Example 6 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class UpdateDNSAlias method main.
public static void main(String[] args) {
if (args.length != 5) {
System.out.println(" Usage: UpdateDNSAlias " + "<add | delete> <orgdn> <dnsalias> <userdn> <passwd>");
System.exit(1);
}
String opt = args[0];
String orgDn = args[1];
String dnsAlias = args[2];
if ((opt == null) || (orgDn == null) || (dnsAlias == null)) {
debug.error("One or more parameters are null");
System.exit(1);
}
try {
String bindDN = args[3];
String password = args[4];
SSOTokenManager ssom = SSOTokenManager.getInstance();
SSOToken token = ssom.createSSOToken(new AuthPrincipal(bindDN), password);
AMStoreConnection asc = new AMStoreConnection(token);
AMOrganization org = asc.getOrganization(orgDn);
Set values = org.getAttribute("sunOrganizationAlias");
HashMap map = new HashMap();
if (opt.equalsIgnoreCase("add")) {
if (!values.contains(dnsAlias)) {
values.add(dnsAlias);
}
map.put("sunOrganizationAlias", values);
org.setAttributes(map);
org.store();
} else if (opt.equalsIgnoreCase("delete")) {
values.remove(dnsAlias);
map.put("sunOrganizationAlias", values);
org.setAttributes(map);
org.store();
} else {
debug.error("Unknown option in AMGenerateServerID");
System.exit(1);
}
} catch (Exception e) {
debug.error("Exception occured:", e);
}
System.exit(0);
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Set(java.util.Set)
HashMap(java.util.HashMap)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal)
Example 7 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class DirectoryServicesImpl method validateAttributeUniqueness.
/**
* Validate attribute uniqueness
*
* @param newEntry
* true if create a new user
* @throws AMException
* if attribute uniqueness is violated
*/
void validateAttributeUniqueness(String entryDN, int profileType, boolean newEntry, Map modMap) throws AMException {
boolean attrExists = false;
if (modMap == null || modMap.isEmpty()) {
return;
}
try {
if (profileType == AMTemplate.DYNAMIC_TEMPLATE || profileType == AMTemplate.ORGANIZATION_TEMPLATE || profileType == AMTemplate.POLICY_TEMPLATE) {
// no namespace validation for these objects
return;
}
DN dn = DN.valueOf(entryDN);
int size = dn.size();
if (size < 2) {
return;
}
List<RDN> rdns = new ArrayList<>();
for (Iterator<RDN> iter = dn.iterator(); iter.hasNext(); ) {
rdns.add(iter.next());
}
String orgDN = rdns.get(rdns.size() - 1).toString();
AMStoreConnection amsc = new AMStoreConnection(CommonUtils.getInternalToken());
DN rootDN = DN.valueOf(AMStoreConnection.getAMSdkBaseDN());
DN thisDN = DN.valueOf(orgDN);
for (int i = size - 2; i >= 0; i--) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl.validateAttributeUniqueness: " + "try DN = " + orgDN);
}
int type = -1;
if (!rootDN.isInScopeOf(thisDN, SearchScope.SUBORDINATES)) {
try {
type = amsc.getAMObjectType(orgDN);
} catch (AMException ame) {
if (debug.warningEnabled()) {
debug.warning("AMObjectImpl." + "validateAttributeUniqueness: " + "Unable to determine object type of " + orgDN + " :Attribute uniqueness check aborted..", ame);
}
return;
}
}
Set list = null;
AMObject amobj = null;
if (type == AMObject.ORGANIZATION) {
AMOrganization amorg = amsc.getOrganization(orgDN);
list = amorg.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorg;
} else if (type == AMObject.ORGANIZATIONAL_UNIT) {
AMOrganizationalUnit amorgu = amsc.getOrganizationalUnit(orgDN);
list = amorgu.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorgu;
}
if ((list != null) && !list.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: list =" + list);
}
/*
* After adding the uniquness attributes 'ou,cn' to the
* list, creating a role with the same name as the existing
* user say 'amadmin' fails with 'Attribute uniqueness
* violation' The filter (|(cn='attrname')) is used for all
* objects. Fixed the code to look for 'Role' profile types
* and set the filter as
* (&(objectclass=ldapsubentry)
* (objectclass=nsroledefinition)
* (cn='attrname'))
*
* The same issue happens when a group is created with
* existing user name. Fixed the code to look for 'Group'
* profile types and set the filter as
* (&(objectClass=groupofuniquenames)
* (objectClass=iplanet-am-managed-group)(cn='attrname'))
* The logic in the while loop is iterate through the
* attribute unique list and check if the list contains the
* naming attribute of the object we are trying to create.
