org.ldaptive.LdapEntry Java Examples

@Override
public LdapEntry next() {
  final String dn = dnsIterator.next();
  final SearchRequest request = new SearchRequest();
  request.setBaseDn(dn);
  request.setSearchFilter(usersFilter);
  request.setSearchScope(OBJECT);
  request.setReturnAttributes(returnAttrs);
  request.setSearchEntryHandlers(new ObjectGuidHandler());
  try {
    final Response<SearchResult> response = searchOp.execute(request);
    if (response.getResultCode() != SUCCESS) {
      throw new SyncException(
          format(
              "Couldn't get entry dn '%s', result code is '%s'", dn, response.getResultCode()));
    }
    return response.getResult().getEntry();
  } catch (LdapException x) {
    throw new SyncException(x.getLocalizedMessage(), x);
  }
}
 

private String getRoleFromEntry(final Connection ldapConnection, final LdapName ldapName, final String role) {

        if (ldapName == null || Strings.isNullOrEmpty(role)) {
            return null;
        }

        if("dn".equalsIgnoreCase(role)) {
            return ldapName.toString();
        }

        try {
            final LdapEntry roleEntry = LdapHelper.lookup(ldapConnection, ldapName.toString());

            if(roleEntry != null) {
                final LdapAttribute roleAttribute = roleEntry.getAttribute(role);
                if(roleAttribute != null) {
                    return Utils.getSingleStringValue(roleAttribute);
                }
            }
        } catch (LdapException e) {
            log.error("Unable to handle role {} because of ",ldapName, e.toString(), e);
        }

        return null;
    }
 

@Test
public void testLdapAuthenticationReferral() throws Exception {


    final Settings settings = Settings.builder()
            .putList(ConfigConstants.LDAP_HOSTS, "localhost:" + ldapPort)
            .put(ConfigConstants.LDAP_AUTHC_USERSEARCH, "(uid={0})").build();

    final Connection con = LDAPAuthorizationBackend.getConnection(settings, null);
    try {
        final LdapEntry ref1 = LdapHelper.lookup(con, "cn=Ref1,ou=people,o=TEST");
        Assert.assertEquals("cn=refsolved,ou=people,o=TEST", ref1.getDn());
    } finally {
        con.close();
    }

}
 

@Test
public void testLdapAuthenticationReferral() throws Exception {

    final Settings settings = Settings.builder()
            .putList(ConfigConstants.LDAP_HOSTS, "localhost:" + ldapPort)
            .put("users.u1.search", "(uid={0})").build();

    final Connection con = LDAPAuthorizationBackend.getConnection(settings, null);
    try {
        final LdapEntry ref1 = LdapHelper.lookup(con, "cn=Ref1,ou=people,o=TEST");
        Assert.assertEquals("cn=refsolved,ou=people,o=TEST", ref1.getDn());
    } finally {
        con.close();
    }

}
 

@Test
public void testLdapAuthenticationReferral() throws Exception {

    final Settings settings = createBaseSettings()
            .putList(ConfigConstants.LDAP_HOSTS, "localhost:" + ldapPort)
            .put("users.u1.search", "(uid={0})").build();

    final Connection con = new LDAPConnectionFactoryFactory(settings, null).createBasicConnectionFactory()
            .getConnection();
    try {
        con.open();
        final LdapEntry ref1 = LdapHelper.lookup(con, "cn=Ref1,ou=people,o=TEST");
        Assert.assertEquals("cn=refsolved,ou=people,o=TEST", ref1.getDn());
    } finally {
        con.close();
    }

}
 

private String getRoleFromEntry(final Connection ldapConnection, final LdapName ldapName, final String role) {

        if (ldapName == null || Strings.isNullOrEmpty(role)) {
            return null;
        }

        if("dn".equalsIgnoreCase(role)) {
            return ldapName.toString();
        }

        try {
            final LdapEntry roleEntry = LdapHelper.lookup(ldapConnection, ldapName.toString());

            if(roleEntry != null) {
                final LdapAttribute roleAttribute = roleEntry.getAttribute(role);
                if(roleAttribute != null) {
                    return Utils.getSingleStringValue(roleAttribute);
                }
            }
        } catch (LdapException e) {
            log.error("Unable to handle role {} because of ",ldapName, e.toString(), e);
        }

        return null;
    }
 

@Test
public void testLdapAuthenticationReferral() throws Exception {

    final Settings settings = createBaseSettings()
            .putList(ConfigConstants.LDAP_HOSTS, "localhost:" + ldapPort)
            .put(ConfigConstants.LDAP_AUTHC_USERSEARCH, "(uid={0})").build();

    final Connection con = new LDAPConnectionFactoryFactory(settings, null).createBasicConnectionFactory()
            .getConnection();
    try {
        con.open();
        final LdapEntry ref1 = LdapHelper.lookup(con, "cn=Ref1,ou=people,o=TEST");
        Assert.assertEquals("cn=refsolved,ou=people,o=TEST", ref1.getDn());
    } finally {
        con.close();
    }

