joshmoore/lda.sh

## lda.sh
#!/bin/bash

(

set -e
set -u


export CLASSPATH=.:`echo lib/server/*.jar | sed 's/ /:/g'`
cat > ldap.xml <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>

   <bean id="ldapConfig" class="ome.security.auth.LdapConfig">
      <constructor-arg index="0" value="true"/>
      <constructor-arg index="1" value=":attribute:memberOf"/>
      <constructor-arg index="2" value="(objectClass=person)"/>
      <constructor-arg index="3" value="(&amp;(objectClass=group)(mail=omero.flag))"/>
      <constructor-arg index="4" value="omeName=cn,firstName=givenName,lastName=sn,email=mail"/>
      <constructor-arg index="5" value="name=cn"/>
    </bean>

    <bean id="defaultContextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <constructor-arg value="ldaps://bioch-ad3.bioch.ox.ac.uk:3269"/>
        <property name="userDn" value="cn=omerolookup,ou=Service Accounts,dc=bioch,dc=ox,dc=ac,dc=uk"/>
        <property name="password" value="$1"/>
        <property name="base" value="dc=bioch,dc=ox,dc=ac,dc=uk"/>
        <property name="dirObjectFactory"
            value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
        <!-- http://forum.springsource.org/showthread.php?58963-Setting-java-naming-referral-using-namespace-configuration -->
        <property name="baseEnvironmentProperties">
            <map>
                <entry key="java.naming.referral">
                    <value>follow</value>
                </entry>
            </map>
        </property>
    </bean>

    <bean id="keystore" class="ome.security.KeyAndTrustStoreConfiguration" lazy-init="false">
      <description>Sets the keystore and truststore System properties on start-up</description>
      <property name="keyStore" value="/home/dpwrussell/keys/keystore-empty.jks"/>
      <property name="keyStorePassword" value="changeit"/>
      <property name="trustStore" value="/home/dpwrussell/keys/keystore.jks"/>
      <property name="trustStorePassword" value="changeit"/>
    </bean>

    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg ref="defaultContextSource" />
    </bean>

</beans>
EOF

cat > ldap.java <<EOF
/*
 *   Copyright 2011 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */

import java.util.Arrays;
import java.util.List;

import javax.naming.NamingException;
import javax.naming.directory.SearchControls;

import ome.security.auth.GroupAttributeMapper;
import ome.security.auth.LdapConfig;

import org.springframework.context.support.FileSystemXmlApplicationContext;
import org.springframework.ldap.core.*;
import org.springframework.ldap.core.support.*;

public class ldap {

    public static void main(String[] args) throws Exception {

        // Configuration (from XML above)
        FileSystemXmlApplicationContext ctx =
                new FileSystemXmlApplicationContext(new String[]{"classpath:ldap.xml"});

        // Objects we need to use.
        LdapConfig config = ctx.getBean(LdapConfig.class);
        LdapTemplate template = ctx.getBean(LdapTemplate.class);

        String USER = "omerotest";
        System.out.println("Looking for user: " + USER);
        List<String> results = (List<String>)
        template.search("", config.usernameFilter(USER).encode(),
            new ContextMapper(){
                public Object mapFromContext(Object arg0) {
                    DirContextAdapter ctx = (DirContextAdapter) arg0;
                    System.out.println(ctx.getNameInNamespace());
                    return ctx.getNameInNamespace();
                }});
        if (results == null || results.size() == 0) {
            System.out.println("Nothing found!");
        }

	String grpFilter = config.getGroupFilter().encode();
	GroupAttributeMapper mapper = new GroupAttributeMapper(config);
	List<String> filteredNames = (List<String>) template.search("", grpFilter, mapper);
	System.out.println("Groups:" + filteredNames);
    }
}
EOF

cat > ldap.properties <<EOF
log4j.rootCategory=trace, stderr
log4j.appender.stderr=org.apache.log4j.ConsoleAppender
log4j.appender.stderr.target=System.err
log4j.appender.stderr.layout=org.apache.log4j.PatternLayout
log4j.appender.stderr.layout.ConversionPattern = %d %-10.10r [%10.10t] %-6.6p %40.40c %x - %m\n

log4j.category.example = info
EOF

javac ldap.java
java -Dlog4j.configuration=ldap.properties ldap "$@"