* If the naming attribute is in the list,then look if the
* profile type of the object we are trying to create is
* 'role' or 'group', add appropriate objectclasses and the
* entry rdn to the search filter. This filter is used to
* search the iDS and determine the attribute uniqueness
* violation. The boolean variable 'attrExists' is set to
* false initially. This variable is set to true when the
* profile type is 'role' or 'group'. The check for this
* boolean variable decides the number of matching closing
* parens of the three different types of filters.
*/
Iterator iter = list.iterator();
StringBuffer filterSB = new StringBuffer();
StringBuffer newEntrySB = new StringBuffer();
filterSB.append("(|");
while (iter.hasNext()) {
String[] attrList = getAttrList((String) iter.next());
Set attr = getAttrValues(attrList, modMap);
for (int j = 0; j < attrList.length; j++) {
String attrName = attrList[j];
if (attrName.equals(getNamingAttribute(profileType)) && newEntry) {
if ((profileType == AMObject.ROLE) || (profileType == AMObject.MANAGED_ROLE) || (profileType == AMObject.FILTERED_ROLE)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=ldapsubentry)");
newEntrySB.append("(" + "objectclass=nsroledefinition)");
attrExists = true;
} else if ((profileType == AMObject.GROUP) || (profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=iplanet-am-managed-group)");
newEntrySB.append("(objectclass=groupofuniquenames)");
attrExists = true;
} else if (profileType == AMObject.ORGANIZATION) {
newEntrySB.append("(&(!");
newEntrySB.append("(objectclass=");
newEntrySB.append(SMSEntry.OC_REALM_SERVICE);
newEntrySB.append("))");
attrExists = true;
}
filterSB.append("(").append(rdns.get(0)).append(")");
}
if (attr != null && !attr.isEmpty()) {
Iterator itr = attr.iterator();
while (itr.hasNext()) {
filterSB.append("(").append(attrName);
filterSB.append("=").append(itr.next());
filterSB.append(")");
}
}
// if
}
}
if (filterSB.length() > 2) {
if (attrExists) {
// pre-pend the creation filter part to the filter
// This is being done so that the filter is
// correctly created as
// (&(<creation-filter)(|(<attr filter>)))
newEntrySB.append(filterSB.toString()).append("))");
filterSB = newEntrySB;
} else {
filterSB.append(")");
}
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: " + "filter = " + filterSB.toString());
}
Set users = amobj.search(AMConstants.SCOPE_SUB, filterSB.toString());
// In that case,ignore the violation
if (users != null && users.size() == 1) {
String userDN = (String) users.iterator().next();
DN dnObject = DN.valueOf(userDN);
if (dnObject.equals(DN.valueOf(entryDN))) {
return;
}
}
if ((users != null) && !users.isEmpty()) {
throw new AMException(AMSDKBundle.getString("162"), "162");
}
}
}
orgDN = rdns.get(i).toString() + "," + orgDN;
thisDN = DN.valueOf(orgDN);
}
} catch (SSOException ex) {
if (debug.warningEnabled()) {
debug.warning("Unable to validate attribute uniqneness", ex);
}
}
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
ArrayList(java.util.ArrayList)
AMException(com.iplanet.am.sdk.AMException)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
AMOrganizationalUnit(com.iplanet.am.sdk.AMOrganizationalUnit)
AMObject(com.iplanet.am.sdk.AMObject)
RDN(org.forgerock.opendj.ldap.RDN)
Example 8 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class EmailNotificationHelper method getNotificationList.
private Set getNotificationList(String attributeName) {
Set notifyList = Collections.EMPTY_SET;
try {
String organizationDN = DirectoryServicesFactory.getInstance().getOrganizationDN(internalToken, this.organizationDN);
// FIXME:
// TODO: Remove dependency on AMStoreConnection!