}
 

@Test
public void testMembershipSelection() throws Exception {
  final MembershipSelector selector =
      new MembershipSelector(
          server.getBaseDn(),
          "(objectClass=groupOfNames)",
          "(objectClass=inetOrgPerson)",
          "member",
          "uid",
          "givenName");
  try (Connection conn = connFactory.getConnection()) {
    conn.open();
    final Set<LdapEntry> selection =
        StreamSupport.stream(selector.select(conn).spliterator(), false).collect(toSet());
    assertEquals(selection.size(), 200);
    for (LdapEntry entry : selection) {
      assertNotNull(entry.getAttribute("givenName"));
      assertNotNull(entry.getAttribute("uid"));
    }
  }
}
 

/**
 * Reads a String value from the LdapEntry.
 *
 * @param entry       the ldap entry
 * @param attribute the attribute name
 * @param nullValue the value which should be returning in case of a null value
 * @return the string
 */
public static String getString(final LdapEntry entry, final String attribute, final String nullValue) {
    final LdapAttribute attr = entry.getAttribute(attribute);
    if (attr == null) {
        return nullValue;
    }

    String v = null;
    if (attr.isBinary()) {
        final byte[] b = attr.getBinaryValue();
        v = new String(b, Charset.forName("UTF-8"));
    } else {
        v = attr.getStringValue();
    }

    if (StringUtils.isNotBlank(v)) {
        return v;
    }
    return nullValue;
}
 

@Override
public RegisteredService save(final RegisteredService rs) {
    if (rs.getId() != RegisteredService.INITIAL_IDENTIFIER_VALUE) {
        return update(rs);
    }

    Connection connection = null;
    try {
        connection = getConnection();
        final AddOperation operation = new AddOperation(connection);

        final LdapEntry entry = this.ldapServiceMapper.mapFromRegisteredService(this.searchRequest.getBaseDn(), rs);
        operation.execute(new AddRequest(entry.getDn(), entry.getAttributes()));
    } catch (final LdapException e) {
        logger.error(e.getMessage(), e);
    } finally {
        LdapUtils.closeConnection(connection);
    }
    return rs;
}
 

@Override
public List<RegisteredService> load() {
    Connection connection = null;
    final List<RegisteredService> list = new LinkedList<>();
    try {
        connection = getConnection();
        final Response<SearchResult> response =
                executeSearchOperation(connection, new SearchFilter(this.loadFilter));
        if (hasResults(response)) {
            for (final LdapEntry entry : response.getResult().getEntries()) {
                final RegisteredService svc = this.ldapServiceMapper.mapToRegisteredService(entry);
                list.add(svc);
            }
        }
    } catch (final LdapException e) {
        logger.error(e.getMessage(), e);
    } finally {
        LdapUtils.closeConnection(connection);
    }
    return list;
}
 

@Test
public void verifyAuthenticateSuccess() throws Exception {
    for (final LdapEntry entry : this.getEntries()) {
        final String username = getUsername(entry);
        final String psw = entry.getAttribute("userPassword").getStringValue();
        final HandlerResult result = this.handler.authenticate(
                new UsernamePasswordCredential(username, psw));
        assertNotNull(result.getPrincipal());
        assertEquals(username, result.getPrincipal().getId());
        assertEquals(
                entry.getAttribute("displayName").getStringValue(),
                result.getPrincipal().getAttributes().get("displayName"));
        assertEquals(
                entry.getAttribute("mail").getStringValue(),
                result.getPrincipal().getAttributes().get("mail"));
    }
}
 

