP_MOBILE_ATTR = "LDAPMobileAttr"; - //public static String LDAP_DISABLED_ATTR = "LDAPDisabledAttr"; - public static String LDAP_LOCALE_ATTR = "LDAPLocaleAttr"; + public static String LDAP_DISABLED_ATTR = "LDAPDisabledAttr"; + public static String LDAP_ORG_ATTR = "LDAPOrgAttr"; public static String LDAP_ROLES_ATTR = "LDAPRolesAttr";