Retrieve UUID from LDAP in same context (#29470)

This should avoid out-of-sync problems in distributed LDAP environments.

Closes #29206

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz 2024-05-13 16:18:30 +02:00 committed by GitHub
parent 673e122443
commit 2d053312a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 29 deletions

View file

@ -49,7 +49,6 @@ import javax.naming.directory.SearchResult;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
@ -101,8 +100,7 @@ public class LDAPIdentityStore implements IdentityStore {
}
BasicAttributes ldapAttributes = extractAttributesForSaving(ldapObject, true);
this.operationManager.createSubContext(ldapObject.getDn().getLdapName(), ldapAttributes);
ldapObject.setUuid(getEntryIdentifier(ldapObject));
ldapObject.setUuid(operationManager.createSubContext(ldapObject.getDn().getLdapName(), ldapAttributes));
if (logger.isDebugEnabled()) {
logger.debugf("Type with identifier [%s] and dn [%s] successfully added to LDAP store.", ldapObject.getUuid(), ldapObject.getDn());
@ -604,23 +602,4 @@ public class LDAPIdentityStore implements IdentityStore {
return attr;
}
protected String getEntryIdentifier(final LDAPObject ldapObject) {
try {
// we need this to retrieve the entry's identifier from the ldap server
String uuidAttrName = getConfig().getUuidLDAPAttributeName();
List<SearchResult> search = this.operationManager.search(ldapObject.getDn().getLdapName(),
new LDAPQueryConditionsBuilder().present(LDAPConstants.OBJECT_CLASS),
Arrays.asList(uuidAttrName), SearchControls.OBJECT_SCOPE);
Attribute id = search.get(0).getAttributes().get(getConfig().getUuidLDAPAttributeName());
if (id == null) {
throw new ModelException("Could not retrieve identifier for entry [" + ldapObject.getDn().toString() + "].");
}
return this.operationManager.decodeEntryUUID(id.get());
} catch (NamingException ne) {
throw new ModelException("Could not retrieve identifier for entry [" + ldapObject.getDn().toString() + "].");
}
}
}

View file

@ -600,7 +600,7 @@ public class LDAPOperationManager {
}
}
public void createSubContext(final LdapName name, final Attributes attributes) {
public String createSubContext(final LdapName name, final Attributes attributes) {
try {
if (logger.isTraceEnabled()) {
logger.tracef("Creating entry [%s] with attributes: [", name);
@ -622,14 +622,22 @@ public class LDAPOperationManager {
logger.tracef("]");
}
execute(new LdapOperation<Void>() {
return execute(new LdapOperation<>() {
@Override
public Void execute(LdapContext context) throws NamingException {
public String execute(LdapContext context) throws NamingException {
DirContext subcontext = context.createSubcontext(name, attributes);
subcontext.close();
return null;
try {
String uuidLDAPAttributeName = config.getUuidLDAPAttributeName();
Attribute id = subcontext.getAttributes("", new String[]{uuidLDAPAttributeName}).get(uuidLDAPAttributeName);
if (id == null) {
throw new ModelException("Could not retrieve identifier for entry [" + name + "].");
}
return decodeEntryUUID(id.get());
} catch (NamingException ne) {
throw new ModelException("Could not retrieve identifier for entry [" + name + "].", ne);
} finally {
subcontext.close();
}
}