directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-108 - Add support for RFC2307 BIS
Date Thu, 21 Jun 2018 23:18:37 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 5de8d5c08 -> 01cccf788


FC-108 - Add support for RFC2307 BIS


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/01cccf78
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/01cccf78
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/01cccf78

Branch: refs/heads/master
Commit: 01cccf7887a89539c67f6a8b87832f0b73cdac21
Parents: 5de8d5c
Author: Shawn McKinney <smckinney@apache.org>
Authored: Thu Jun 21 03:24:28 2018 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Thu Jun 21 03:24:28 2018 -0500

----------------------------------------------------------------------
 config/bootstrap/fortress.properties.src        |   9 +-
 config/fortress.properties.src                  |   2 +-
 ldap/setup/FortressDemoUsers.xml                |   2 +-
 ldap/setup/refreshLDAPData-src.xml              |  11 ++
 ldap/slapd.conf.src                             |   2 +-
 .../directory/fortress/core/ConfigMgr.java      |  12 ++
 .../directory/fortress/core/GlobalIds.java      |  54 +++++-
 .../directory/fortress/core/impl/ConfigDAO.java |  42 ++++
 .../fortress/core/impl/ConfigMgrImpl.java       |   9 +
 .../directory/fortress/core/impl/ConfigP.java   |  17 ++
 .../directory/fortress/core/impl/RoleDAO.java   |  89 ++++++++-
 .../directory/fortress/core/impl/UserDAO.java   | 190 +++++++++++++++----
 .../fortress/core/ldap/LdapDataProvider.java    |  16 +-
 .../directory/fortress/core/model/Role.java     |  22 +++
 .../directory/fortress/core/model/User.java     |   9 +-
 .../fortress/core/rest/ConfigMgrRestImpl.java   |  10 +
 .../directory/fortress/core/util/Config.java    |  27 +++
 .../fortress/core/util/PropUpdater.java         |   9 +
 18 files changed, 475 insertions(+), 57 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/config/bootstrap/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/bootstrap/fortress.properties.src b/config/bootstrap/fortress.properties.src
index c3cb160..53b0b21 100755
--- a/config/bootstrap/fortress.properties.src
+++ b/config/bootstrap/fortress.properties.src
@@ -16,6 +16,7 @@
 #   specific language governing permissions and limitations
 #   under the License.
 #
+# Note: Directives that begin with '@' are substitution parms that get automatically replaced.
 
 # Host name and port of LDAP DIT:
 host=@LDAP_HOST@
@@ -167,4 +168,10 @@ group.properties=@GROUP_PROPERTIES@
 crypto.prop=@CFG_CRYPTO_PROP@
 disable.audit=@IS_AUDIT@
 clientside.sorting=true
-attr.delimiter=$
\ No newline at end of file
+attr.delimiter=$
+
+# These are used to enable RFC2307bis support on User and Role entities:
+rfc2307=@IS_RFC2307@
+rfc2307.group=@RFC2307_GROUP@
+rfc2307.user.member=@RFC2307_USER_MBR@
+rfc2307.group.member=@RFC2307_GROUP_MBR@
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/config/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/fortress.properties.src b/config/fortress.properties.src
index 9bda2d7..a78e6aa 100755
--- a/config/fortress.properties.src
+++ b/config/fortress.properties.src
@@ -17,7 +17,7 @@
 #   under the License.
 #
 # Fortress slapd.conf default settings.
-# Note: Directives that begin with '@' are substitution parms for Fortress' build.xml 'init-slapd' target.
+# Note: Directives that begin with '@' are substitution parms that get automatically replaced.
 
 # Host name and port of LDAP DIT:
 host=@LDAP_HOST@

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/ldap/setup/FortressDemoUsers.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/FortressDemoUsers.xml b/ldap/setup/FortressDemoUsers.xml
index ba6a272..d07636d 100755
--- a/ldap/setup/FortressDemoUsers.xml
+++ b/ldap/setup/FortressDemoUsers.xml
@@ -96,7 +96,7 @@
                 <user userId="demoUser9" password="password" description="Demo Test User 9" ou="demousrs1" cn="JoeUser9" sn="User9"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p9.jpeg"/>
                 <user userId="demoUser10" password="password" description="Demo Test User 10" ou="demousrs1" cn="JoeUser10" sn="User10"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p10.jpeg"/>
 
-                <user userId="tcmanager" password="m@nager123" system="true" description="Tomcat Manager User" ou="demousrs1" cn="tcmanager" sn="manager"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="0" photo="p11.jpeg"/>
+                <user userId="tcmanager" password="m@nager123" system="true" description="Tomcat Manager User" ou="demousrs1" cn="tcmanager" sn="manager" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="0" photo="p11.jpeg"/>
 