)

rm -f ldap.java
rm -f ldap*.class
rm -f ldap.properties
rm -f ldap.xml

## output
Note: ldap.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
2013-10-01 08:25:47,820 0          [      main] INFO   .support.FileSystemXmlApplicationContext  - Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: startup date [Tue Oct 01 08:25:47 BST 2013]; root of context hierarchy
2013-10-01 08:25:47,969 149        [      main] INFO   eans.factory.xml.XmlBeanDefinitionReader  - Loading XML bean definitions from class path resource [ldap.xml]
2013-10-01 08:25:47,982 162        [      main] DEBUG  .beans.factory.xml.DefaultDocumentLoader  - Using JAXP provider [org.apache.xerces.jaxp.DocumentBuilderFactoryImpl]
2013-10-01 08:25:48,195 375        [      main] TRACE  ework.beans.factory.xml.BeansDtdResolver  - Trying to resolve XML entity with public ID [-//SPRING//DTD BEAN//EN] and system ID [http://www.springframework.org/dtd/spring-beans.dtd]
2013-10-01 08:25:48,195 375        [      main] TRACE  ework.beans.factory.xml.BeansDtdResolver  - Trying to locate [spring-beans.dtd] in Spring jar
2013-10-01 08:25:48,195 375        [      main] DEBUG  ework.beans.factory.xml.BeansDtdResolver  - Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd
2013-10-01 08:25:48,226 406        [      main] DEBUG  .xml.DefaultBeanDefinitionDocumentReader  - Loading bean definitions
2013-10-01 08:25:48,261 441        [      main] DEBUG  eans.factory.xml.XmlBeanDefinitionReader  - Loaded 4 bean definitions from location pattern [classpath:ldap.xml]
2013-10-01 08:25:48,261 441        [      main] DEBUG  .support.FileSystemXmlApplicationContext  - Bean factory for org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: org.springframework.beans.factory.support.DefaultListableBeanFactory@5d7f9a29: defining beans [ldapConfig,defaultContextSource,keystore,ldapTemplate]; root of factory hierarchy
2013-10-01 08:25:48,325 505        [      main] DEBUG  .support.FileSystemXmlApplicationContext  - Unable to locate MessageSource with name 'messageSource': using default [org.springframework.context.support.DelegatingMessageSource@21b585b1]
2013-10-01 08:25:48,329 509        [      main] DEBUG  .support.FileSystemXmlApplicationContext  - Unable to locate ApplicationEventMulticaster with name 'applicationEventMulticaster': using default [org.springframework.context.event.SimpleApplicationEventMulticaster@642966f5]
2013-10-01 08:25:48,330 510        [      main] INFO   ctory.support.DefaultListableBeanFactory  - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@5d7f9a29: defining beans [ldapConfig,defaultContextSource,keystore,ldapTemplate]; root of factory hierarchy
2013-10-01 08:25:48,330 510        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating shared instance of singleton bean 'ldapConfig'
2013-10-01 08:25:48,331 511        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating instance of bean 'ldapConfig'
2013-10-01 08:25:48,429 609        [      main] TRACE  ingframework.beans.TypeConverterDelegate  - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
2013-10-01 08:25:48,431 611        [      main] TRACE  ctory.support.DefaultListableBeanFactory  - Ignoring constructor [public ome.security.auth.LdapConfig(boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean,java.lang.String)] of bean 'ldapConfig': org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ldapConfig' defined in class path resource [ldap.xml]: Unsatisfied dependency expressed through constructor argument with index 6 of type [boolean]: Ambiguous constructor argument types - did you specify the correct bean references as constructor arguments?
2013-10-01 08:25:48,431 611        [      main] TRACE  ingframework.beans.TypeConverterDelegate  - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
2013-10-01 08:25:48,432 612        [      main] TRACE  ctory.support.DefaultListableBeanFactory  - Ignoring constructor [public ome.security.auth.LdapConfig(boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)] of bean 'ldapConfig': org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ldapConfig' defined in class path resource [ldap.xml]: Unsatisfied dependency expressed through constructor argument with index 6 of type [boolean]: Ambiguous constructor argument types - did you specify the correct bean references as constructor arguments?
2013-10-01 08:25:48,432 612        [      main] TRACE  ingframework.beans.TypeConverterDelegate  - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
