Example 1 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class DSAMERole method getValidValues.
/**
* Returns a list of possible values for the <code>Subject
* </code> that matches the pattern.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
}
try {
AMStoreConnection amConnection = new AMStoreConnection(token);
AMOrganization orgObject = amConnection.getOrganization(organizationDN);
AMSearchControl sc = new AMSearchControl();
sc.setMaxResults(maxResults);
sc.setTimeOut(timeLimit);
sc.setSearchScope(roleSearchScope);
AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
int status;
switch(results.getErrorCode()) {
case AMSearchResults.SUCCESS:
status = ValidValues.SUCCESS;
break;
case AMSearchResults.SIZE_LIMIT_EXCEEDED:
status = ValidValues.SIZE_LIMIT_EXCEEDED;
break;
case AMSearchResults.TIME_LIMIT_EXCEEDED:
status = ValidValues.TIME_LIMIT_EXCEEDED;
break;
default:
status = ValidValues.SUCCESS;
}
return new ValidValues(status, results.getSearchResults());
} catch (AMException e) {
LdapException lde = e.getLDAPException();
if (lde != null) {
ResultCode ldapErrorCode = lde.getResult().getResultCode();
if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
String[] objs = { organizationDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
}
String errorMsg = lde.getResult().getDiagnosticMessage();
String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
throw new PolicyException(e);
}
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMSearchControl(com.iplanet.am.sdk.AMSearchControl)
PolicyException(com.sun.identity.policy.PolicyException)
ValidValues(com.sun.identity.policy.ValidValues)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMException(com.iplanet.am.sdk.AMException)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 2 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method deleteSubOrganization.
/**
* Deletes sub-organiation using AMSDK. If recursive flag is set, then all
* sub-entries are also removed. Else if sub-entries are present this will
* throw an exception.
*/
void deleteSubOrganization(String subOrgName) throws SMSException {
try {
// Check if subOrgName is empty or null
if (subOrgName == null || subOrgName.trim().length() == 0) {
if (parentOrg.isExists()) {
parentOrg.delete(true);
}
return;
}
// Check if it is a hidden realm
if (subOrgName.startsWith(SMSEntry.SUN_INTERNAL_REALM_NAME)) {
return;
}
// Get the suborg DN
Set subOrgDNs = parentOrg.searchSubOrganizations(subOrgName, AMConstants.SCOPE_ONE);
if (subOrgDNs != null && !subOrgDNs.isEmpty()) {
for (Iterator items = subOrgDNs.iterator(); items.hasNext(); ) {
String dn = (String) items.next();
AMOrganization subOrg = parentOrg.getSubOrganization(dn);
if (subOrg != null) {
subOrg.delete(true);
}
}
} else {
AMOrganization subOrg = parentOrg.getSubOrganization(subOrgName);
if (subOrg != null) {
subOrg.delete(true);
}
}
} catch (AMException ame) {
if (debug.messageEnabled()) {
debug.message("OrgConfigViaAMSDK::deleteSubOrganization" + ": failed with AMException", ame);
}
throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
} catch (SSOException ssoe) {
throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
AMException(com.iplanet.am.sdk.AMException)
SSOException(com.iplanet.sso.SSOException)
Example 3 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class PolicyUtils method removePolicyRules.
/**
* Removes policy rules defined for a service.
* All the policy rules defined for a service in the system
* are removed.