                 <user userId="wasadmin" password="@dmin123" system="true" description="Websphere Console Admin" ou="demousrs1" cn="wasadmin" sn="admin"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="0" photo="p12.jpeg"/>
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/ldap/setup/refreshLDAPData-src.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/refreshLDAPData-src.xml b/ldap/setup/refreshLDAPData-src.xml
index 9a05b65..1ebe626 100755
--- a/ldap/setup/refreshLDAPData-src.xml
+++ b/ldap/setup/refreshLDAPData-src.xml
@@ -101,6 +101,13 @@
                 <config props="group.protocol:@GROUP_PROTOCOL@"/>
                 <config props="group.properties:@GROUP_PROPERTIES@"/>
                 <config props="role.occupants:@ROLE_OCCUPANTS@"/>
+                <config props="rfc2307:@IS_RFC2307@"/>
+                <config props="rfc2307.group:@RFC2307_GROUP@"/>
+                <config props="rfc2307.group.member:@RFC2307_GROUP_MBR@"/>
+                <config props="rfc2307.user.member:@RFC2307_USER_MBR@"/>
+                <config props="gidNumber:5000"/>
+                <config props="uidNumber:1000"/>
+
                 <config props="attr.delimiter:$"/>
                 <config props="field.length:130"/>
                 <config props="ldap.filter.size:15"/>
@@ -167,6 +174,10 @@
                 <config props="group.objectclass:@GROUP_OBJECT_CLASS@"/>
                 <config props="group.protocol:@GROUP_PROTOCOL@"/>
                 <config props="group.properties:@GROUP_PROPERTIES@"/>
+                <config props="rfc2307:@IS_RFC2307@"/>
+                <config props="rfc2307.group:@RFC2307_GROUP@"/>
+                <config props="rfc2307.group.member:@RFC2307_GROUP_MBR@"/>
+                <config props="rfc2307.user.member:@RFC2307_USER_MBR@"/>
                 <config props="attr.delimiter:$"/>
                 <config props="field.length:130"/>
                 <config props="ldap.filter.size:15"/>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/ldap/slapd.conf.src
----------------------------------------------------------------------
diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 970cb25..ca10ac0 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -19,7 +19,7 @@
 
 #
 # Fortress slapd.conf default settings.
-# Note: Directives that begin with '@' are substitution parms for Fortress' build.xml 'init-slapd' target.
+# Note: Directives that begin with '@' are substitution parms that get automatically replaced.
 
 include		@SCHEMA_PATH@/core.schema
 include		@SCHEMA_PATH@/ppolicy.schema

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/ConfigMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ConfigMgr.java b/src/main/java/org/apache/directory/fortress/core/ConfigMgr.java
index 591fb63..17e43ff 100755
--- a/src/main/java/org/apache/directory/fortress/core/ConfigMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/ConfigMgr.java
@@ -66,6 +66,18 @@ public interface ConfigMgr
 
 
     /**
+     * This method will update a single property with a new value..
+     *
+     * @param name of the config node, mostly likely 'DEFAULT'.
+     * @param key used for the property.
+     * @param value this is old value to be replaced with newValue.
+     * @param newValue new value for the property
+     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
+     */
+    void updateProperty(String name, String key, String value, String newValue) throws SecurityException;
+
+
+    /**
      * Completely removes named cfg node from the directory.  The name is required.  If node does not exist,
      * a {@link org.apache.directory.fortress.core.SecurityException} with error 
      * {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index eea0ab6..984c1b1 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -257,7 +257,7 @@ public final class GlobalIds
 
     /*
       *  *************************************************************************
-      *  **  OpenAccessMgr PROPERTIES are used by USER, PERM, CONFIG DAO'S.
+      *  **  Fortress PROPERTIES are used by USER, PERM, CONFIG DAO'S.
       *  ************************************************************************
       */
     /**
@@ -302,7 +302,7 @@ public final class GlobalIds
     /**
      * Multi-occurring attribute contains RBAC Role assignments for Users.
      */
-    public static final String USER_ROLE_ASSIGN = "ftRA";
+    //public static final String USER_ROLE_ASSIGN = "ftRA";
 
     /**
      * Multi-occurring attribute contains constraint policies for RBAC Role assignments for Users.
@@ -339,6 +339,56 @@ public final class GlobalIds
      */
     public static final String TYPE = "ftType";
 
+/*
+    */
+/**
+     * Begin RF2307 properties...
+     *//*
+
+    */
+/**
+     * Is RF2307 enabled?  Set to 'true'.
+     *//*
+
+    public static final String RFC_2307_PROP_NM = "rfc2307";
+
+    */
+/**
+     * RF2307bis uses groupOfNames but could be different.
+     *//*
+
+    public static final String RFC_2307_GROUP_PROP_NM = "rfc2307.group";
+
+    */
+/**
+     * RF2307bis specifies memberuid.
+     *//*
+
+    public static final String RFC_2307_GROUP_MEMBER_PROP_NM = "rfc2307.group.member";
+
+    */
+/**
+     * RF2307bis specifies memberOf
+     *//*
+
+    public static final String RFC_2307_USER_MEMBER_PROP_NM = "rfc2307.user.member";
+
+    */
+/**
+     * RF2307bis uses this for users:
+     *//*
+
+    public static final String RFC2307_USER_OBJECT_CLASS_NM = "posixAccount";
+*/
+
+    /**
+     * RF2307bis uses this for groiups:
+     */
+    public static final String RFC2307_PROP = "rfc2307";
+    public static final String GID_NUMBER = "gidNumber";
+    public static final String UID_NUMBER = "uidNumber";
+
+
     /*
     *  *************************************************************************
     *  **  RBAC Entity maximum length constants

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
index 43b54b8..ea3b5c8 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
@@ -26,8 +26,10 @@ import java.util.Properties;
 
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
 import org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
@@ -96,6 +98,8 @@ final class ConfigDAO extends LdapDataProvider
             SchemaConstants.CN_AT, GlobalIds.PROPS
     };
 
+    public static final String GID_SEQ = "ftGidSequence";
+    public static final String UID_SEQ = "ftUidSequence";
 
     /**
      * Package private default constructor.
@@ -127,6 +131,8 @@ final class ConfigDAO extends LdapDataProvider
             ld = getAdminConnection();
             myEntry.add( SchemaConstants.CN_AT, name );
             loadProperties( props, myEntry, GlobalIds.PROPS );
+            myEntry.add( GID_SEQ, "" + 0 );
+            myEntry.add( UID_SEQ, "" + 0 );
             add( ld, myEntry );
         }
         catch ( LdapEntryAlreadyExistsException e )
@@ -190,6 +196,42 @@ final class ConfigDAO extends LdapDataProvider
 
