use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DCTreeServicesImpl method createDomain.
/**
* Method which creates a <Code>Domain Component Tree </Code> for the given
* organization, if the <code>sunPreferredDomain</code> attribute is
* present and has a fully qualified domain name as value.
*
* @param token
* SSO Token
* @param orgGuid
* identifiication of organization entry to be mapped from
* <Code>dctree</Code> to organization DIT organization
* @param attrSet
* the attributes to be set on creation of domain.
*
* @exception AMException
* if unsuccessful in creating a dc tree for the organization
* or unsuccessful in setting the mapping between dc tree and
* the organization
*/
protected void createDomain(SSOToken token, Guid orgGuid, AttrSet attrSet) throws AMException, SSOException {
if (DCTREE_START_DN == null) {
throw new AMException(AMSDKBundle.getString("355"), "355");
}
// Create a DC tree is value is specified for
// sunPreferredDomain attribute
String domainName = attrSet.getValue(IPLANET_DOMAIN_NAME_ATTR);
// remove the attribute from the attribute set.
attrSet.remove(IPLANET_DOMAIN_NAME_ATTR);
if ((domainName != null) && (!domainName.equals(""))) {
try {
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
dcTree.addDomain(domainName);
// Set the domain mapping
dcTree.setDomainMapping(domainName, orgGuid);
String status = attrSet.getValue(INET_DOMAIN_STATUS_ATTR);
if (status != null) {
dcTree.setDomainStatus(domainName, status);
}
AttrSet[] attrSetArray = splitAttrSet(orgGuid.getDn(), attrSet);
if (attrSetArray[1] != null) {
setDomainAttributes(token, orgGuid.getDn(), attrSetArray[1]);
}
} catch (InvalidDCRootException ie) {
debug.error("DCTree.createDomain(): ", ie);
throw new AMException(AMSDKBundle.getString("343"), "343");
} catch (UMSException ue) {
debug.error("DCTree.createDomain(): ", ue);
throw new AMException(AMSDKBundle.getString("344"), "344");
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DCTreeServicesImpl method getDCNodeDN.
protected String getDCNodeDN(SSOToken token, String orgDN) throws AMException {
try {
String domainName = getCanonicalDomain(token, orgDN);
if (domainName != null) {
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
String dcNodeDN = dcTree.mapDomainToDN(domainName);
return LDAPUtils.formatToRFC(dcNodeDN);
} else {
return null;
}
} catch (InvalidDCRootException e) {
debug.error("DCTree.getDCNodeDN(): Invalid DC root ", e);
throw new AMException(AMSDKBundle.getString("343"), "343");
} catch (UMSException e) {
debug.error("DCTree.getDCNodeDN(): Unable to get dc node dn " + "for: " + orgDN, e);
throw new AMException(AMSDKBundle.getString("344"), "344");
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getMembers.
/**
* Get members for roles, dynamic group or static group
*
* @param token
* SSOToken
* @param entryDN
* DN of the role or group
* @param objectType
* objectType of the target object, AMObject.ROLE or
* AMObject.GROUP
* @return Set Member DNs
*/
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
try {
SearchResults results;
switch(objectType) {
case AMObject.ROLE:
case AMObject.MANAGED_ROLE:
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
results = role.getMemberIDs();
return searchResultsToSet(results);
case AMObject.FILTERED_ROLE:
FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
results = filteredRole.getMemberIDs();
return searchResultsToSet(results);
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
results = group.getMemberIDs();
return searchResultsToSet(results);
case AMObject.DYNAMIC_GROUP:
DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = dynamicGroup.getMemberIDs();
return searchResultsToSet(results);
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
// TODO: See if it works after removing this workaround
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = adgroup.getMemberIDs();
return searchResultsToSet(results);
default:
throw new AMException(token, "114");
}
} catch (EntryNotFoundException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
String msgid = getEntryNotFoundMsgID(objectType);
String entryName = getEntryName(e);
Object[] args = { entryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
LdapException le = (LdapException) e.getRootCause();
if (le != null) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
throw new AMException(token, "505", e);
}
}
throw new AMException(token, "454", e);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndUnLinkRoleToGroup.
/**
* Verifies if the <code>roleDN</code> corresponds to an admin role. If
* true the <code>memberOf</code> and <code>adminRole</code> attributes
* of each member/user are set to null. Each of the members/users are also
* removed to the corresponding admin group.
*
* @param token
* single sign on token.
* @param members
* Set of member distinguished name to be operated.
* @param roleDN
* distinguished name of the role.
* @exception AMException
* if unsuccessful in removing the members from the
* corresponding administrative groups and updating the
* <code>memberOf</code> and <code>adminRole</code>
* attribute values to null.
*/
protected void verifyAndUnLinkRoleToGroup(SSOToken token, Set members, String roleDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(roleDN);
String groupName = getGroupFromRoleDN(dn);
if (groupName != null) {
String orgDN = dn.parent().toString();
String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
// Delete the attributes memberOf & adminRole attribute values'
// corresponding to this groupDN.
Attr[] attrs = new Attr[1];
attrs[0] = new Attr("adminrole", groupRDN);
AttrSet attrSet = new AttrSet(attrs);
Iterator itr = members.iterator();
try {
AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
while (itr.hasNext()) {
String memberDN = (String) itr.next();
removeAttributesFromEntry(token, memberDN, attrSet);
group.removeMember(new Guid(memberDN));
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndUnLinkRoleToGroup: " + "Admin groups are missing");
} catch (UMSException ue) {
debug.error("Compliance." + "verifyAndUnLinkRoleToGroup(): ", ue);
throw new AMException(AMSDKBundle.getString("772"), "772");
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method getDeletedObjectFilter.
/**
* Protected method to get the search filter to be used for searching for
* deleted objects.
*
*/
public String getDeletedObjectFilter(int objectType) throws AMException, SSOException {
Set values = new HashSet();
try {
if (gsc == null) {
ServiceSchemaManager scm = new ServiceSchemaManager(ADMINISTRATION_SERVICE, internalToken);
gsc = scm.getGlobalSchema();
}
Map attrMap = gsc.getAttributeDefaults();
if (attrMap != null)
values = (Set) attrMap.get(COMPLIANCE_SPECIAL_FILTER_ATTR);
if (debug.messageEnabled()) {
debug.message("Compliance.getDeletedObjectSearchFilter = " + values.toString());
}
} catch (SMSException ex) {
debug.error(AMSDKBundle.getString("359"), ex);
throw new AMException(AMSDKBundle.getString("359"), "359");
} catch (SSOException ex) {
debug.error(AMSDKBundle.getString("359"), ex);
throw new AMException(AMSDKBundle.getString("359"), "359");
}
String org_filter = null;
String group_filter = null;
String user_filter = null;
String def_filter = null;
String res_filter = null;
Iterator iter = values.iterator();
while (iter.hasNext()) {
String thisFilter = (String) iter.next();
if (thisFilter.startsWith("Organization=")) {
org_filter = thisFilter.substring(13);
} else if (thisFilter.startsWith("Group=")) {
group_filter = thisFilter.substring(6);
} else if (thisFilter.startsWith("User=")) {
user_filter = thisFilter.substring(5);
} else if (thisFilter.startsWith("Misc=")) {
def_filter = thisFilter.substring(5);
} else if (thisFilter.startsWith("Resource=")) {
res_filter = thisFilter.substring(9);
}
}
org_filter = (org_filter == null) ? DEFAULT_DELETED_ORG_FILTER : org_filter;
group_filter = (group_filter == null) ? DEFAULT_DELETED_GROUP_FILTER : group_filter;
user_filter = (user_filter == null) ? DEFAULT_DELETED_USER_FILTER : user_filter;
def_filter = (def_filter == null) ? DEFAULT_DELETED_OBJECT_FILTER : def_filter;
res_filter = (res_filter == null) ? DEFAULT_DELETED_RESOURCE_FILTER : res_filter;
switch(objectType) {
case AMObject.ORGANIZATION:
return (org_filter);
case AMObject.USER:
return (user_filter);
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
case AMObject.DYNAMIC_GROUP:
case AMObject.STATIC_GROUP:
case AMObject.GROUP:
return (group_filter);
case AMObject.RESOURCE:
return (res_filter);
default:
return ("(|" + org_filter + group_filter + user_filter + def_filter + res_filter + ")");
}
}
Aggregations