/**
 * Reads an LDIF into a collection of LDAP entries. The components performs a simple property
 * replacement in the LDIF data where <pre>${ldapBaseDn}</pre> is replaced with the environment-specific base
 * DN.
 *
 * @param ldif LDIF resource, typically a file on filesystem or classpath.
 * @param baseDn The directory branch where the entry resides.
 *
 * @return LDAP entries contained in the LDIF.
 *
 * @throws IOException On IO errors reading LDIF.
 */
public static Collection<LdapEntry> readLdif(final InputStream ldif, final String baseDn) throws IOException {
    final StringBuilder builder = new StringBuilder();
    try (final BufferedReader reader = new BufferedReader(new InputStreamReader(ldif))) {
        String line;
        while ((line = reader.readLine()) != null) {
            if (line.contains(BASE_DN_PLACEHOLDER)) {
                builder.append(line.replace(BASE_DN_PLACEHOLDER, baseDn));
            } else {
                builder.append(line);
            }
            builder.append(NEWLINE);
        }
    }
    return new LdifReader(new StringReader(builder.toString())).read().getEntries();
}
 

/**
 * Downloads a CRL from given LDAP url.
 *
 * @param r the resource that is the ldap url.
 * @return the x 509 cRL
 * @throws Exception if connection to ldap fails, or attribute to get the revocation list is unavailable
 */
protected X509CRL fetchCRLFromLdap(final Object r) throws Exception {
    try {
        final String ldapURL = r.toString();
        logger.debug("Fetching CRL from ldap {}", ldapURL);

        final Response<SearchResult> result = performLdapSearch(ldapURL);
        if (result.getResultCode() == ResultCode.SUCCESS) {
            final LdapEntry entry = result.getResult().getEntry();
            final LdapAttribute attribute = entry.getAttribute();

            logger.debug("Located entry [{}]. Retrieving first attribute [{}]",
                    entry, attribute);
            return fetchX509CRLFromAttribute(attribute);
        } else {
            logger.debug("Failed to execute the search [{}]", result);
        }

        throw new CertificateException("Failed to establish a connection ldap and search.");

    } catch (final LdapException e) {
        logger.error(e.getMessage(), e);
        throw new CertificateException(e);
    }
}
 

@Override
public RegisteredService save(final RegisteredService rs) {
    if (rs.getId() != RegisteredService.INITIAL_IDENTIFIER_VALUE) {
        return update(rs);
    }

    Connection connection = null;
    try {
        connection = this.connectionFactory.getConnection();
        final AddOperation operation = new AddOperation(connection);

        final LdapEntry entry = this.ldapServiceMapper.mapFromRegisteredService(this.searchRequest.getBaseDn(), rs);
        operation.execute(new AddRequest(entry.getDn(), entry.getAttributes()));
    } catch (final LdapException e) {
        logger.error(e.getMessage(), e);
    } finally {
        LdapUtils.closeConnection(connection);
    }
    return rs;
}
 

@Override
public List<RegisteredService> load() {
    Connection connection = null;
    final List<RegisteredService> list = new LinkedList<RegisteredService>();
    try {
        connection = this.connectionFactory.getConnection();
        final Response<SearchResult> response =
                executeSearchOperation(connection, new SearchFilter(this.loadFilter));
        if (hasResults(response)) {
            for (final LdapEntry entry : response.getResult().getEntries()) {
                final RegisteredService svc = this.ldapServiceMapper.mapToRegisteredService(entry);
                list.add(svc);
            }
        }
    } catch (final LdapException e) {
        logger.error(e.getMessage(), e);
    } finally {
        LdapUtils.closeConnection(connection);
    }
    return list;
}
 

@Test
public void testAuthenticateSuccess() throws Exception {
    String username;
    for (final LdapEntry entry : this.testEntries) {
        username = getUsername(entry);
        final HandlerResult result = this.handler.authenticate(
                new UsernamePasswordCredential(username, LdapTestUtils.getPassword(entry)));
        assertNotNull(result.getPrincipal());
        assertEquals(username, result.getPrincipal().getId());
        assertEquals(
                entry.getAttribute("displayName").getStringValue(),
                result.getPrincipal().getAttributes().get("displayName"));
        assertEquals(
                entry.getAttribute("mail").getStringValue(),
                result.getPrincipal().getAttributes().get("mail"));
    }
}
 

@Test
public void testAuthenticateNotFound() throws Exception {
    if (!this.supportsNotFound) {
        return;
    }
    String username;
    for (final LdapEntry entry : this.testEntries) {
        username = getUsername(entry);
        try {
            this.handler.authenticate(new UsernamePasswordCredential("nobody", "badpassword"));
            fail("Should have thrown AccountNotFoundException.");
        } catch (final AccountNotFoundException e) {
            assertNotNull(e.getMessage());
        }
    }
}
 