 
     /**
+     * This method will update a single property with a new value.
+     *
+     * @param name of the config node, mostly likely 'DEFAULT'.
+     * @param key used for the property.
+     * @param value this is old value to be replaced with newValue.
+     * @param newValue new value for the property
+     * @throws UpdateException in the event the attribute can't be replaced.
+     * @throws FinderException in the event the config node and/or property key:value can't be located.
+     */
+    void updateProperty( String name, String key, String value, String newValue ) throws UpdateException, FinderException
+    {
+        LdapConnection ld = null;
+        String dn = getDn( name );
+        LOG.debug
+            ( "update dn [{}], key [{}], value [{}], newValue [{}]", dn, key, value, newValue );
+        try
+        {
+            List<Modification> mods = new ArrayList<Modification>();
+            mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.PROPS, key + GlobalIds.PROP_SEP + value ) );
+            mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, GlobalIds.PROPS, key + GlobalIds.PROP_SEP + newValue ) );
+            ld = getAdminConnection();
+            modify( ld, dn, mods );
+        }
+        catch ( LdapException e )
+        {
+            String error = "updateProperty dn [" + dn + "] caught LDAPException=" + e.getMessage();
+            throw new UpdateException( GlobalErrIds.FT_CONFIG_UPDATE_FAILED, error, e );
+        }
+        finally
+        {
+            closeAdminConnection( ld );
+        }
+    }
+
+
+    /**
      * @param name
      * @throws org.apache.directory.fortress.core.RemoveException
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/impl/ConfigMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigMgrImpl.java
index 2c80df4..42dd967 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigMgrImpl.java
@@ -70,6 +70,15 @@ public class ConfigMgrImpl implements ConfigMgr, Serializable
      * {@inheritDoc}
      */
     @Override
+    public void updateProperty(String name, String key, String value, String newValue) throws SecurityException
+    {
+        cfgP.updateProperty(name, key, value, newValue);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
     public void delete(String name) throws SecurityException
     {
         cfgP.delete(name);

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/impl/ConfigP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigP.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigP.java
index 3312d4b..e566216 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigP.java
@@ -98,6 +98,23 @@ final class ConfigP
 
 
     /**
+     * This method will update a single property with a new value..
+     *
+     * @param name of the config node, mostly likely 'DEFAULT'.
+     * @param key used for the property.
+     * @param value this is old value to be replaced with newValue.
+     * @param newValue new value for the property
+     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
+     */
+    void updateProperty( String name, String key, String value, String newValue )
+        throws SecurityException
+    {
+        ConfigDAO cfgDao = new ConfigDAO();
+        cfgDao.updateProperty( name, key, value, newValue );
+    }
+
+
+    /**
      * Delete existing cfg node which will remove all properties associated with that node.
      * The name is required.  If node does not exist, a {@link SecurityException} with error
      * {@link GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
index bff96db..29a8d54 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
@@ -37,6 +37,7 @@ import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.fortress.core.CfgException;
 import org.apache.directory.fortress.core.CreateException;
 import org.apache.directory.fortress.core.FinderException;
 import org.apache.directory.fortress.core.GlobalErrIds;
@@ -49,6 +50,8 @@ import org.apache.directory.fortress.core.model.Graphable;
 import org.apache.directory.fortress.core.model.Group;
 import org.apache.directory.fortress.core.model.ObjectFactory;
 import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.util.PropUpdater;
 import org.apache.directory.fortress.core.util.PropUtil;
 import org.apache.directory.ldap.client.api.LdapConnection;
 
@@ -98,7 +101,7 @@ import org.apache.directory.ldap.client.api.LdapConnection;
  *
  * @author Kevin McKinney
  */
-final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
+final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>, PropUpdater
 {
     /*
       *  *************************************************************************
@@ -112,6 +115,14 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
             ROLE_NM
     };
 
+
+    // rfc2307 decls:
+    private static final String POSIX_GROUP = "posixGroup";
+    static final boolean IS_RFC2307 = Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ) != null && Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ).equalsIgnoreCase( "true" ) ? true : false;
+    private static final String MEMBER_UID = "memberuid";
+    private static final String RFC2307_GROUP = Config.getInstance().getProperty( "rfc2307.group" ) != null ? Config.getInstance().getProperty( "rfc2307.group" ) : "groupOfNames";
+    //private static final String RFC2307_GROUP_MEMBER = IS_RFC2307 && Config.getInstance().getProperty( "rfc2307.group.member" ) != null ? Config.getInstance().getProperty( "rfc2307.group.member" ) : GlobalIds.ROLE_OCCUPANT;
+
     private static final String[] ROLE_ATRS =
         {
             GlobalIds.FT_IID,
@@ -120,19 +131,43 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
             GlobalIds.CONSTRAINT,
             SchemaConstants.ROLE_OCCUPANT_AT,
             GlobalIds.PARENT_NODES,
-            GlobalIds.PROPS
+            GlobalIds.PROPS,
+            IS_RFC2307 ? MEMBER_UID : null,
+            IS_RFC2307 ? GlobalIds.GID_NUMBER : null
     };
 
