LDAPCollector.java

/*
 * NOTE: This copyright does *not* cover user programs that use HQ
 * program services by normal system calls through the application
 * program interfaces provided as part of the Hyperic Plug-in Development
 * Kit or the Hyperic Client Development Kit - this is merely considered
 * normal use of the program, and does *not* fall under the heading of
 * "derived work".
 * 
 * Copyright (C) [2004, 2005, 2006], Hyperic, Inc.
 * This file is part of HQ.
 * 
 * HQ is free software; you can redistribute it and/or modify
 * it under the terms version 2 of the GNU General Public License as
 * published by the Free Software Foundation. This program is distributed
 * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 * PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 */

package org.hyperic.hq.plugin.netservices;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.directory.SearchControls;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import java.util.Properties;

public class LDAPCollector extends NetServicesCollector {

    private static final String PROP_BASEDN    = "baseDN";
    private static final String PROP_BINDDN    = "bindDN";
    private static final String PROP_BINDPW    = "bindPW";
    private static final String PROP_FILTER    = "filter";

    private static Log log =
        LogFactory.getLog(LDAPCollector.class.getName());

    /**
     * Construct default SearchControls
     */
    private SearchControls getSearchControls() {
        // Set the scope to subtree, default is one-level
        int scope = SearchControls.SUBTREE_SCOPE;

        // Use 'socket timeout' for search timeout.
        int timeLimit = getTimeoutMillis();

        // No limit on the number of entries returned
        long countLimit = 0;

        // Attributes to return.
        String returnedAttributes[] = null;

        // Don't return the object
        boolean returnObject = false;

        // No dereferencing during the search
        boolean deference = false;

        SearchControls constraints = new SearchControls(scope,
                                                        countLimit,        
                                                        timeLimit,
                                                        returnedAttributes,
                                                        returnObject,
                                                        deference);
        return constraints;
    }

    public void collect() {

        // Setup initial LDAP properties
        Properties env = new Properties();
        Properties props = getProperties();

        // Set our default factory name if one is not given
        String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
        if (factoryName == null) {
            env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
                            "com.sun.jndi.ldap.LdapCtxFactory");
        }

        // Set the LDAP url
        if (isSSL()) {
            env.put("java.naming.ldap.factory.socket",
            		LDAPSSLSocketFactory.class.getName());
            env.put(Context.SECURITY_PROTOCOL, "ssl");
        }
        String providerUrl = "ldap://" + getHostname() + ":" + getPort();
        env.setProperty(Context.PROVIDER_URL, providerUrl);

        // For log track
        setSource(providerUrl);

        // Follow referrals automatically
        env.setProperty(Context.REFERRAL, "follow");
        
        // Base DN
        String baseDN = props.getProperty(PROP_BASEDN);
        if (baseDN == null) {
            setErrorMessage("No Base DN given, refusing login");
            setAvailability(false);
            return;
        }

        // Search filter
        String filter = props.getProperty(PROP_FILTER);

        // Load any information we may need to bind
        String bindDN = props.getProperty(PROP_BINDDN);
        String bindPW = props.getProperty(PROP_BINDPW);
        if (bindDN != null) {
            env.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
            env.setProperty(Context.SECURITY_CREDENTIALS, bindPW);
            env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
        }

        if (log.isDebugEnabled()) {
            log.debug("Using LDAP environment: " + env);
        }

        try {
            startTime();
            InitialLdapContext ctx = new InitialLdapContext(env, null);
            endTime();

            setAvailability(true);

            // If a search filter is specified, run the search and return the
            // number of matches as a metric
            if (filter != null) {
                log.debug("Using LDAP filter=" + filter);
                NamingEnumeration answer = ctx.search(baseDN, filter,
                                                      getSearchControls());

                long matches = 0;
                while (answer.hasMore()) {
                    matches++;
                    answer.next();
                }

                setValue("NumberofMatches", matches);
            }
        } catch (Exception e) {
            setAvailability(false);
            if (log.isDebugEnabled()) {
                log.debug("LDAP check failed: " + e, e);
            }

            setErrorMessage("LDAP check failed: " + e);
        }
    }
}