apache · dtmo · Jul 20, 2019
diff --git a/...-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java b/...-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
@@ -500,7 +500,7 @@ protected User doMapFromContext(DirContextOperations ctx) {
                             final User user = new User.Builder().identifierGenerateFromSeed(identity).identity(identity).build();
 
                             // store the user for group member later
-                            userLookup.put(getReferencedUserValue(ctx), user);
+                            userLookup.put(IdentityMappingUtil.mapIdentity(getReferencedUserValue(ctx), identityMappings), user);
 
                             if (StringUtils.isNotBlank(userGroupNameAttribute)) {
                                 final Attribute attributeGroups = ctx.getAttributes().get(userGroupNameAttribute);
@@ -569,7 +569,7 @@ protected Group doMapFromContext(DirContextOperations ctx) {
                                     try {
                                         final NamingEnumeration<String> userValues = (NamingEnumeration<String>) attributeUsers.getAll();
                                         while (userValues.hasMoreElements()) {
-                                            final String userValue = userValues.next();
+                                            final String userValue = IdentityMappingUtil.mapIdentity(userValues.next(), identityMappings);
 
                                             if (performUserSearch) {
                                                 // find the user by it's referenced attribute and add the identifier to this group

diff --git a/...p-iaa-providers/src/test/java/org/apache/nifi/ldap/tenants/LdapUserGroupProviderTest.java b/...p-iaa-providers/src/test/java/org/apache/nifi/ldap/tenants/LdapUserGroupProviderTest.java
@@ -263,7 +263,7 @@ public void testSearchGroupsWithNoNameAttribute() throws Exception {
         ldapUserGroupProvider.onConfigured(configurationContext);
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
         assertEquals(1, groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).count());
     }
 
@@ -274,7 +274,7 @@ public void testSearchGroupsWithPaging() throws Exception {
         when(configurationContext.getProperty(PROP_PAGE_SIZE)).thenReturn(new StandardPropertyValue("1", null));
         ldapUserGroupProvider.onConfigured(configurationContext);
 
-        assertEquals(4, ldapUserGroupProvider.getGroups().size());
+        assertEquals(5, ldapUserGroupProvider.getGroups().size());
     }
 
     @Test
@@ -295,7 +295,7 @@ public void testSearchGroupsSubtreeSearchScope() throws Exception {
         when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.SUBTREE.name(), null));
         ldapUserGroupProvider.onConfigured(configurationContext);
 
-        assertEquals(4, ldapUserGroupProvider.getGroups().size());
+        assertEquals(5, ldapUserGroupProvider.getGroups().size());
     }
 
     @Test
@@ -306,7 +306,7 @@ public void testSearchGroupsWithNameAttribute() throws Exception {
         ldapUserGroupProvider.onConfigured(configurationContext);
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(admins);
@@ -324,7 +324,7 @@ public void testSearchGroupsWithNoNameAndUserIdentityUidAttribute() throws Excep
         ldapUserGroupProvider.onConfigured(configurationContext);
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group admins = groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(admins);
@@ -343,7 +343,7 @@ public void testSearchGroupsWithNameAndUserIdentityCnAttribute() throws Exceptio
         ldapUserGroupProvider.onConfigured(configurationContext);
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(admins);
@@ -373,7 +373,7 @@ public void testSearchUsersAndGroupsNoMembership() throws Exception {
         assertEquals(8, ldapUserGroupProvider.getUsers().size());
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
         groups.forEach(group -> assertTrue(group.getUsers().isEmpty()));
     }
 
@@ -388,7 +388,7 @@ public void testSearchUsersAndGroupsMembershipThroughUsers() throws Exception {
         assertEquals(8, ldapUserGroupProvider.getUsers().size());
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group team1 = groups.stream().filter(group -> "team1".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(team1);
@@ -416,7 +416,7 @@ public void testSearchUsersAndGroupsMembershipThroughGroups() throws Exception {
         assertEquals(8, ldapUserGroupProvider.getUsers().size());
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(admins);
@@ -447,6 +447,38 @@ public void testSearchUsersAndGroupsMembershipThroughGroups() throws Exception {
                 user -> "user1".equals(user.getIdentity())).count());
     }
 
+    @Test
+    public void testSearchUsersAndGroupsMembershipThroughGroupsWithTransforms() throws Exception {
+        final Properties props = new Properties();
+        props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
+        props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
+        props.setProperty("nifi.security.identity.mapping.transform.dn1", "UPPER");
+        props.setProperty("nifi.security.group.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
+        props.setProperty("nifi.security.group.mapping.value.dn1", "$1");
+        props.setProperty("nifi.security.group.mapping.transform.dn1", "UPPER");
+
+        final NiFiProperties properties = getNiFiProperties(props);
+        ldapUserGroupProvider.setNiFiProperties(properties);
+
+        final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
+        when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null));
+        when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
+        when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null));
+        ldapUserGroupProvider.onConfigured(configurationContext);
+
+        assertEquals(8, ldapUserGroupProvider.getUsers().size());
+
+        final Set<Group> groups = ldapUserGroupProvider.getGroups();
+        assertEquals(5, groups.size());
+
+        final Group admins = groups.stream().filter(group -> "teamCaseInsensitive".equals(group.getName())).findFirst().orElse(null);
+        assertNotNull(admins);
+        assertEquals(2, admins.getUsers().size());
+        assertEquals(2, admins.getUsers().stream().map(
+                userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
+                user -> "user1".equals(user.getIdentity()) || "user2".equals(user.getIdentity())).count());
+    }
+
     @Test
     public void testSearchUsersAndGroupsMembershipThroughUsersAndGroups() throws Exception {
         final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
@@ -459,7 +491,7 @@ public void testSearchUsersAndGroupsMembershipThroughUsersAndGroups() throws Exc
         assertEquals(8, ldapUserGroupProvider.getUsers().size());
 
         final Set<Group> groups = ldapUserGroupProvider.getGroups();
-        assertEquals(4, groups.size());
+        assertEquals(5, groups.size());
 
         final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
         assertNotNull(admins);

diff --git a/...fi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/test/resources/nifi-example.ldif b/...fi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/test/resources/nifi-example.ldif
@@ -157,6 +157,13 @@ objectClass: top
 cn: team2
 member: cn=User 1,ou=users,o=nifi
 
+dn: cn=teamCaseInsensitive,ou=groups,o=nifi
+objectClass: groupOfNames
+objectClass: top
+cn: teamCaseInsensitive
+member: cn=user 1,ou=Users,o=NiFi
+member: cn=USER 2,ou=USERS,o=NIFI
+
 ## since the embedded ldap requires member to be fqdn, we are simulating using room and description
 
 dn: cn=team3,ou=groups-2,o=nifi