Search in sources :

Example 41 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DCTreeServicesImpl method createDomain.

/**
     * Method which creates a <Code>Domain Component Tree </Code> for the given
     * organization, if the <code>sunPreferredDomain</code> attribute is
     * present and has a fully qualified domain name as value.
     * 
     * @param token
     *            SSO Token
     * @param orgGuid
     *            identifiication of organization entry to be mapped from 
     *            <Code>dctree</Code> to organization DIT organization
     * @param attrSet
     *            the attributes to be set on creation of domain.
     * 
     * @exception AMException
     *                if unsuccessful in creating a dc tree for the organization
     *                or unsuccessful in setting the mapping between dc tree and
     *                the organization
     */
protected void createDomain(SSOToken token, Guid orgGuid, AttrSet attrSet) throws AMException, SSOException {
    if (DCTREE_START_DN == null) {
        throw new AMException(AMSDKBundle.getString("355"), "355");
    }
    // Create a DC tree is value is specified for
    // sunPreferredDomain attribute
    String domainName = attrSet.getValue(IPLANET_DOMAIN_NAME_ATTR);
    // remove the attribute from the attribute set.
    attrSet.remove(IPLANET_DOMAIN_NAME_ATTR);
    if ((domainName != null) && (!domainName.equals(""))) {
        try {
            DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
            dcTree.addDomain(domainName);
            // Set the domain mapping
            dcTree.setDomainMapping(domainName, orgGuid);
            String status = attrSet.getValue(INET_DOMAIN_STATUS_ATTR);
            if (status != null) {
                dcTree.setDomainStatus(domainName, status);
            }
            AttrSet[] attrSetArray = splitAttrSet(orgGuid.getDn(), attrSet);
            if (attrSetArray[1] != null) {
                setDomainAttributes(token, orgGuid.getDn(), attrSetArray[1]);
            }
        } catch (InvalidDCRootException ie) {
            debug.error("DCTree.createDomain(): ", ie);
            throw new AMException(AMSDKBundle.getString("343"), "343");
        } catch (UMSException ue) {
            debug.error("DCTree.createDomain(): ", ue);
            throw new AMException(AMSDKBundle.getString("344"), "344");
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) AMException(com.iplanet.am.sdk.AMException) DomainComponentTree(com.iplanet.ums.dctree.DomainComponentTree) Guid(com.iplanet.ums.Guid) InvalidDCRootException(com.iplanet.ums.dctree.InvalidDCRootException) AttrSet(com.iplanet.services.ldap.AttrSet)

Example 42 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DCTreeServicesImpl method getDCNodeDN.

protected String getDCNodeDN(SSOToken token, String orgDN) throws AMException {
    try {
        String domainName = getCanonicalDomain(token, orgDN);
        if (domainName != null) {
            DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
            String dcNodeDN = dcTree.mapDomainToDN(domainName);
            return LDAPUtils.formatToRFC(dcNodeDN);
        } else {
            return null;
        }
    } catch (InvalidDCRootException e) {
        debug.error("DCTree.getDCNodeDN(): Invalid DC root ", e);
        throw new AMException(AMSDKBundle.getString("343"), "343");
    } catch (UMSException e) {
        debug.error("DCTree.getDCNodeDN(): Unable to get dc node dn " + "for: " + orgDN, e);
        throw new AMException(AMSDKBundle.getString("344"), "344");
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) AMException(com.iplanet.am.sdk.AMException) DomainComponentTree(com.iplanet.ums.dctree.DomainComponentTree) Guid(com.iplanet.ums.Guid) InvalidDCRootException(com.iplanet.ums.dctree.InvalidDCRootException)

Example 43 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method getMembers.

/**
     * Get members for roles, dynamic group or static group
     * 
     * @param token
     *            SSOToken
     * @param entryDN
     *            DN of the role or group
     * @param objectType
     *            objectType of the target object, AMObject.ROLE or
     *            AMObject.GROUP
     * @return Set Member DNs
     */
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
    try {
        SearchResults results;
        switch(objectType) {
            case AMObject.ROLE:
            case AMObject.MANAGED_ROLE:
                ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
                results = role.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.FILTERED_ROLE:
                FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
                results = filteredRole.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.GROUP:
            case AMObject.STATIC_GROUP:
                StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = group.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.DYNAMIC_GROUP:
                DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = dynamicGroup.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
                // TODO: See if it works after removing this workaround
                // fake object to get around UMS problem.
                // UMS AssignableDynamicGroup has a class resolver, it is
                // added to resolver list in static block. So I need to
                // construct a dummy AssignableDynamicGroup
                AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = adgroup.getMemberIDs();
                return searchResultsToSet(results);
            default:
                throw new AMException(token, "114");
        }
    } catch (EntryNotFoundException e) {
        debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
        String msgid = getEntryNotFoundMsgID(objectType);
        String entryName = getEntryName(e);
        Object[] args = { entryName };
        throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
    } catch (UMSException e) {
        debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
        LdapException le = (LdapException) e.getRootCause();
        if (le != null) {
            ResultCode resultCode = le.getResult().getResultCode();
            if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
                throw new AMException(token, "505", e);
            }
        }
        throw new AMException(token, "454", e);
    }
}
Also used : DynamicGroup(com.iplanet.ums.DynamicGroup) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) UMSException(com.iplanet.ums.UMSException) AMException(com.iplanet.am.sdk.AMException) Guid(com.iplanet.ums.Guid) AMSearchResults(com.iplanet.am.sdk.AMSearchResults) SearchResults(com.iplanet.ums.SearchResults) StaticGroup(com.iplanet.ums.StaticGroup) ManagedRole(com.iplanet.ums.ManagedRole) FilteredRole(com.iplanet.ums.FilteredRole) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) LdapException(org.forgerock.opendj.ldap.LdapException) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 44 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method verifyAndUnLinkRoleToGroup.