2013-10-01 08:25:48,436 616        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Eagerly caching bean 'ldapConfig' to allow for resolving potential circular references
2013-10-01 08:25:48,437 617        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Finished creating instance of bean 'ldapConfig'
2013-10-01 08:25:48,437 617        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating shared instance of singleton bean 'defaultContextSource'
2013-10-01 08:25:48,437 617        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating instance of bean 'defaultContextSource'
2013-10-01 08:25:48,447 627        [      main] INFO   .ldap.DefaultSpringSecurityContextSource  -  URL 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269', root DN is ''
2013-10-01 08:25:48,453 633        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Eagerly caching bean 'defaultContextSource' to allow for resolving potential circular references
2013-10-01 08:25:48,456 636        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Getting BeanInfo for class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]
2013-10-01 08:25:48,463 643        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Caching PropertyDescriptors for class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]
2013-10-01 08:25:48,463 643        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'anonymousReadOnly' of type [boolean]
2013-10-01 08:25:48,464 644        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'authenticationSource' of type [org.springframework.ldap.core.AuthenticationSource]
2013-10-01 08:25:48,464 644        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'authenticationStrategy' of type [org.springframework.ldap.core.support.DirContextAuthenticationStrategy]
2013-10-01 08:25:48,464 644        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'base' of type [java.lang.String]
2013-10-01 08:25:48,465 645        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'baseEnvironmentProperties' of type [java.util.Map]
2013-10-01 08:25:48,465 645        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'baseLdapPath' of type [org.springframework.ldap.core.DistinguishedName]
2013-10-01 08:25:48,465 645        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'baseLdapPathAsString' of type [java.lang.String]
2013-10-01 08:25:48,465 645        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'cacheEnvironmentProperties' of type [boolean]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'class' of type [java.lang.Class]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'contextFactory' of type [java.lang.Class]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'dirObjectFactory' of type [java.lang.Class]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'password' of type [java.lang.String]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'pooled' of type [boolean]
2013-10-01 08:25:48,466 646        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'readOnlyContext' of type [javax.naming.directory.DirContext]
2013-10-01 08:25:48,467 647        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'readWriteContext' of type [javax.naming.directory.DirContext]
2013-10-01 08:25:48,467 647        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'referral' of type [java.lang.String]
2013-10-01 08:25:48,467 647        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'url' of type [java.lang.String]
2013-10-01 08:25:48,468 648        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'urls' of type [[Ljava.lang.String;]
2013-10-01 08:25:48,468 648        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'userDn' of type [java.lang.String]
2013-10-01 08:25:48,470 650        [      main] TRACE  ingframework.beans.TypeConverterDelegate  - Converting String to [class java.lang.Class] using property editor [org.springframework.beans.propertyeditors.ClassEditor@631b380e]
2013-10-01 08:25:48,482 662        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Invoking afterPropertiesSet() on bean with name 'defaultContextSource'
2013-10-01 08:25:48,487 667        [      main] DEBUG  .ldap.core.support.AbstractContextSource  - AuthenticationSource not set - using default implementation
2013-10-01 08:25:48,487 667        [      main] DEBUG  .ldap.core.support.AbstractContextSource  - Using LDAP pooling.