     /**
      * Defines the object class structure used within Fortress Role processing.
      */
-    private static final String ROLE_OBJ_CLASS[] =
+    private static String[] ROLE_OBJ_CLASS = IS_RFC2307 ? new String[]
+        {
+            SchemaConstants.TOP_OC,
+            GlobalIds.ROLE_OBJECT_CLASS_NM,
+            GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
+            GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME,
+            POSIX_GROUP
+        }
+        : new String[]
         {
             SchemaConstants.TOP_OC,
             GlobalIds.ROLE_OBJECT_CLASS_NM,
             GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
             GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
-    };
+        };
+
+
+    /**
+     * Method on PropUdater interface used to increment UID and GID prop values.
+     * @param value contains a String that will be converted to an Integer before incremeting.
+     * @return String value contains the new sequence value.
+     */
+    public String newValue(String value)
+    {
+        Integer id = new Integer( value );
+        Integer newId = id + 1;
+        return newId.toString();
+    }
+
 
     /**
      * @param entity
@@ -151,6 +186,25 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
             entity.setId();
             entry.add( GlobalIds.FT_IID, entity.getId() );
             entry.add( ROLE_NM, entity.getName() );
+            // If supporting RFC2307 posixGroups && the gidNumber has not already been set.
+            if ( IS_RFC2307 && StringUtils.isEmpty( entity.getGidNumber() ) )
+            {
+                String name = Config.getInstance().getProperty( GlobalIds.CONFIG_REALM );
+                try
+                {
+                    entity.setGidNumber( Config.getInstance().replaceProperty( name, GlobalIds.GID_NUMBER, this ) );
+                }
+                catch ( CfgException ce )
+                {
+                    String error = "create role caught CfgException replacing the GID prop:" + ce.getMessage();
+                    throw new CreateException( GlobalErrIds.ROLE_ADD_FAILED, error, ce );
+                }
+            }
+            // gidNumber is optional:
+            if ( IS_RFC2307 && StringUtils.isNotEmpty( entity.getGidNumber() ) )
+            {
+                entry.add( GlobalIds.GID_NUMBER, entity.getGidNumber() );
+            }
 
             // description field is optional on this object class:
             if ( StringUtils.isNotEmpty( entity.getDescription() ) )
@@ -203,6 +257,12 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
                     SchemaConstants.DESCRIPTION_AT, entity.getDescription() ) );
             }
 
+            if ( IS_RFC2307 && StringUtils.isNotEmpty( entity.getGidNumber() ) )
+            {
+                mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+                    GlobalIds.GID_NUMBER, entity.getGidNumber() ) );
+            }
+
             if ( entity.isTemporalSet() )
             {
                 String szRawData = ConstraintUtil.setConstraint( entity );
@@ -296,6 +356,11 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
             List<Modification> mods = new ArrayList<Modification>();
             mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, SchemaConstants.ROLE_OCCUPANT_AT,
                 userDn ) );
+            if ( IS_RFC2307 )
+            {
+                mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, MEMBER_UID,
+                    getRdnValue( userDn ) ) );
+            }
             ld = getAdminConnection();
             modify( ld, dn, mods, entity );
         }
@@ -330,6 +395,11 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
             List<Modification> mods = new ArrayList<Modification>();
             mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
                 SchemaConstants.ROLE_OCCUPANT_AT, userDn ) );
+            if ( IS_RFC2307 )
+            {
+                mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, MEMBER_UID,
+                    getRdnValue( userDn ) ) );
+            }
             ld = getAdminConnection();
             modify( ld, dn, mods, entity );
         }
@@ -720,13 +790,22 @@ final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>
         entity.setId( getAttribute( le, GlobalIds.FT_IID ) );
         entity.setName( getAttribute( le, ROLE_NM ) );
         entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) );
-        entity.setOccupants( getAttributes( le, SchemaConstants.ROLE_OCCUPANT_AT ) );
         //entity.setParents(RoleUtil.getParents(entity.getName().toUpperCase(), contextId));
         entity.setChildren( RoleUtil.getInstance().getChildren( entity.getName().toUpperCase(), contextId ) );
         entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );        
         unloadTemporal( le, entity );
         entity.setDn( le.getDn().getName() );        
         entity.addProperties( PropUtil.getProperties( getAttributes( le, GlobalIds.PROPS ) ) );
+        if ( IS_RFC2307 )
+        {
+            entity.setGidNumber( getAttribute( le, GlobalIds.GID_NUMBER ) );
+            //entity.setOccupants( getAttributes( le, MEMBER_UID ) );
+        }
+        //else
+        //{
+        entity.setOccupants( getAttributes( le, SchemaConstants.ROLE_OCCUPANT_AT ) );
+        //}
+
         return entity;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index 083425f..ae1dcd6 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -52,6 +52,7 @@ import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.api.ldap.model.message.BindResponse;
 import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
 import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.fortress.core.CfgException;
 import org.apache.directory.fortress.core.CreateException;
 import org.apache.directory.fortress.core.FinderException;
 import org.apache.directory.fortress.core.GlobalErrIds;
@@ -66,6 +67,7 @@ import org.apache.directory.fortress.core.model.AdminRole;
 import org.apache.directory.fortress.core.model.ConstraintUtil;
 import org.apache.directory.fortress.core.model.ObjectFactory;
 import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.util.PropUpdater;
 import org.apache.directory.fortress.core.util.PropUtil;
 import org.apache.directory.fortress.core.model.PwMessage;
 import org.apache.directory.fortress.core.model.Role;
@@ -151,7 +153,7 @@ import org.slf4j.LoggerFactory;
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @created August 30, 2009
  */
-final class UserDAO extends LdapDataProvider
+final class UserDAO extends LdapDataProvider implements PropUpdater
 {
     /*
       *  *************************************************************************
@@ -189,8 +191,19 @@ final class UserDAO extends LdapDataProvider
     private static final String OPENLDAP_PW_LOCKED_TIME = "pwdAccountLockedTime";
     private static final String OPENLDAP_ACCOUNT_LOCKED_TIME = "pwdAccountLockedTime";
     private static final String LOCK_VALUE = "000001010000Z";
+
+    // RFC2307bis decls:
+    private static final String POSIX_ACCOUNT = "posixAccount";
+    private static final String HOME_DIRECTORY =  "homeDirectory";
+    private static final boolean IS_RFC2307 = Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ) != null && Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ).equalsIgnoreCase( "true" ) ? true : false;
+    /**
+     * RF2307bis uses groupOfNames instead of ftRA:
+     */
+    private static final String USER_ROLE_ASSIGN =  "ftRA";
+    //private static final String USER_ROLE_ASSIGN = IS_RFC2307 && Config.getInstance().getProperty( "rfc2307.user.member" ) != null ? Config.getInstance().getProperty( "rfc2307.user.member" ) : "ftRA";
+
     private static final String[] USERID = { SchemaConstants.UID_AT };
-    private static final String[] ROLES = { GlobalIds.USER_ROLE_ASSIGN };
+    private static final String[] ROLES = { USER_ROLE_ASSIGN };
     private static final String[] USERID_ATRS = { SchemaConstants.UID_AT };
     // These will be loaded in static initializer that follows:
     private static String[] authnAtrs = null;
@@ -208,6 +221,20 @@ final class UserDAO extends LdapDataProvider
         initAttrArrays();
 	}
 
+
+    /**
+     * Method on PropUdater interface used to increment UID and GID prop values.
+     * @param value contains a String that will be converted to an Integer before incremeting.
+     * @return String value contains the new sequence value.
+     */
+    public String newValue(String value)
+    {
+        Integer id = new Integer( value );
+        Integer newId = id + 1;
+        return newId.toString();
+    }
+
+
     /**
      * Add new user entity to LDAP
      *
@@ -311,6 +338,55 @@ final class UserDAO extends LdapDataProvider
                 myEntry.add( JPEGPHOTO, entity.getJpegPhoto() );
             }
 
+            // These are the posixAccount attributes specified by RFC2307bis (proposed) IETF standard:
+            if ( IS_RFC2307 )
+            {
+                // if not set, generate:
+                if ( StringUtils.isEmpty( entity.getUidNumber() ) )
+                {
+                    String name = Config.getInstance().getProperty( GlobalIds.CONFIG_REALM );
+                    try
+                    {
+                        entity.setUidNumber( Config.getInstance().replaceProperty( name, GlobalIds.UID_NUMBER, this ) );
+                    }
+                    catch ( CfgException ce )
+                    {
+                        String error = "create user caught CfgException replacing the UID prop:" + ce.getMessage();
+                        throw new CreateException( GlobalErrIds.USER_ADD_FAILED, error, ce );
+                    }
+                }
+
+                // required on PosixAccount:
+                myEntry.add( GlobalIds.UID_NUMBER, entity.getUidNumber() );
+
+                // if not set, generate:
+                if ( StringUtils.isEmpty( entity.getGidNumber() ) )
+                {
+                    String name = Config.getInstance().getProperty( GlobalIds.CONFIG_REALM );
+                    try
+                    {
+                        entity.setGidNumber( Config.getInstance().replaceProperty( name, GlobalIds.GID_NUMBER, this ) );
+                    }
+                    catch ( CfgException ce )
+                    {
+                        String error = "create user caught CfgException replacing the GID prop:" + ce.getMessage();
+                        throw new CreateException( GlobalErrIds.USER_ADD_FAILED, error, ce );
+                    }
+                }
+
+                // required on PosixAccount:
+                myEntry.add( GlobalIds.GID_NUMBER, entity.getGidNumber() );
+
+                // if not set, generate:
+                if ( StringUtils.isEmpty( entity.getHomeDirectory() ) )
+                {
+                    entity.setHomeDirectory( "not set" );
+                }
+
+                // required on PosixAccount:
+                myEntry.add( HOME_DIRECTORY, entity.getHomeDirectory() );
+            }
+
             ld = getAdminConnection();
             add( ld, myEntry, entity );
             entity.setDn( dn );
@@ -434,6 +510,29 @@ final class UserDAO extends LdapDataProvider
                     .getJpegPhoto() ) );
             }
 
+            // These are the posixAccount attributes specified by RFC2307bis (proposed) IETF standard:
+            if ( IS_RFC2307 )
+            {
+                if ( StringUtils.isNotEmpty( entity.getUidNumber() ) )
+                {
+                    mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.UID_NUMBER,
+                        entity.getUidNumber() ) );
+                }
+
+                if ( StringUtils.isNotEmpty( entity.getGidNumber() ) )
+                {
+                    mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.GID_NUMBER,
+                        entity.getGidNumber() ) );
+                }
+
+                // if not set, generate:
+                if ( StringUtils.isNotEmpty( entity.getHomeDirectory() ) )
+                {
+                    mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, HOME_DIRECTORY,
+                        entity.getHomeDirectory() ) );
+                }
+            }
+
             if ( mods.size() > 0 )
             {
                 ld = getAdminConnection();
@@ -722,7 +821,7 @@ final class UserDAO extends LdapDataProvider
                 throw new FinderException( GlobalErrIds.USER_NOT_FOUND, warning );
             }
 