/**
     * Verifies if the <code>roleDN</code> corresponds to an admin role. If
     * true the <code>memberOf</code> and <code>adminRole</code> attributes
     * of each member/user are set to null. Each of the members/users are also
     * removed to the corresponding admin group.
     * 
     * @param token
     *            single sign on token.
     * @param members
     *            Set of member distinguished name to be operated.
     * @param roleDN
     *            distinguished name of the role.
     * @exception AMException
     *                if unsuccessful in removing the members from the
     *                corresponding administrative groups and updating the
     *                <code>memberOf</code> and <code>adminRole</code>
     *                attribute values to null.
     */
protected void verifyAndUnLinkRoleToGroup(SSOToken token, Set members, String roleDN) throws AMException {
    // Obtain the group corresponding to roleDN
    DN dn = DN.valueOf(roleDN);
    String groupName = getGroupFromRoleDN(dn);
    if (groupName != null) {
        String orgDN = dn.parent().toString();
        String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
        String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
        // Delete the attributes memberOf & adminRole attribute values'
        // corresponding to this groupDN.
        Attr[] attrs = new Attr[1];
        attrs[0] = new Attr("adminrole", groupRDN);
        AttrSet attrSet = new AttrSet(attrs);
        Iterator itr = members.iterator();
        try {
            AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
            while (itr.hasNext()) {
                String memberDN = (String) itr.next();
                removeAttributesFromEntry(token, memberDN, attrSet);
                group.removeMember(new Guid(memberDN));
            }
        } catch (EntryNotFoundException ex) {
            debug.error("Compliance.verifyAndUnLinkRoleToGroup: " + "Admin groups are missing");
        } catch (UMSException ue) {
            debug.error("Compliance." + "verifyAndUnLinkRoleToGroup(): ", ue);
            throw new AMException(AMSDKBundle.getString("772"), "772");
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) Iterator(java.util.Iterator) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) Attr(com.iplanet.services.ldap.Attr) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) AttrSet(com.iplanet.services.ldap.AttrSet)

Example 45 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method getDeletedObjectFilter.

/**
     * Protected method to get the search filter to be used for searching for
     * deleted objects.
     * 
     */
public String getDeletedObjectFilter(int objectType) throws AMException, SSOException {
    Set values = new HashSet();
    try {
        if (gsc == null) {
            ServiceSchemaManager scm = new ServiceSchemaManager(ADMINISTRATION_SERVICE, internalToken);
            gsc = scm.getGlobalSchema();
        }
        Map attrMap = gsc.getAttributeDefaults();
        if (attrMap != null)
            values = (Set) attrMap.get(COMPLIANCE_SPECIAL_FILTER_ATTR);
        if (debug.messageEnabled()) {
            debug.message("Compliance.getDeletedObjectSearchFilter = " + values.toString());
        }
    } catch (SMSException ex) {
        debug.error(AMSDKBundle.getString("359"), ex);
        throw new AMException(AMSDKBundle.getString("359"), "359");
    } catch (SSOException ex) {
        debug.error(AMSDKBundle.getString("359"), ex);
        throw new AMException(AMSDKBundle.getString("359"), "359");
    }
    String org_filter = null;
    String group_filter = null;
    String user_filter = null;
    String def_filter = null;
    String res_filter = null;
    Iterator iter = values.iterator();
    while (iter.hasNext()) {
        String thisFilter = (String) iter.next();
        if (thisFilter.startsWith("Organization=")) {
            org_filter = thisFilter.substring(13);
        } else if (thisFilter.startsWith("Group=")) {
            group_filter = thisFilter.substring(6);
        } else if (thisFilter.startsWith("User=")) {
            user_filter = thisFilter.substring(5);
        } else if (thisFilter.startsWith("Misc=")) {
            def_filter = thisFilter.substring(5);
        } else if (thisFilter.startsWith("Resource=")) {
            res_filter = thisFilter.substring(9);
        }
    }
    org_filter = (org_filter == null) ? DEFAULT_DELETED_ORG_FILTER : org_filter;
    group_filter = (group_filter == null) ? DEFAULT_DELETED_GROUP_FILTER : group_filter;
    user_filter = (user_filter == null) ? DEFAULT_DELETED_USER_FILTER : user_filter;
    def_filter = (def_filter == null) ? DEFAULT_DELETED_OBJECT_FILTER : def_filter;
    res_filter = (res_filter == null) ? DEFAULT_DELETED_RESOURCE_FILTER : res_filter;
    switch(objectType) {
        case AMObject.ORGANIZATION:
            return (org_filter);
        case AMObject.USER:
            return (user_filter);
        case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
        case AMObject.DYNAMIC_GROUP:
        case AMObject.STATIC_GROUP:
        case AMObject.GROUP:
            return (group_filter);
        case AMObject.RESOURCE:
            return (res_filter);
        default:
            return ("(|" + org_filter + group_filter + user_filter + def_filter + res_filter + ")");
    }
}
Also used : HashSet(java.util.HashSet) AttrSet(com.iplanet.services.ldap.AttrSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) Iterator(java.util.Iterator) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) HashMap(java.util.HashMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) HashSet(java.util.HashSet)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12