2013-10-01 08:25:48,488 668        [      main] DEBUG  .ldap.core.support.AbstractContextSource  - Trying provider Urls: ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk
2013-10-01 08:25:48,488 668        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Finished creating instance of bean 'defaultContextSource'
2013-10-01 08:25:48,489 669        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating shared instance of singleton bean 'keystore'
2013-10-01 08:25:48,489 669        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating instance of bean 'keystore'
2013-10-01 08:25:48,490 670        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Eagerly caching bean 'keystore' to allow for resolving potential circular references
2013-10-01 08:25:48,490 670        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Getting BeanInfo for class [ome.security.KeyAndTrustStoreConfiguration]
2013-10-01 08:25:48,493 673        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Caching PropertyDescriptors for class [ome.security.KeyAndTrustStoreConfiguration]
2013-10-01 08:25:48,493 673        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'class' of type [java.lang.Class]
2013-10-01 08:25:48,493 673        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'keyStore' of type [java.lang.String]
2013-10-01 08:25:48,493 673        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'keyStorePassword' of type [java.lang.String]
2013-10-01 08:25:48,494 674        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'trustStore' of type [java.lang.String]
2013-10-01 08:25:48,494 674        [      main] TRACE  amework.beans.CachedIntrospectionResults  - Found bean property 'trustStorePassword' of type [java.lang.String]
2013-10-01 08:25:48,494 674        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Invoking afterPropertiesSet() on bean with name 'keystore'
2013-10-01 08:25:48,495 675        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Finished creating instance of bean 'keystore'
2013-10-01 08:25:48,495 675        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating shared instance of singleton bean 'ldapTemplate'
2013-10-01 08:25:48,495 675        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Creating instance of bean 'ldapTemplate'
2013-10-01 08:25:48,496 676        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Returning cached instance of singleton bean 'defaultContextSource'
2013-10-01 08:25:48,517 697        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Eagerly caching bean 'ldapTemplate' to allow for resolving potential circular references
2013-10-01 08:25:48,518 698        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Invoking afterPropertiesSet() on bean with name 'ldapTemplate'
2013-10-01 08:25:48,518 698        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Finished creating instance of bean 'ldapTemplate'
2013-10-01 08:25:48,520 700        [      main] DEBUG  .support.FileSystemXmlApplicationContext  - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default [org.springframework.context.support.DefaultLifecycleProcessor@62b6bb33]
2013-10-01 08:25:48,520 700        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Returning cached instance of singleton bean 'lifecycleProcessor'
2013-10-01 08:25:48,521 701        [      main] TRACE  .support.FileSystemXmlApplicationContext  - Publishing event in org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: org.springframework.context.event.ContextRefreshedEvent[source=org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: startup date [Tue Oct 01 08:25:47 BST 2013]; root of context hierarchy]
2013-10-01 08:25:48,522 702        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Returning cached instance of singleton bean 'ldapConfig'
2013-10-01 08:25:48,522 702        [      main] DEBUG  ctory.support.DefaultListableBeanFactory  - Returning cached instance of singleton bean 'ldapTemplate'
Looking for user: omerotest
2013-10-01 08:25:49,065 1245       [      main] DEBUG  .ldap.core.support.AbstractContextSource  - Got Ldap context on server 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk'
cn=omerotest,ou=Davis Group,ou=Users - Lab,dc=bioch,dc=ox,dc=ac,dc=uk
2013-10-01 08:25:49,284 1464       [      main] DEBUG  .ldap.core.support.AbstractContextSource  - Got Ldap context on server 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk'
Groups:[omerotestgroup]