* @param token session token of the user doing the operation
* @param serviceName name of the service
*/
public static void removePolicyRules(SSOToken token, String serviceName) throws SSOException, AMException {
try {
AMStoreConnection dpStore = new AMStoreConnection(token);
PolicyManager pm = new PolicyManager(token);
String org = pm.getOrganizationDN();
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
String dn, policyName, ruleName;
DN rootDN;
DN tmpDN;
Set policyNames;
Policy p;
Rule rule, ruleDeleted;
Iterator iter, ruleItr, levelItr;
Map policyDNs = new HashMap();
Map levelDNs = new HashMap();
TreeMap sortedDNs;
rootDN = DN.valueOf(SMSEntry.getRootSuffix());
Map avPair = new HashMap();
Set value = new HashSet();
value.add("iPlanetAMPolicyConfigService");
avPair.put(AMConstants.SERVICE_STATUS_ATTRIBUTE, value);
Set subOrgs = null;
subOrgs = rootOrg.searchSubOrganizations("*", avPair, AMConstants.SCOPE_SUB);
for (Iterator iterOrg = subOrgs.iterator(); iterOrg.hasNext(); ) {
dn = (String) iterOrg.next();
PolicyManager pmSubOrg = new PolicyManager(token, dn);
policyNames = pmSubOrg.getPolicyNames();
iter = policyNames.iterator();
while (iter.hasNext()) {
policyName = (String) iter.next();
p = pmSubOrg.getPolicy(policyName);
if (!p.isReferralPolicy()) {
ruleItr = p.getRuleNames().iterator();
while (ruleItr.hasNext()) {
ruleName = (String) ruleItr.next();
rule = p.getRule(ruleName);
if ((rule.getServiceTypeName()).equalsIgnoreCase(serviceName)) {
if (PolicyManager.debug.messageEnabled()) {
debug.message("PolicyUtils.removePolicyRules():" + "policy: " + policyName + ",rule: " + ruleName);
}
ruleDeleted = p.removeRule(ruleName);
if (ruleDeleted != null) {
pmSubOrg.replacePolicy(p);
}
}
}
} else {
//store the policies corresponding to DNs
if (policyDNs.containsKey(dn)) {
((Vector) policyDNs.get(dn)).add(policyName);
} else {
Vector policies = new Vector();
policies.add(policyName);
policyDNs.put(dn, policies);
}
//store DNs corresponding to levels wrt root
tmpDN = DN.valueOf(dn);
String levelDiff = String.valueOf(rootDN.size() - tmpDN.size());
if (levelDNs.containsKey(levelDiff)) {
((Vector) levelDNs.get(levelDiff)).add(dn);
} else {
Vector DNs = new Vector();
DNs.add(dn);
levelDNs.put(levelDiff, DNs);
}
}
}
}
sortedDNs = new TreeMap(levelDNs);
levelItr = sortedDNs.keySet().iterator();
while (levelItr.hasNext()) {
String level = (String) levelItr.next();
Vector vDNs = (Vector) sortedDNs.get(level);
for (int i = 0; i < vDNs.size(); i++) {
dn = (String) vDNs.get(i);
PolicyManager pmRefOrg = new PolicyManager(token, dn);
Vector vPolicies = (Vector) policyDNs.get(dn);
for (int j = 0; j < vPolicies.size(); j++) {
policyName = (String) vPolicies.get(j);
p = pmRefOrg.getPolicy(policyName);
ruleItr = p.getRuleNames().iterator();
while (ruleItr.hasNext()) {
ruleName = (String) ruleItr.next();
rule = p.getRule(ruleName);
if ((rule.getServiceTypeName()).equalsIgnoreCase(serviceName)) {
if (debug.messageEnabled()) {
debug.message("PolicyUtils.removePolicyRules():" + "referral policy: " + policyName + ",rule: " + ruleName);
}
ruleDeleted = p.removeRule(ruleName);
if (ruleDeleted != null) {
pmRefOrg.replacePolicy(p);
}
}
}
}
}
}
} catch (PolicyException pe) {
debug.error("PolicyUtils.removePolicyRules():", pe);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
TreeMap(java.util.TreeMap)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
Vector(java.util.Vector)
HashSet(java.util.HashSet)
Example 4 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class UpdateDNSAlias method main.