/**
 * Reads an LDIF into a collection of LDAP entries. The components performs a simple property
 * replacement in the LDIF data where <pre>${ldapBaseDn}</pre> is replaced with the environment-specific base
 * DN.
 *
 * @param ldif LDIF resource, typically a file on filesystem or classpath.
 * @param baseDn The directory branch where the entry resides.
 *
 * @return LDAP entries contained in the LDIF.
 *
 * @throws IOException On IO errors reading LDIF.
 */
public static Collection<LdapEntry> readLdif(final Resource ldif, final String baseDn) throws IOException {
    final StringBuilder builder = new StringBuilder();
    final BufferedReader reader = new BufferedReader(new InputStreamReader(ldif.getInputStream()));
    try {
        String line;
        while ((line = reader.readLine()) != null) {
            if (line.contains(BASE_DN_PLACEHOLDER)) {
                builder.append(line.replace(BASE_DN_PLACEHOLDER, baseDn));
            } else {
                builder.append(line);
            }
            builder.append(NEWLINE);
        }
    } finally {
        reader.close();
    }
    return new LdifReader(new StringReader(builder.toString())).read().getEntries();
}
 

@Override
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {
    try {
        if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
            ((AbstractRegisteredService) svc).setId(System.nanoTime());
        }
        final String newDn = getDnForRegisteredService(dn, svc);
        LOGGER.debug("Creating entry {}", newDn);

        final Collection<LdapAttribute> attrs = new ArrayList<>();
        attrs.add(new LdapAttribute(this.idAttribute, String.valueOf(svc.getId())));

        final StringWriter writer = new StringWriter();
        this.jsonSerializer.toJson(writer, svc);
        attrs.add(new LdapAttribute(this.serviceDefinitionAttribute, writer.toString()));
        attrs.add(new LdapAttribute(LdapUtils.OBJECTCLASS_ATTRIBUTE, "top", this.objectClass));

        return new LdapEntry(newDn, attrs);
    } catch (final Exception e) {
        throw new RuntimeException(e);
    }
}
 

private LdapEntry existsSearchingUntilFirstHit(Connection ldapConnection, String user) throws Exception {
    final String username = user;

    for (Map.Entry<String, Settings> entry : userBaseSettings) {
        Settings baseSettings = entry.getValue();

        SearchFilter f = new SearchFilter();
        f.setFilter(baseSettings.get(ConfigConstants.LDAP_AUTHCZ_SEARCH, DEFAULT_USERSEARCH_PATTERN));
        f.setParameter(ZERO_PLACEHOLDER, username);

        List<LdapEntry> result = LdapHelper.search(ldapConnection,
                baseSettings.get(ConfigConstants.LDAP_AUTHCZ_BASE, DEFAULT_USERBASE),
                f,
                SearchScope.SUBTREE);

        if (log.isDebugEnabled()) {
            log.debug("Results for LDAP search for " + user + " in base " + entry.getKey() + ":\n" + result);
        }

        if (result != null && result.size() >= 1) {
            return result.get(0);
        }
    }

    return null;
}
 

/**
 * Authenticates the username and password using the LDAP/AD service. By default all the users
 * authenticated will have <b>USER</b> role. We might change this in future depending on the
 * attribute info available in the LDAP entries.
 *
 * @param userName ldap username
 * @param password ldap password
 * @param domain Auth domain.
 * @return {@link OneOpsUser} details object if successfully authenticated, else returns <code>
 *     null</code>.
 * @throws LdapException throws if any error authenticating/connecting to ldap server.
 */
public @Nullable OneOpsUser authenticate(String userName, char[] password, AuthDomain domain)
    throws LdapException {
  LdapEntry ldapUser =
      metricService.time("oneops.ldap.auth", () -> ldapClient.authenticate(userName, password));

  if (ldapUser != null) {
    String cn = getCommonName(ldapUser, userName);
    return new OneOpsUser(
        userName,
        String.valueOf(password),
        singletonList(new SimpleGrantedAuthority(USER.authority())),
        cn,
        domain);
  }
  return null;
}
 

private Collection<String> getMultiValuedAttributeValues(@NotNull final LdapEntry entry, @NotNull final String attrName) {
    final LdapAttribute attrs = entry.getAttribute(attrName);
    if (attrs != null) {
        return attrs.getStringValues();
    }
    return Collections.emptyList();
}
 