## suggestions.txt
https://wiki.shibboleth.net/confluence/display/SHIB2/LdapServerIssues#LdapServerIssues-Referrals

Reconfigure the data connector to instead use the AD Global Catalog (GC) as the source of attributes. This may be accomplished by using port 3268/3269 for the LDAP query rather than 389/636. This avoids the referral problem by ensuring that no referrals will be returned. However, this carries with it a couple of issues:
Not all AD domain controllers hold a copy of the GC.
The data available in the GC is not the full set of user attribute data, but rather only the partial attribute set that AD is configured to replicate to the GC. Current and future user attribute needs should be evaluated against the presence of the needed data in AD, and the willingness to configure the GC with additional attributes as needed. This is especially true if uncommon attributes or custom LDAP schema are to be used.
	#!/bin/bash

	(

	set -e
	set -u


	export CLASSPATH=.:`echo lib/server/*.jar \| sed 's/ /:/g'`
	cat > ldap.xml <<EOF
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
	<beans>

	<bean id="ldapConfig" class="ome.security.auth.LdapConfig">
	<constructor-arg index="0" value="true"/>
	<constructor-arg index="1" value=":attribute:memberOf"/>
	<constructor-arg index="2" value="(objectClass=person)"/>
	<constructor-arg index="3" value="(&(objectClass=group)(mail=omero.flag))"/>
	<constructor-arg index="4" value="omeName=cn,firstName=givenName,lastName=sn,email=mail"/>
	<constructor-arg index="5" value="name=cn"/>
	</bean>

	<bean id="defaultContextSource"
	class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
	<constructor-arg value="ldaps://bioch-ad3.bioch.ox.ac.uk:3269"/>
	<property name="userDn" value="cn=omerolookup,ou=Service Accounts,dc=bioch,dc=ox,dc=ac,dc=uk"/>
	<property name="password" value="$1"/>
	<property name="base" value="dc=bioch,dc=ox,dc=ac,dc=uk"/>
	<property name="dirObjectFactory"
	value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
	<!-- http://forum.springsource.org/showthread.php?58963-Setting-java-naming-referral-using-namespace-configuration -->
	<property name="baseEnvironmentProperties">
	<map>
	<entry key="java.naming.referral">
	<value>follow</value>
	</entry>
	</map>
	</property>
	</bean>

	<bean id="keystore" class="ome.security.KeyAndTrustStoreConfiguration" lazy-init="false">
	<description>Sets the keystore and truststore System properties on start-up</description>
	<property name="keyStore" value="/home/dpwrussell/keys/keystore-empty.jks"/>
	<property name="keyStorePassword" value="changeit"/>
	<property name="trustStore" value="/home/dpwrussell/keys/keystore.jks"/>
	<property name="trustStorePassword" value="changeit"/>
	</bean>

	<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
	<constructor-arg ref="defaultContextSource" />
	</bean>

	</beans>
	EOF

	cat > ldap.java <<EOF
	/*
	* Copyright 2011 Glencoe Software, Inc. All rights reserved.
	* Use is subject to license terms supplied in LICENSE.txt
	*/

	import java.util.Arrays;
	import java.util.List;

	import javax.naming.NamingException;
	import javax.naming.directory.SearchControls;

	import ome.security.auth.GroupAttributeMapper;
	import ome.security.auth.LdapConfig;

	import org.springframework.context.support.FileSystemXmlApplicationContext;
	import org.springframework.ldap.core.*;
	import org.springframework.ldap.core.support.*;

	public class ldap {

	public static void main(String[] args) throws Exception {

	// Configuration (from XML above)
	FileSystemXmlApplicationContext ctx =
	new FileSystemXmlApplicationContext(new String[]{"classpath:ldap.xml"});

	// Objects we need to use.
	LdapConfig config = ctx.getBean(LdapConfig.class);
	LdapTemplate template = ctx.getBean(LdapTemplate.class);

	String USER = "omerotest";
	System.out.println("Looking for user: " + USER);
	List<String> results = (List<String>)
	template.search("", config.usernameFilter(USER).encode(),
	new ContextMapper(){
	public Object mapFromContext(Object arg0) {
	DirContextAdapter ctx = (DirContextAdapter) arg0;
	System.out.println(ctx.getNameInNamespace());
	return ctx.getNameInNamespace();
	}});
	if (results == null \|\| results.size() == 0) {
	System.out.println("Nothing found!");
	}

	String grpFilter = config.getGroupFilter().encode();
	GroupAttributeMapper mapper = new GroupAttributeMapper(config);
	List<String> filteredNames = (List<String>) template.search("", grpFilter, mapper);
	System.out.println("Groups:" + filteredNames);
	}
	}
	EOF

	cat > ldap.properties <<EOF
	log4j.rootCategory=trace, stderr
	log4j.appender.stderr=org.apache.log4j.ConsoleAppender
	log4j.appender.stderr.target=System.err
	log4j.appender.stderr.layout=org.apache.log4j.PatternLayout
	log4j.appender.stderr.layout.ConversionPattern = %d %-10.10r [%10.10t] %-6.6p %40.40c %x - %m\n

	log4j.category.example = info
	EOF

	javac ldap.java
	java -Dlog4j.configuration=ldap.properties ldap "$@"