public static void main(String[] args) {
if (args.length != 5) {
System.out.println(" Usage: UpdateDNSAlias " + "<add | delete> <orgdn> <dnsalias> <userdn> <passwd>");
System.exit(1);
}
String opt = args[0];
String orgDn = args[1];
String dnsAlias = args[2];
if ((opt == null) || (orgDn == null) || (dnsAlias == null)) {
debug.error("One or more parameters are null");
System.exit(1);
}
try {
String bindDN = args[3];
String password = args[4];
SSOTokenManager ssom = SSOTokenManager.getInstance();
SSOToken token = ssom.createSSOToken(new AuthPrincipal(bindDN), password);
AMStoreConnection asc = new AMStoreConnection(token);
AMOrganization org = asc.getOrganization(orgDn);
Set values = org.getAttribute("sunOrganizationAlias");
HashMap map = new HashMap();
if (opt.equalsIgnoreCase("add")) {
if (!values.contains(dnsAlias)) {
values.add(dnsAlias);
}
map.put("sunOrganizationAlias", values);
org.setAttributes(map);
org.store();
} else if (opt.equalsIgnoreCase("delete")) {
values.remove(dnsAlias);
map.put("sunOrganizationAlias", values);
org.setAttributes(map);
org.store();
} else {
debug.error("Unknown option in AMGenerateServerID");
System.exit(1);
}
} catch (Exception e) {
debug.error("Exception occured:", e);
}
System.exit(0);
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Set(java.util.Set)
HashMap(java.util.HashMap)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal)
Example 5 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class DirectoryServicesImpl method validateAttributeUniqueness.
/**
* Validate attribute uniqueness
*
* @param newEntry
* true if create a new user
* @throws AMException
* if attribute uniqueness is violated
*/
void validateAttributeUniqueness(String entryDN, int profileType, boolean newEntry, Map modMap) throws AMException {
boolean attrExists = false;
if (modMap == null || modMap.isEmpty()) {
return;
}
try {
if (profileType == AMTemplate.DYNAMIC_TEMPLATE || profileType == AMTemplate.ORGANIZATION_TEMPLATE || profileType == AMTemplate.POLICY_TEMPLATE) {
// no namespace validation for these objects
return;
}
DN dn = DN.valueOf(entryDN);
int size = dn.size();
if (size < 2) {
return;
}
List<RDN> rdns = new ArrayList<>();
for (Iterator<RDN> iter = dn.iterator(); iter.hasNext(); ) {
rdns.add(iter.next());
}
String orgDN = rdns.get(rdns.size() - 1).toString();
AMStoreConnection amsc = new AMStoreConnection(CommonUtils.getInternalToken());
DN rootDN = DN.valueOf(AMStoreConnection.getAMSdkBaseDN());
DN thisDN = DN.valueOf(orgDN);
for (int i = size - 2; i >= 0; i--) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl.validateAttributeUniqueness: " + "try DN = " + orgDN);
}
int type = -1;
if (!rootDN.isInScopeOf(thisDN, SearchScope.SUBORDINATES)) {
try {
type = amsc.getAMObjectType(orgDN);
} catch (AMException ame) {
if (debug.warningEnabled()) {
debug.warning("AMObjectImpl." + "validateAttributeUniqueness: " + "Unable to determine object type of " + orgDN + " :Attribute uniqueness check aborted..", ame);
}
return;
}
}
Set list = null;
AMObject amobj = null;
if (type == AMObject.ORGANIZATION) {
AMOrganization amorg = amsc.getOrganization(orgDN);
list = amorg.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorg;
} else if (type == AMObject.ORGANIZATIONAL_UNIT) {
AMOrganizationalUnit amorgu = amsc.getOrganizationalUnit(orgDN);
list = amorgu.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorgu;
}
if ((list != null) && !list.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: list =" + list);
}
/*
* After adding the uniquness attributes 'ou,cn' to the
* list, creating a role with the same name as the existing
* user say 'amadmin' fails with 'Attribute uniqueness
* violation' The filter (|(cn='attrname')) is used for all
* objects. Fixed the code to look for 'Role' profile types
* and set the filter as
* (&(objectclass=ldapsubentry)
* (objectclass=nsroledefinition)
* (cn='attrname'))
*
* The same issue happens when a group is created with
* existing user name. Fixed the code to look for 'Group'
* profile types and set the filter as
* (&(objectClass=groupofuniquenames)
* (objectClass=iplanet-am-managed-group)(cn='attrname'))
* The logic in the while loop is iterate through the
* attribute unique list and check if the list contains the
* naming attribute of the object we are trying to create.
* If the naming attribute is in the list,then look if the
* profile type of the object we are trying to create is
* 'role' or 'group', add appropriate objectclasses and the
* entry rdn to the search filter. This filter is used to
* search the iDS and determine the attribute uniqueness
* violation. The boolean variable 'attrExists' is set to
* false initially. This variable is set to true when the
* profile type is 'role' or 'group'. The check for this
* boolean variable decides the number of matching closing
* parens of the three different types of filters.