-            roles = getAttributes( findEntry, GlobalIds.USER_ROLE_ASSIGN );
+            roles = getAttributes( findEntry, USER_ROLE_ASSIGN );
         }
         catch ( LdapNoSuchObjectException e )
         {
@@ -1072,7 +1171,7 @@ final class UserDAO extends LdapDataProvider
             if ( CollectionUtils.isNotEmpty( roles ) )
             {
                 filterbuf.append( "|(" );
-                filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+                filterbuf.append( USER_ROLE_ASSIGN );
                 filterbuf.append( "=" );
                 filterbuf.append( roleVal );
                 filterbuf.append( ")" );
@@ -1080,7 +1179,7 @@ final class UserDAO extends LdapDataProvider
                 for ( String uRole : roles )
                 {
                     filterbuf.append( "(" );
-                    filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+                    filterbuf.append( USER_ROLE_ASSIGN );
                     filterbuf.append( "=" );
                     filterbuf.append( uRole );
                     filterbuf.append( ")" );
@@ -1090,7 +1189,7 @@ final class UserDAO extends LdapDataProvider
             }
             else
             {
-                filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+                filterbuf.append( USER_ROLE_ASSIGN );
                 filterbuf.append( "=" );
                 filterbuf.append( roleVal );
                 filterbuf.append( ")" );
@@ -1147,7 +1246,7 @@ final class UserDAO extends LdapDataProvider
             filterbuf.append( GlobalIds.FILTER_PREFIX );
             filterbuf.append( USERS_AUX_OBJECT_CLASS_NAME );
             filterbuf.append( ")(" );
-            filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+            filterbuf.append( USER_ROLE_ASSIGN );
             filterbuf.append( "=" );
             filterbuf.append( roleVal );
             filterbuf.append( ")" );
@@ -1205,7 +1304,7 @@ final class UserDAO extends LdapDataProvider
             filterbuf.append( GlobalIds.FILTER_PREFIX );
             filterbuf.append( USERS_AUX_OBJECT_CLASS_NAME );
             filterbuf.append( ")(" );
-            filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+            filterbuf.append( USER_ROLE_ASSIGN );
             filterbuf.append( "=" );
             filterbuf.append( roleVal );
             filterbuf.append( ")" );
@@ -1283,7 +1382,7 @@ final class UserDAO extends LdapDataProvider
             filterbuf.append( GlobalIds.FILTER_PREFIX );
             filterbuf.append( USERS_AUX_OBJECT_CLASS_NAME );
             filterbuf.append( ")(" );
-            filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+            filterbuf.append( USER_ROLE_ASSIGN );
             filterbuf.append( "=" );
             filterbuf.append( roleVal );
             filterbuf.append( "))" );
@@ -1343,7 +1442,7 @@ final class UserDAO extends LdapDataProvider
                 {
                     String filteredVal = encodeSafeText( roleVal, GlobalIds.USERID_LEN );
                     filterbuf.append( "(" );
-                    filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+                    filterbuf.append( USER_ROLE_ASSIGN );
                     filterbuf.append( "=" );
                     filterbuf.append( filteredVal );
                     filterbuf.append( ")" );
@@ -1457,7 +1556,7 @@ final class UserDAO extends LdapDataProvider
             filterbuf.append( GlobalIds.FILTER_PREFIX );
             filterbuf.append( USERS_AUX_OBJECT_CLASS_NAME );
             filterbuf.append( ")(" );
-            filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+            filterbuf.append( USER_ROLE_ASSIGN );
             filterbuf.append( "=" );
             filterbuf.append( roleVal );
             filterbuf.append( "))" );
@@ -1766,7 +1865,7 @@ final class UserDAO extends LdapDataProvider
             mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_DATA,
                 szUserRole ) );
 
-            mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_ASSIGN, uRole
+            mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, USER_ROLE_ASSIGN, uRole
                 .getName() ) );
 
             ld = getAdminConnection();
@@ -1908,8 +2007,7 @@ final class UserDAO extends LdapDataProvider
                     mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds
                         .USER_ROLE_DATA, fRole.getRawData() ) );                    
                     
-                    mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds
-                        .USER_ROLE_ASSIGN, fRole.getName() ) );
+                    mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, USER_ROLE_ASSIGN, fRole.getName() ) );
                     ld = getAdminConnection();                    
                     
                     modify( ld, userDn, mods, uRole );                                        
@@ -2132,15 +2230,6 @@ final class UserDAO extends LdapDataProvider
             entity.setSystem( Boolean.valueOf( szBoolean ) );
         }
 
-        /*
-                TODO: Add for RFC2307BIS
-                entity.setUidNumber( getAttribute( entry, UID_NUMBER ) );
-                entity.setGidNumber( getAttribute( entry, GID_NUMBER ) );
-                entity.setHomeDirectory( getAttribute( entry, HOME_DIRECTORY ) );
-                entity.setLoginShell( getAttribute( entry, LOGIN_SHELL ) );
-                entity.setGecos( getAttribute( entry, GECOS ) );
-        */
-
         entity.addProperties( PropUtil.getProperties( getAttributes( entry, GlobalIds.PROPS ) ) );
 
         if ( Config.getInstance().isOpenldap() || Config.getInstance().isApacheds() )
@@ -2166,6 +2255,14 @@ final class UserDAO extends LdapDataProvider
 
         entity.setJpegPhoto( getPhoto( entry, JPEGPHOTO ) );
 
+        // These are the posixAccount attributes specified by RFC2307bis (proposed) IETF standard:
+        if ( IS_RFC2307 )
+        {
+            entity.setUidNumber( getAttribute( entry, GlobalIds.UID_NUMBER ) );
+            entity.setGidNumber( getAttribute( entry, GlobalIds.GID_NUMBER ) );
+            entity.setHomeDirectory( getAttribute( entry, HOME_DIRECTORY ) );
+        }
+
         return entity;
     }
 