	)

	rm -f ldap.java
	rm -f ldap*.class
	rm -f ldap.properties
	rm -f ldap.xml
	Note: ldap.java uses unchecked or unsafe operations.
	Note: Recompile with -Xlint:unchecked for details.
	2013-10-01 08:25:47,820 0 [ main] INFO .support.FileSystemXmlApplicationContext - Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: startup date [Tue Oct 01 08:25:47 BST 2013]; root of context hierarchy
	2013-10-01 08:25:47,969 149 [ main] INFO eans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from class path resource [ldap.xml]
	2013-10-01 08:25:47,982 162 [ main] DEBUG .beans.factory.xml.DefaultDocumentLoader - Using JAXP provider [org.apache.xerces.jaxp.DocumentBuilderFactoryImpl]
	2013-10-01 08:25:48,195 375 [ main] TRACE ework.beans.factory.xml.BeansDtdResolver - Trying to resolve XML entity with public ID [-//SPRING//DTD BEAN//EN] and system ID [http://www.springframework.org/dtd/spring-beans.dtd]
	2013-10-01 08:25:48,195 375 [ main] TRACE ework.beans.factory.xml.BeansDtdResolver - Trying to locate [spring-beans.dtd] in Spring jar
	2013-10-01 08:25:48,195 375 [ main] DEBUG ework.beans.factory.xml.BeansDtdResolver - Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd
	2013-10-01 08:25:48,226 406 [ main] DEBUG .xml.DefaultBeanDefinitionDocumentReader - Loading bean definitions
	2013-10-01 08:25:48,261 441 [ main] DEBUG eans.factory.xml.XmlBeanDefinitionReader - Loaded 4 bean definitions from location pattern [classpath:ldap.xml]
	2013-10-01 08:25:48,261 441 [ main] DEBUG .support.FileSystemXmlApplicationContext - Bean factory for org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: org.springframework.beans.factory.support.DefaultListableBeanFactory@5d7f9a29: defining beans [ldapConfig,defaultContextSource,keystore,ldapTemplate]; root of factory hierarchy
	2013-10-01 08:25:48,325 505 [ main] DEBUG .support.FileSystemXmlApplicationContext - Unable to locate MessageSource with name 'messageSource': using default [org.springframework.context.support.DelegatingMessageSource@21b585b1]
	2013-10-01 08:25:48,329 509 [ main] DEBUG .support.FileSystemXmlApplicationContext - Unable to locate ApplicationEventMulticaster with name 'applicationEventMulticaster': using default [org.springframework.context.event.SimpleApplicationEventMulticaster@642966f5]
	2013-10-01 08:25:48,330 510 [ main] INFO ctory.support.DefaultListableBeanFactory - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@5d7f9a29: defining beans [ldapConfig,defaultContextSource,keystore,ldapTemplate]; root of factory hierarchy
	2013-10-01 08:25:48,330 510 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating shared instance of singleton bean 'ldapConfig'
	2013-10-01 08:25:48,331 511 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating instance of bean 'ldapConfig'
	2013-10-01 08:25:48,429 609 [ main] TRACE ingframework.beans.TypeConverterDelegate - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
	2013-10-01 08:25:48,431 611 [ main] TRACE ctory.support.DefaultListableBeanFactory - Ignoring constructor [public ome.security.auth.LdapConfig(boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean,java.lang.String)] of bean 'ldapConfig': org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ldapConfig' defined in class path resource [ldap.xml]: Unsatisfied dependency expressed through constructor argument with index 6 of type [boolean]: Ambiguous constructor argument types - did you specify the correct bean references as constructor arguments?
	2013-10-01 08:25:48,431 611 [ main] TRACE ingframework.beans.TypeConverterDelegate - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
	2013-10-01 08:25:48,432 612 [ main] TRACE ctory.support.DefaultListableBeanFactory - Ignoring constructor [public ome.security.auth.LdapConfig(boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)] of bean 'ldapConfig': org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ldapConfig' defined in class path resource [ldap.xml]: Unsatisfied dependency expressed through constructor argument with index 6 of type [boolean]: Ambiguous constructor argument types - did you specify the correct bean references as constructor arguments?
	2013-10-01 08:25:48,432 612 [ main] TRACE ingframework.beans.TypeConverterDelegate - Converting String to [boolean] using property editor [org.springframework.beans.propertyeditors.CustomBooleanEditor@7782d113]
	2013-10-01 08:25:48,436 616 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Eagerly caching bean 'ldapConfig' to allow for resolving potential circular references