*/
Iterator iter = list.iterator();
StringBuffer filterSB = new StringBuffer();
StringBuffer newEntrySB = new StringBuffer();
filterSB.append("(|");
while (iter.hasNext()) {
String[] attrList = getAttrList((String) iter.next());
Set attr = getAttrValues(attrList, modMap);
for (int j = 0; j < attrList.length; j++) {
String attrName = attrList[j];
if (attrName.equals(getNamingAttribute(profileType)) && newEntry) {
if ((profileType == AMObject.ROLE) || (profileType == AMObject.MANAGED_ROLE) || (profileType == AMObject.FILTERED_ROLE)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=ldapsubentry)");
newEntrySB.append("(" + "objectclass=nsroledefinition)");
attrExists = true;
} else if ((profileType == AMObject.GROUP) || (profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=iplanet-am-managed-group)");
newEntrySB.append("(objectclass=groupofuniquenames)");
attrExists = true;
} else if (profileType == AMObject.ORGANIZATION) {
newEntrySB.append("(&(!");
newEntrySB.append("(objectclass=");
newEntrySB.append(SMSEntry.OC_REALM_SERVICE);
newEntrySB.append("))");
attrExists = true;
}
filterSB.append("(").append(rdns.get(0)).append(")");
}
if (attr != null && !attr.isEmpty()) {
Iterator itr = attr.iterator();
while (itr.hasNext()) {
filterSB.append("(").append(attrName);
filterSB.append("=").append(itr.next());
filterSB.append(")");
}
}
// if
}
}
if (filterSB.length() > 2) {
if (attrExists) {
// pre-pend the creation filter part to the filter
// This is being done so that the filter is
// correctly created as
// (&(<creation-filter)(|(<attr filter>)))
newEntrySB.append(filterSB.toString()).append("))");
filterSB = newEntrySB;
} else {
filterSB.append(")");
}
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: " + "filter = " + filterSB.toString());
}
Set users = amobj.search(AMConstants.SCOPE_SUB, filterSB.toString());
// In that case,ignore the violation
if (users != null && users.size() == 1) {
String userDN = (String) users.iterator().next();
DN dnObject = DN.valueOf(userDN);
if (dnObject.equals(DN.valueOf(entryDN))) {
return;
}
}
if ((users != null) && !users.isEmpty()) {
throw new AMException(AMSDKBundle.getString("162"), "162");
}
}
}
orgDN = rdns.get(i).toString() + "," + orgDN;
thisDN = DN.valueOf(orgDN);
}
} catch (SSOException ex) {
if (debug.warningEnabled()) {
debug.warning("Unable to validate attribute uniqneness", ex);
}
}
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
ArrayList(java.util.ArrayList)
AMException(com.iplanet.am.sdk.AMException)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
AMOrganizationalUnit(com.iplanet.am.sdk.AMOrganizationalUnit)
AMObject(com.iplanet.am.sdk.AMObject)
RDN(org.forgerock.opendj.ldap.RDN)
Aggregations
AMOrganization (com.iplanet.am.sdk.AMOrganization)9
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)8
Set (java.util.Set)8
HashSet (java.util.HashSet)7
AMException (com.iplanet.am.sdk.AMException)5
SSOException (com.iplanet.sso.SSOException)5
Iterator (java.util.Iterator)4
Map (java.util.Map)4
HashMap (java.util.HashMap)3
DN (org.forgerock.opendj.ldap.DN)3
AMObject (com.iplanet.am.sdk.AMObject)2
AttrSet (com.iplanet.services.ldap.AttrSet)2
PolicyException (com.sun.identity.policy.PolicyException)2
SMSException (com.sun.identity.sm.SMSException)2
RDN (org.forgerock.opendj.ldap.RDN)2
AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)1
AMPostCallBackException (com.iplanet.am.sdk.AMPostCallBackException)1
AMSearchControl (com.iplanet.am.sdk.AMSearchControl)1
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)1
AMTemplate (com.iplanet.am.sdk.AMTemplate)1