@@ -2247,7 +2344,7 @@ final class UserDAO extends LdapDataProvider
         throws LdapInvalidAttributeValueException
     {
         Attribute userRoleData = new DefaultAttribute( GlobalIds.USER_ROLE_DATA );
-        Attribute userRoleAssign = new DefaultAttribute( GlobalIds.USER_ROLE_ASSIGN );
+        Attribute userRoleAssign = new DefaultAttribute( USER_ROLE_ASSIGN );
 
         if ( list != null )
         {
@@ -2317,7 +2414,7 @@ final class UserDAO extends LdapDataProvider
         if ( list != null )
         {
             Attribute userRoleData = new DefaultAttribute( GlobalIds.USER_ROLE_DATA );
-            Attribute userRoleAssign = new DefaultAttribute( GlobalIds.USER_ROLE_ASSIGN );
+            Attribute userRoleAssign = new DefaultAttribute( USER_ROLE_ASSIGN );
 
             for ( UserRole userRole : list )
             {
@@ -2599,7 +2696,17 @@ final class UserDAO extends LdapDataProvider
      */
     private String[] getUserObjectClass()
     {
-        String userObjectClass[] = new String[]
+        String[] userObjectClass = IS_RFC2307 ? new String[]
+            {
+                SchemaConstants.TOP_OC,
+                Config.getInstance().getProperty( USER_OBJECT_CLASS ),
+                USERS_AUX_OBJECT_CLASS_NAME,
+                GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
+                GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME,
+                USERS_EXTENSIBLE_OBJECT,
+                POSIX_ACCOUNT
+            }
+            : new String[]
             {
                 SchemaConstants.TOP_OC,
                 Config.getInstance().getProperty( USER_OBJECT_CLASS ),
@@ -2611,8 +2718,18 @@ final class UserDAO extends LdapDataProvider
         return userObjectClass;
     }
 
+
+
+    /**
+     * Begin RF2307 properties...
+     */
+
+    //private static final String USER_ROLE_ASSIGN = IS_RFC2307 && Config.getInstance().getProperty( "rfc2307.user.member" ) != null ? Config.getInstance().getProperty( "rfc2307.user.member" ) : "ftRA";
+    //private static final String USER_MEMBER = IS_RFC2307 && Config.getInstance().getProperty( "rfc2307.user.member" ) != null ? Config.getInstance().getProperty( "rfc2307.user.member" ) : USER_ROLE_ASSIGN;
+
     private void initAttrArrays()
     {
+
         if ( Config.getInstance().isOpenldap() || Config.getInstance().isApacheds() )
         {
             // This default set of attributes contains all and is used for search operations.
@@ -2627,7 +2744,7 @@ final class UserDAO extends LdapDataProvider
                     SchemaConstants.SN_AT,
                     GlobalIds.USER_ROLE_DATA,
                     GlobalIds.CONSTRAINT,
-                    GlobalIds.USER_ROLE_ASSIGN,
+                    USER_ROLE_ASSIGN,
                     OPENLDAP_PW_RESET,
                     OPENLDAP_PW_LOCKED_TIME,
                     OPENLDAP_POLICY_SUBENTRY,
@@ -2650,14 +2767,9 @@ final class UserDAO extends LdapDataProvider
                     SchemaConstants.TITLE_AT,
                     SYSTEM_USER,
                     JPEGPHOTO,
-                /*
-                            TODO: add for RFC2307Bis
-                            UID_NUMBER,
-                            GID_NUMBER,
-                            HOME_DIRECTORY,
-                            LOGIN_SHELL,
-                            GECOS
-                */};
+                    IS_RFC2307 ? HOME_DIRECTORY : null,
+                    IS_RFC2307 ? GlobalIds.GID_NUMBER : null,
+                    IS_RFC2307 ? GlobalIds.UID_NUMBER : null };
 
             // This smaller result set of attributes are needed for user validation and authentication operations.
             authnAtrs = new String[]
@@ -2688,7 +2800,7 @@ final class UserDAO extends LdapDataProvider
                     SchemaConstants.SN_AT,
                     GlobalIds.USER_ROLE_DATA,
                     GlobalIds.CONSTRAINT,
-                    GlobalIds.USER_ROLE_ASSIGN,
+                    USER_ROLE_ASSIGN,
                     GlobalIds.PROPS,
                     GlobalIds.USER_ADMINROLE_ASSIGN,
                     GlobalIds.USER_ADMINROLE_DATA,
@@ -2706,7 +2818,11 @@ final class UserDAO extends LdapDataProvider
                     EMPLOYEE_TYPE,
                     SchemaConstants.TITLE_AT,
                     SYSTEM_USER,
-                    JPEGPHOTO, };
+                    JPEGPHOTO,
+                    IS_RFC2307 ? HOME_DIRECTORY : null,
+                    IS_RFC2307 ? GlobalIds.GID_NUMBER : null,
+                    IS_RFC2307 ? GlobalIds.UID_NUMBER : null
+                };
 
             // This smaller result set of attributes are needed for user validation and authentication operations.
             authnAtrs = new String[]

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java b/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
index 8139025..4b72891 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
@@ -265,8 +265,7 @@ public abstract class LdapDataProvider
     protected void modify( LdapConnection connection, String dn, List<Modification> mods ) throws LdapException
     {
         COUNTERS.incrementMod();
-        connection.modify( dn, mods.toArray( new Modification[]
-            {} ) );
+        connection.modify( dn, mods.toArray( new Modification[]{} ) );
     }
 