	2013-10-01 08:25:48,437 617 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Finished creating instance of bean 'ldapConfig'
	2013-10-01 08:25:48,437 617 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating shared instance of singleton bean 'defaultContextSource'
	2013-10-01 08:25:48,437 617 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating instance of bean 'defaultContextSource'
	2013-10-01 08:25:48,447 627 [ main] INFO .ldap.DefaultSpringSecurityContextSource - URL 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269', root DN is ''
	2013-10-01 08:25:48,453 633 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Eagerly caching bean 'defaultContextSource' to allow for resolving potential circular references
	2013-10-01 08:25:48,456 636 [ main] TRACE amework.beans.CachedIntrospectionResults - Getting BeanInfo for class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]
	2013-10-01 08:25:48,463 643 [ main] TRACE amework.beans.CachedIntrospectionResults - Caching PropertyDescriptors for class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]
	2013-10-01 08:25:48,463 643 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'anonymousReadOnly' of type [boolean]
	2013-10-01 08:25:48,464 644 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'authenticationSource' of type [org.springframework.ldap.core.AuthenticationSource]
	2013-10-01 08:25:48,464 644 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'authenticationStrategy' of type [org.springframework.ldap.core.support.DirContextAuthenticationStrategy]
	2013-10-01 08:25:48,464 644 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'base' of type [java.lang.String]
	2013-10-01 08:25:48,465 645 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'baseEnvironmentProperties' of type [java.util.Map]
	2013-10-01 08:25:48,465 645 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'baseLdapPath' of type [org.springframework.ldap.core.DistinguishedName]
	2013-10-01 08:25:48,465 645 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'baseLdapPathAsString' of type [java.lang.String]
	2013-10-01 08:25:48,465 645 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'cacheEnvironmentProperties' of type [boolean]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'class' of type [java.lang.Class]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'contextFactory' of type [java.lang.Class]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'dirObjectFactory' of type [java.lang.Class]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'password' of type [java.lang.String]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'pooled' of type [boolean]
	2013-10-01 08:25:48,466 646 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'readOnlyContext' of type [javax.naming.directory.DirContext]
	2013-10-01 08:25:48,467 647 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'readWriteContext' of type [javax.naming.directory.DirContext]
	2013-10-01 08:25:48,467 647 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'referral' of type [java.lang.String]
	2013-10-01 08:25:48,467 647 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'url' of type [java.lang.String]
	2013-10-01 08:25:48,468 648 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'urls' of type [[Ljava.lang.String;]
	2013-10-01 08:25:48,468 648 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'userDn' of type [java.lang.String]
	2013-10-01 08:25:48,470 650 [ main] TRACE ingframework.beans.TypeConverterDelegate - Converting String to [class java.lang.Class] using property editor [org.springframework.beans.propertyeditors.ClassEditor@631b380e]
	2013-10-01 08:25:48,482 662 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Invoking afterPropertiesSet() on bean with name 'defaultContextSource'
	2013-10-01 08:25:48,487 667 [ main] DEBUG .ldap.core.support.AbstractContextSource - AuthenticationSource not set - using default implementation
	2013-10-01 08:25:48,487 667 [ main] DEBUG .ldap.core.support.AbstractContextSource - Using LDAP pooling.
	2013-10-01 08:25:48,488 668 [ main] DEBUG .ldap.core.support.AbstractContextSource - Trying provider Urls: ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk
	2013-10-01 08:25:48,488 668 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Finished creating instance of bean 'defaultContextSource'
	2013-10-01 08:25:48,489 669 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating shared instance of singleton bean 'keystore'