@Override
public RegisteredService mapToRegisteredService(final LdapEntry entry) {

    final LdapAttribute attr = entry.getAttribute(this.serviceIdAttribute);

    if (attr != null) {
        final AbstractRegisteredService s = getRegisteredService(attr.getStringValue());

        if (s != null) {
            s.setId(LdapUtils.getLong(entry, this.idAttribute, Long.valueOf(entry.getDn().hashCode())));

            s.setServiceId(LdapUtils.getString(entry, this.serviceIdAttribute));
            s.setName(LdapUtils.getString(entry, this.serviceNameAttribute));
            s.setDescription(LdapUtils.getString(entry, this.serviceDescriptionAttribute));
            s.setEnabled(LdapUtils.getBoolean(entry, this.serviceEnabledAttribute));
            s.setTheme(LdapUtils.getString(entry, this.serviceThemeAttribute));
            s.setEvaluationOrder(LdapUtils.getLong(entry, this.evaluationOrderAttribute).intValue());
            s.setUsernameAttribute(LdapUtils.getString(entry, this.usernameAttribute));
            s.setAllowedToProxy(LdapUtils.getBoolean(entry, this.serviceAllowedToProxyAttribute));
            s.setAnonymousAccess(LdapUtils.getBoolean(entry, this.serviceAnonymousAccessAttribute));
            s.setSsoEnabled(LdapUtils.getBoolean(entry, this.serviceSsoEnabledAttribute));
            s.setAllowedAttributes(new ArrayList<String>(getMultiValuedAttributeValues(entry, this.serviceAllowedAttributesAttribute)));
            s.setIgnoreAttributes(LdapUtils.getBoolean(entry, this.ignoreAttributesAttribute));
            s.setRequiredHandlers(new HashSet<String>(getMultiValuedAttributeValues(entry, this.requiredHandlersAttribute)));
        }
        return s;
    }
    return null;
}
 

@Override
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {


    if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
        ((AbstractRegisteredService) svc).setId(System.nanoTime());
    }
    final String newDn = getDnForRegisteredService(dn, svc);
    LOGGER.debug("Creating entry {}", newDn);

    final Collection<LdapAttribute> attrs = new ArrayList<LdapAttribute>();
    attrs.add(new LdapAttribute(this.idAttribute, String.valueOf(svc.getId())));
    attrs.add(new LdapAttribute(this.serviceIdAttribute, svc.getServiceId()));
    attrs.add(new LdapAttribute(this.serviceNameAttribute, svc.getName()));
    attrs.add(new LdapAttribute(this.serviceDescriptionAttribute, svc.getDescription()));
    attrs.add(new LdapAttribute(this.serviceEnabledAttribute, Boolean.toString(svc.isEnabled()).toUpperCase()));
    attrs.add(new LdapAttribute(this.serviceAllowedToProxyAttribute, Boolean.toString(svc.isAllowedToProxy()).toUpperCase()));
    attrs.add(new LdapAttribute(this.serviceAnonymousAccessAttribute, Boolean.toString(svc.isAnonymousAccess()).toUpperCase()));
    attrs.add(new LdapAttribute(this.serviceSsoEnabledAttribute, Boolean.toString(svc.isSsoEnabled()).toUpperCase()));
    attrs.add(new LdapAttribute(this.ignoreAttributesAttribute, Boolean.toString(svc.isAnonymousAccess()).toUpperCase()));
    attrs.add(new LdapAttribute(this.evaluationOrderAttribute, String.valueOf(svc.getEvaluationOrder())));
    attrs.add(new LdapAttribute(this.serviceThemeAttribute, svc.getTheme()));
    attrs.add(new LdapAttribute(this.usernameAttribute, svc.getUsernameAttribute()));

    if (svc.getAllowedAttributes().size() > 0) {
        attrs.add(new LdapAttribute(this.serviceAllowedAttributesAttribute, svc.getAllowedAttributes().toArray(new String[] {})));
    }

    if (svc.getRequiredHandlers().size() > 0) {
        attrs.add(new LdapAttribute(this.requiredHandlersAttribute, svc.getRequiredHandlers().toArray(new String[] {})));
    }

    attrs.add(new LdapAttribute(LdapUtils.OBJECTCLASS_ATTRIBUTE, this.objectClass));