 
@@ -825,6 +824,19 @@ public abstract class LdapDataProvider
     }
 
 
+    protected String getRdnValue( String dn )
+    {
+        try
+        {
+            return new Dn( dn ).getRdn().getNormValue();
+        }
+        catch ( LdapInvalidDnException lide )
+        {
+            return null;
+        }
+    }
+
+
     /**
      * Create multi-occurring ldap attribute given array of strings and attribute name.
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/model/Role.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Role.java b/src/main/java/org/apache/directory/fortress/core/model/Role.java
index 89f0bc6..7c1cbd7 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Role.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Role.java
@@ -236,6 +236,7 @@ public class Role extends FortEntity implements Constraint, Graphable, java.io.S
     private String beginLockDate;// this attribute is ftCstr
     private String endLockDate; // this attribute is ftCstr
     private String dayMask; // this attribute is ftCstr
+    private String gidNumber;
     private int timeout; // this attribute is ftCstr
     private Props props = new Props();
     
@@ -724,6 +725,7 @@ public class Role extends FortEntity implements Constraint, Graphable, java.io.S
         this.children = children;
     }
 
+
     /**
      * Returns distinguished name associated with Role.  This attribute is generated by DAO and is not allowed for outside classes to modify.
      * This attribute is for internal use only and need not be processed by external clients.
@@ -749,6 +751,26 @@ public class Role extends FortEntity implements Constraint, Graphable, java.io.S
 
 
     /**
+     * Get the Group ID number, which is required attribute for RFC2307 posixGroup object class.
+     * @return
+     */
+    public String getGidNumber()
+    {
+        return gidNumber;
+    }
+
+
+    /**
+     * Set the Group ID nunmber, which is required attribute for RFC2307 posixGroup object class.
+     * @param gidNumber
+     */
+    public void setGidNumber(String gidNumber)
+    {
+        this.gidNumber = gidNumber;
+    }
+
+
+    /**
      * Matches the name from two Role entities.
      *
      * @param thatObj contains a Role entity.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/model/User.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/User.java b/src/main/java/org/apache/directory/fortress/core/model/User.java
index dc12745..84f61ef 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/User.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/User.java
@@ -305,12 +305,7 @@ public class User extends FortEntity implements Constraint, Serializable
     private List<String> emails;
     @XmlTransient
     private byte[] jpegPhoto;
-
     // RFC2307bis:
-    /*
-    MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
-    MAY ( userPassword $ loginShell $ gecos $ description ) )
-     */
     private String uidNumber;
     private String gidNumber;
     private String homeDirectory;
@@ -466,9 +461,9 @@ public class User extends FortEntity implements Constraint, Serializable
 
 
     /**
-     * Used to retrieve User's valid userId attribute.  The Fortress userId maps to 'uid' for InetOrgPerson object class.
+     * Used to retrieve userId attributes concatenated in a comma separated value String..
      *
-     * @return String containing the userId.
+     * @return String value containing attributes in CSV format.
      */
     @Override
     public String toString()

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/rest/ConfigMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/ConfigMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/ConfigMgrRestImpl.java
index bcccd65..99011f4 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/ConfigMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/ConfigMgrRestImpl.java
@@ -108,6 +108,16 @@ public class ConfigMgrRestImpl implements ConfigMgr
      * {@inheritDoc}
      */
     @Override
+    public void updateProperty(String name, String key, String value, String newValue) throws SecurityException
+    {
+        throw new java.lang.UnsupportedOperationException();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
     public void delete(String name) throws SecurityException
     {
         VUtil.assertNotNull(name, GlobalErrIds.FT_CONFIG_NAME_NULL, CLS_NM + ".deleteProp");

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/util/Config.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/Config.java b/src/main/java/org/apache/directory/fortress/core/util/Config.java
index 679e483..5495688 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/Config.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/Config.java
@@ -119,6 +119,33 @@ public final class Config
     }
 
     /**
+     * Replaces property stored in the named configuration node and updates what's held in memory by commons config.
+     * Method is synchronized to prevent race condition where two threads access and update the same property value.
+     *
+     * @param name of the config node, mostly likely 'DEFAULT'.
+     * @param key used for the property.
+     * @param propUpdater reference to object that updates to new value.
+     * @return String containing the new value for the property.
+     */
+    public synchronized String replaceProperty( String name, String key, PropUpdater propUpdater ) throws CfgException
+    {
+        String value = getProperty( key );
+        try
+        {
+            String newValue = propUpdater.newValue( value );
+            ConfigMgr cfgMgr = ConfigMgrFactory.createInstance();
+            cfgMgr.updateProperty( name, key, value, newValue );
+            setProperty( key, newValue );
+        }
+        catch ( SecurityException se )
+        {
+            String error = "replaceProperty failed, exception=" + se.getMessage();
+            throw new CfgRuntimeException( GlobalErrIds.FT_CONFIG_UPDATE_FAILED, error, se );
+        }
+        return value;
+    }
+
+    /**
      * Gets the prop attribute as String value from the apache commons cfg component.
      *
      * @param name contains the name of the property.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01cccf78/src/main/java/org/apache/directory/fortress/core/util/PropUpdater.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/PropUpdater.java b/src/main/java/org/apache/directory/fortress/core/util/PropUpdater.java
new file mode 100644
index 0000000..2748361
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/util/PropUpdater.java
@@ -0,0 +1,9 @@
+package org.apache.directory.fortress.core.util;
+
+/**
+ * Created by smckinn on 6/17/18.
+ */
+public interface PropUpdater
+{
+    String newValue(String value);
+}


Mime
View raw message