	2013-10-01 08:25:48,489 669 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating instance of bean 'keystore'
	2013-10-01 08:25:48,490 670 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Eagerly caching bean 'keystore' to allow for resolving potential circular references
	2013-10-01 08:25:48,490 670 [ main] TRACE amework.beans.CachedIntrospectionResults - Getting BeanInfo for class [ome.security.KeyAndTrustStoreConfiguration]
	2013-10-01 08:25:48,493 673 [ main] TRACE amework.beans.CachedIntrospectionResults - Caching PropertyDescriptors for class [ome.security.KeyAndTrustStoreConfiguration]
	2013-10-01 08:25:48,493 673 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'class' of type [java.lang.Class]
	2013-10-01 08:25:48,493 673 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'keyStore' of type [java.lang.String]
	2013-10-01 08:25:48,493 673 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'keyStorePassword' of type [java.lang.String]
	2013-10-01 08:25:48,494 674 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'trustStore' of type [java.lang.String]
	2013-10-01 08:25:48,494 674 [ main] TRACE amework.beans.CachedIntrospectionResults - Found bean property 'trustStorePassword' of type [java.lang.String]
	2013-10-01 08:25:48,494 674 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Invoking afterPropertiesSet() on bean with name 'keystore'
	2013-10-01 08:25:48,495 675 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Finished creating instance of bean 'keystore'
	2013-10-01 08:25:48,495 675 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating shared instance of singleton bean 'ldapTemplate'
	2013-10-01 08:25:48,495 675 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Creating instance of bean 'ldapTemplate'
	2013-10-01 08:25:48,496 676 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'defaultContextSource'
	2013-10-01 08:25:48,517 697 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Eagerly caching bean 'ldapTemplate' to allow for resolving potential circular references
	2013-10-01 08:25:48,518 698 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Invoking afterPropertiesSet() on bean with name 'ldapTemplate'
	2013-10-01 08:25:48,518 698 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Finished creating instance of bean 'ldapTemplate'
	2013-10-01 08:25:48,520 700 [ main] DEBUG .support.FileSystemXmlApplicationContext - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default [org.springframework.context.support.DefaultLifecycleProcessor@62b6bb33]
	2013-10-01 08:25:48,520 700 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'lifecycleProcessor'
	2013-10-01 08:25:48,521 701 [ main] TRACE .support.FileSystemXmlApplicationContext - Publishing event in org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: org.springframework.context.event.ContextRefreshedEvent[source=org.springframework.context.support.FileSystemXmlApplicationContext@4677bcd5: startup date [Tue Oct 01 08:25:47 BST 2013]; root of context hierarchy]
	2013-10-01 08:25:48,522 702 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'ldapConfig'
	2013-10-01 08:25:48,522 702 [ main] DEBUG ctory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'ldapTemplate'
	Looking for user: omerotest
	2013-10-01 08:25:49,065 1245 [ main] DEBUG .ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk'
	cn=omerotest,ou=Davis Group,ou=Users - Lab,dc=bioch,dc=ox,dc=ac,dc=uk
	2013-10-01 08:25:49,284 1464 [ main] DEBUG .ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldaps://bioch-ad3.bioch.ox.ac.uk:3269/dc=bioch,dc=ox,dc=ac,dc=uk'
	Groups:[omerotestgroup]
	https://wiki.shibboleth.net/confluence/display/SHIB2/LdapServerIssues#LdapServerIssues-Referrals

	Reconfigure the data connector to instead use the AD Global Catalog (GC) as the source of attributes. This may be accomplished by using port 3268/3269 for the LDAP query rather than 389/636. This avoids the referral problem by ensuring that no referrals will be returned. However, this carries with it a couple of issues:
	Not all AD domain controllers hold a copy of the GC.
	The data available in the GC is not the full set of user attribute data, but rather only the partial attribute set that AD is configured to replicate to the GC. Current and future user attribute needs should be evaluated against the presence of the needed data in AD, and the willingness to configure the GC with additional attributes as needed. This is especially true if uncommon attributes or custom LDAP schema are to be used.