    return new LdapEntry(newDn, attrs);
}
 

@Test
public void shouldRetrieveIdValueAndNormalizeIt() {
  final String id = "{123}";
  final LdapEntry entry = new LdapEntry("uid=user123", new LdapAttribute("uid", id));

  final String normalizedId = idNormalizer.retrieveAndNormalize(entry);

  assertEquals(normalizedId, "123");
  assertEquals(entry.getAttribute("uid").getStringValue(), "{123}");
}
 

public LdapUser(final String name, String originalUsername, final LdapEntry userEntry,
        final AuthCredentials credentials, int customAttrMaxValueLen, List<String> whiteListedAttributes) {
    super(name, null, credentials);
    this.originalUsername = originalUsername;
    this.userEntry = userEntry;
    Map<String, String> attributes = getCustomAttributesMap();
    attributes.putAll(extractLdapAttributes(originalUsername, userEntry, customAttrMaxValueLen, whiteListedAttributes));
}
 

/**
 *
 * @param groupCn The new group
 * @throws LdapException
 * @throws NoSuchAlgorithmException
 */
@When("^I create LDAP group '(.+?)'$")
public void createLDAPGroup(String groupCn) throws LdapException {
    String groupDn = "cn=" + groupCn + "," + ThreadProperty.get("LDAP_GROUP_DN");
    int groupGidNumber = this.commonspec.getLdapUtils().getLDAPMaxGidNumber() + 1;

    LdapEntry newGroup = new LdapEntry(groupDn);
    newGroup.addAttribute(new LdapAttribute("objectClass", "groupOfNames", "posixGroup"));
    newGroup.addAttribute(new LdapAttribute("cn", groupCn));
    newGroup.addAttribute(new LdapAttribute("gidNumber", String.valueOf(groupGidNumber)));
    newGroup.addAttribute(new LdapAttribute("member", "uid=fake," + ThreadProperty.get("LDAP_USER_DN")));
    newGroup.addAttribute(new LdapAttribute("description", groupCn + " group"));
    newGroup.addAttribute(new LdapAttribute("memberUid", "uid=fake," + ThreadProperty.get("LDAP_USER_DN")));
    this.commonspec.getLdapUtils().add(newGroup);
}
 

/**
 * Creates a CAS principal with attributes if the LDAP entry contains principal attributes.
 *
 * @param username Username that was successfully authenticated which is used for principal ID when
 *                 {@link #setPrincipalIdAttribute(String)} is not specified.
 * @param ldapEntry LDAP entry that may contain principal attributes.
 *
 * @return Principal if the LDAP entry contains at least a principal ID attribute value, null otherwise.
 *
 * @throws LoginException On security policy errors related to principal creation.
 */
protected Principal createPrincipal(final String username, final LdapEntry ldapEntry) throws LoginException {
    final String id;
    if (this.principalIdAttribute != null) {
        final LdapAttribute principalAttr = ldapEntry.getAttribute(this.principalIdAttribute);
        if (principalAttr == null || principalAttr.size() == 0) {
            throw new LoginException(this.principalIdAttribute + " attribute not found for " + username);
        }
        if (principalAttr.size() > 1) {
            if (this.allowMultiplePrincipalAttributeValues) {
                logger.warn(
                        "Found multiple values for principal ID attribute: {}. Using first value={}.",
                        principalAttr,
                        principalAttr.getStringValue());
            } else {
                throw new LoginException("Multiple principal values not allowed: " + principalAttr);
            }
        }
        id = principalAttr.getStringValue();
    } else {
        id = username;
    }
    final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
    for (final Map.Entry<String, String> ldapAttr : this.principalAttributeMap.entrySet()) {
        final LdapAttribute attr = ldapEntry.getAttribute(ldapAttr.getKey());
        if (attr != null) {
            logger.debug("Found principal attribute: {}", attr);
            final String principalAttrName = ldapAttr.getValue();
            if (attr.size() > 1) {
                attributeMap.put(principalAttrName, attr.getStringValues());
            } else {
                attributeMap.put(principalAttrName, attr.getStringValue());
            }
        }
    }
    return this.principalFactory.createPrincipal(id, attributeMap);
}
 

@Test
public void shouldModifyLdapEntryByNormalizingIdAttribute() {
  final String id = "{123}";
  final LdapEntry entry = new LdapEntry("uid=user123", new LdapAttribute("uid", id));

  idNormalizer.normalize(entry);

  assertEquals(entry.getAttribute("uid").getStringValue(), "123");
}