Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to set the rep:externalId if it is missing in AEM due to users being migrated from an older version of CQ/AEM
import org.apache.jackrabbit.oak.spi.commit.CommitInfo
import org.apache.jackrabbit.oak.spi.commit.EmptyHook
import org.apache.jackrabbit.oak.spi.state.NodeStore
import org.apache.jackrabbit.oak.commons.PathUtils
import com.google.common.collect.Lists
import java.util.List
public class FixLDAPUsers {
private out;
public FixLDAPUsers(def out) {
this.out = out;
}
public setRepUserProps(def session, def argpath, def ldapConfigName, def isDryRun=true) {
out.println("Running... (Dry Run)");
if (!PathUtils.isValid(argpath)) {
out.println("Not a valid path: " + argpath);
return;
}
String path = argpath;
List<String> elements = Lists.newArrayList();
PathUtils.elements(path).each{String element ->
if (PathUtils.denotesParent(element)) {
if (!elements.isEmpty()) {
elements.remove(elements.size() - 1);
}
} else if (!PathUtils.denotesCurrent(element)) {
elements.add(element);
}
}
NodeStore nstore = session.getRootNode().sessionDelegate.root.store
def rs = nstore.root
def ns = rs
def rnb = rs.builder()
//def nb = rnb;
elements.each {
if(it.size() > 0) {
ns = ns.getChildNode(it)
}
}
def entryIter = ns.getChildNodeEntries()
entryIter.each {
setRepUserPropsRecurse(session, nstore, argpath + "/" + it.getName(), ns, it, ldapConfigName, isDryRun)
}
session.refresh(true);
}
private setRepUserPropsRecurse(def session, def nodeStore, def curPath, def parentState, def childEntry, def ldapConfigName, def isDryRun) {
def ns = childEntry.getNodeState()
def entryIter = ns.getChildNodeEntries()
entryIter.each {
def childNS = it.getNodeState();
def primaryType = null;
def principalName = null;
if(childNS.hasProperty("jcr:primaryType") && childNS.hasProperty("rep:principalName")) {
primaryType = childNS.getProperty("jcr:primaryType").getValue(childNS.getProperty("jcr:primaryType").getType());
principalName = childNS.getProperty("rep:principalName").getValue(childNS.getProperty("rep:principalName").getType());
if(("rep:User".equals(primaryType) || "rep:Group".equals(primaryType)) && principalName != null && (principalName.toLowerCase().startsWith("uid=") || principalName.toLowerCase().startsWith("cn="))) {
out.println(curPath + "/" + it.getName() + " has rep:principalName = " + principalName);
out.println(" Setting properties: ");
out.println(" rep:authorizableId=" + it.getName()) // + principalName.substring(principalName.indexOf("=")+1, principalName.indexOf(",")));
out.println(" rep:externalId=" + principalName + ";" + ldapConfigName );
if(!isDryRun) {
def rnb = nodeStore.root.builder()
def nb = getNodeBuilderForPath(rnb, curPath);
def cnb = nb.getChildNode(it.getName())
cnb.setProperty("rep:authorizableId", it.getName()) //principalName.substring(principalName.indexOf("=")+1, principalName.indexOf(",")));
cnb.setProperty("rep:externalId", principalName + ";" + ldapConfigName );
nodeStore.merge(rnb, EmptyHook.INSTANCE, CommitInfo.EMPTY);
out.println(" Changes saved for " + principalName);
}
return;
}
}
setRepUserPropsRecurse(session, nodeStore, curPath + "/" + it.getName(), parentState, it, ldapConfigName, isDryRun)
}
}
private getNodeBuilderForPath(def rootNodeBuilder, def argpath) {
def nb = rootNodeBuilder
String path;
if (PathUtils.isAbsolute(argpath)) {
path = argpath;
} else {
path = PathUtils.concat(session.getWorkingPath(), argpath);
}
List<String> elements = Lists.newArrayList();
PathUtils.elements(path).each{String element ->
if (PathUtils.denotesParent(element)) {
if (!elements.isEmpty()) {
elements.remove(elements.size() - 1);
}
} else if (!PathUtils.denotesCurrent(element)) {
elements.add(element);
}
}
elements.each {
if(it.size() > 0) {
nb = nb.getChildNode(it)
}
}
return nb
}
}
def runFixer(session) {
out.println("Running user fixer")
new FixLDAPUsers(out).setRepUserProps(session, "/home", "ldap")
out.println("Done")
null
}
def runFixer() {
def repo = osgi.getService(org.apache.sling.jcr.api.SlingRepository)
def session = repo.loginAdministrative(null)
try {
runFixer(session)
} finally {
session.logout()
}
}
runFixer()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment