Package org.opends.server.extensions

Class DynamicGroup

  • All Implemented Interfaces:
    Group
    public final class DynamicGroup
extends Object
implements Group
    This class provides a dynamic group implementation, in which membership is determined dynamically based on criteria provided in the form of one or more LDAP URLs. All dynamic groups should contain the groupOfURLs object class, with the memberURL attribute specifying the membership criteria.

    • Constructor Detail

      • DynamicGroup

        public DynamicGroup​(ServerContext serverContext,
                    Dn groupEntryDN,
                    LinkedHashSet<LdapUrl> memberURLs)
        Creates a new dynamic group instance with the provided information.
        Parameters:
        serverContext - The server context
        groupEntryDN - The DN of the entry that holds the definition for this group. It must not be null.
        memberURLs - The set of LDAP URLs that define the membership criteria for this group. It must not be null.

    • Method Detail

      • newInstance

        public static DynamicGroup newInstance​(ServerContext serverContext,
                                       Entry groupEntry)
        Creates a new group of this type based on the definition contained in the provided entry.
        Parameters:
        serverContext - The server context
        groupEntry - The entry containing the definition for the group to be created.
        Returns:
        The group instance created from the definition in the provided entry.

      • getGroupDefinitionFilter

        public static Filter getGroupDefinitionFilter()
        Retrieves a search filter that may be used to identify entries containing definitions for groups of this type in the Directory Server.
        Returns:
        A search filter that may be used to identify entries containing definitions for groups of this type in the Directory Server.

      • isGroupDefinition

        public static boolean isGroupDefinition​(Entry entry)
        Indicates whether the provided entry contains a valid definition for this type of group.
        Parameters:
        entry - The entry for which to make the determination.
        Returns:
        true if the provided entry does contain a valid definition for this type of group, or false if it does not.

      • getGroupDN

        public Dn getGroupDN()
        Description copied from interface: Group
        Retrieves the DN of the entry that contains the definition for this group.
        Specified by:
        getGroupDN in interface Group
        Returns:
        The DN of the entry that contains the definition for this group.

      • setGroupDN

        public void setGroupDN​(Dn groupDN)
        Description copied from interface: Group
        Sets the DN of the entry that contains the definition for this group.
        Specified by:
        setGroupDN in interface Group
        Parameters:
        groupDN - The DN of the entry that contains the definition for this group.

      • getMemberURLs

        public LdapUrl[] getMemberURLs()
        Retrieves the set of member URLs for this dynamic group. The returned set must not be altered by the caller.
        Returns:
        The set of member URLs for this dynamic group.

      • isMember

        public boolean isMember​(Dn userDN,
                        Group.ExaminedGroups examinedGroups)
                 throws LdapException
        Description copied from interface: Group
        Indicates whether the user with the specified DN is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result. Also note that group implementations that support nesting should use this version of the method rather than the version that does not take a set of DNs when attempting to determine whether a nested group includes the target member.
        Specified by:
        isMember in interface Group
        Parameters:
        userDN - The DN of the user for which to make the determination.
        examinedGroups - A set of groups that have already been examined in the process of making the determination. This provides a mechanism to prevent infinite recursion due to circular references (e.g., two groups include each other as nested groups). Each time a group instance is checked, its DN should be added to the list, and any DN already contained in the list should be skipped. The use of an atomic reference allow to lazily create the Set to optimize memory when there is no nested groups.
        Returns:
        true if the specified user is currently a member of this group, or false if not.
        Throws:
        LdapException - If a problem occurs while attempting to make the determination.

      • isMember

        public boolean isMember​(Entry userEntry,
                        Group.ExaminedGroups examinedGroups)
        Description copied from interface: Group
        Indicates whether the user described by the provided user entry is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result. Also note that group implementations that support nesting should use this version of the method rather than the version that does not take a set of DNs when attempting to determine whether a nested group includes the target member.
        Specified by:
        isMember in interface Group
        Parameters:
        userEntry - The entry for the user for which to make the determination.
        examinedGroups - A set of groups that have already been examined in the process of making the determination. This provides a mechanism to prevent infinite recursion due to circular references (e.g., two groups include each other as nested groups). Each time a group instance is checked, its DN should be added to the list, and any DN already contained in the list should be skipped. The use of an atomic reference allow to lazily create the Set to optimize memory when there is no nested groups.
        Returns:
        true if the specified user is currently a member of this group, or false if not.

      • getMemberDns

        public Flowable<Dn> getMemberDns()
        Description copied from interface: Group
        Retrieves an iterator that may be used to cursor through the Dns of the members contained in this group. Note that this is a point-in-time determination, and the caller must not cache the result. Further, the determination should only include this group and not members from nested groups.
        Specified by:
        getMemberDns in interface Group
        Returns:
        An iterator that may be used to cursor through the entries of the members contained in this group.

      • getAllMembers

        public Flowable<Entry> getAllMembers​(Dn baseDN,
                                     SearchScope scope,
                                     Filter filter)
        Description copied from interface: Group
        Retrieves an iterator that may be used to cursor through the entries of the members contained in this group, or its nested groups. It may optionally retrieve a subset of the member entries based on a given set of criteria. Note that this is a point-in-time determination, and the caller must not cache the result.
        Specified by:
        getAllMembers in interface Group
        Parameters:
        baseDN - The base DN that should be used when determining whether a given entry will be returned. If this is null, then all entries will be considered in the scope of the criteria.
        scope - The scope that should be used when determining whether a given entry will be returned. It must not be null if the provided base DN is not null. The scope will be ignored if no base DN is provided.
        filter - The filter that should be used when determining whether a given entry will be returned. If this is null, then any entry in the scope of the criteria will be included in the results.
        Returns:
        An iterator that may be used to cursor through the entries of the members contained in this group.

      • mayAlterMemberList

        public boolean mayAlterMemberList()
        Description copied from interface: Group
        Indicates whether it is possible to alter the member list for this group (e.g., in order to add members to the group or remove members from it).
        Specified by:
        mayAlterMemberList in interface Group
        Returns:
        true if it is possible to add members to this group, or false if not.

      • updateMembers

        public void updateMembers​(List<Modification> modifications)
                   throws UnsupportedOperationException
        Description copied from interface: Group
        Attempt to make multiple changes to the group's member list.
        Specified by:
        updateMembers in interface Group
        Parameters:
        modifications - The list of modifications being made to the group, which may include changes to non-member attributes.
        Throws:
        UnsupportedOperationException - If this group does not support altering the member list.