Autopopulate name/email from LDAP when new Code Collaborator user logs in
I setup Code Collaborator for my group's code reviews. Once I got LDAP authentication setup I found that when new users login it doesn't know their full name or email address. I was able to populate these with a trigger in the Oracle database that execs ldapsearch to find the data.
First login as sysdba and grant permissions required for java code to exec an external program:
exec dbms_java.grant_permission('CCOLLAB', 'SYS:java.io.FilePermission', '/usr/bin/ldapsearch', 'execute');
exec dbms_java.grant_permission('CCOLLAB', 'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '');
exec dbms_java.grant_permission('CCOLLAB', 'SYS:java.lang.RuntimePermission', 'readFileDescriptor', '');
Now login as the Code Collaborator database user (I used CCOLLAB, as seen above) and create the java class:
create and compile java source named "LdapLookup" as
import java.sql.*;
import java.io.*;
import java.util.regex.*;
public class LdapLookup {
public static void lookup(String username, String[] fullname, String[] email) throws SQLException {
// ..code here to exec /usr/bin/ldapsearch, parse data from
// ..its output and store in fullname[0] and email[0]
}
}
..and the stored procedure:
create procedure do_LdapLookup(username varchar2, fullname OUT varchar2, email OUT varchar2)
as language java name 'LdapLookup.lookup(java.lang.String,java.lang.String[],java.lang.String[])';
Notice how Oracle uses String[] type for an OUT (or IN OUT) parameter. Assigning to the first array element sends a value back.
Run the procedure to test it.. I found the first call got "ORA-29549: class CCOLLAB.LdapLookup has changed, Java session state cleared", but the following call worked.
Finally create the trigger:
create trigger NEW_USER_TRIGGER
before insert on COLLABUSER for each row
declare
fullname varchar2(200); email varchar2(200);
begin
do_LdapLookup(:new.user_login, fullname, email);
if fullname is not null then
:new.user_name := fullname;
:new.user_email := email;
end if;
end;
All done. Now when a new user logs in for the first time (using their LDAP password), they get their full name and email address fields in Code Collaborator populated from the data already in LDAP.
Side note: Code Collaborator's installer didn't get LDAP auth setup in Tomcat correctly (at least it didn't work in my environment). After install I edited the tomcat/conf/Catalina/localhost/ROOT.xml and changed:
<Realm allRolesMode="strictAuthOnly" className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://server-name:389" userPattern="uid={0},ou=people,dc=sun,dc=com"/>
to:
<Realm allRolesMode="strictAuthOnly"
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://server-name:389"
userBase="ou=people,dc=sun,dc=com" userSearch="(&(uid={0}))"/>
Posted at 04:49PM Feb 12, 2008 by mindless in Sun | Comments[0]