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMOrganization amOrg = amsc.getOrganization(organizationDN);
notifyList = getOrgTypeAttributes(amOrg, ADMINISTRATION_SERVICE, attributeName);
} catch (AMException ae) {
debug.error("EmailNotificationHelper.getNotificationList() " + "Unable to get notification List for " + attributeName + " for user: " + entryDN, ae);
} catch (SSOException e) {
debug.error("EmailNotificationHelper.getNotificationList() " + "Unable to get notification List for " + attributeName + " for user: " + entryDN, e);
}
return notifyList;
}
Also used :
AttrSet(com.iplanet.services.ldap.AttrSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMException(com.iplanet.am.sdk.AMException)
SSOException(com.iplanet.sso.SSOException)
Example 9 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getTopLevelContainers.
public Set getTopLevelContainers(SSOToken token) throws AMException, SSOException {
String userDN = token.getPrincipal().getName();
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMUser auser = amsc.getUser(userDN);
Set set = new HashSet();
Set roleDNs = auser.getRoleDNs();
roleDNs.addAll(auser.getFilteredRoleDNs());
Iterator iter = roleDNs.iterator();
while (iter.hasNext()) {
String roleDN = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "getTopLevelContainers: roleDN=" + roleDN);
}
AMRole role = amsc.getRole(roleDN);
set.addAll(role.getAttribute(ROLE_MANAGED_CONTAINER_DN_ATTRIBUTE));
}
if (set.isEmpty()) {
String filter = "(|" + SearchFilterManager.getGlobalSearchFilter(AMObject.ORGANIZATION) + SearchFilterManager.getGlobalSearchFilter(AMObject.ORGANIZATIONAL_UNIT) + SearchFilterManager.getGlobalSearchFilter(AMObject.PEOPLE_CONTAINER) + SearchFilterManager.getGlobalSearchFilter(AMObject.DYNAMIC_GROUP) + SearchFilterManager.getGlobalSearchFilter(AMObject.ASSIGNABLE_DYNAMIC_GROUP) + SearchFilterManager.getGlobalSearchFilter(AMObject.GROUP) + ")";
set = search(token, AMStoreConnection.getAMSdkBaseDN(), filter, SCOPE_SUB);
}
HashSet resultSet = new HashSet();
iter = set.iterator();
while (iter.hasNext()) {
String containerDN = (String) iter.next();
DN cDN = DN.valueOf(containerDN);
Iterator iter2 = resultSet.iterator();
HashSet tmpSet = new HashSet();
boolean toAdd = true;
while (iter2.hasNext()) {
String resultDN = (String) iter2.next();
DN rDN = DN.valueOf(resultDN);
if (cDN.isInScopeOf(rDN, SearchScope.SUBORDINATES)) {
toAdd = false;
tmpSet.add(resultDN);
break;
} else if (!rDN.isInScopeOf(cDN, SearchScope.SUBORDINATES)) {
tmpSet.add(resultDN);
}
}
if (toAdd) {
tmpSet.add(containerDN);
}
resultSet = tmpSet;
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.getTopLevelContainers");
iter = resultSet.iterator();
StringBuilder tmpBuffer = new StringBuilder();
while (iter.hasNext()) {
String tmpDN = (String) iter.next();
tmpBuffer.append(tmpDN).append("\n");
}
debug.message("containerDNs\n" + tmpBuffer.toString());
}
return resultSet;
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
AMUser(com.iplanet.am.sdk.AMUser)
Iterator(java.util.Iterator)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
AMRole(com.iplanet.am.sdk.AMRole)
HashSet(java.util.HashSet)
Example 10 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class AMClientCapData method init.
/**
* 1. get the admin token (or create one) 2. Create a ServiceManager 3. Get
* the ServiceSchemaManager for the service 4. Get the ServiceSchema for the
* Global schema 5. Get the schema for the "internalData" schema. (temp
* var). 6. Get the schema for the "clientData" schema id. (overwrite 8). 7.
* Get the ROOT_SUFFIX 8. Read config info & properties schema from
* ServiceSchema 9. Add Listeners to EventService.
*/
private synchronized void init(String instanceRDN) throws Exception {
// "SunAMClientData"
String srvcName = getServiceName();
if (adminToken == null) {
// single static instance
adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
// (2)
sManager = new ServiceManager(adminToken);
ServiceSchemaManager schemaManager = sManager.getSchemaManager(srvcName, // (3)
SERVICE_VERSION);
// (4)
clientServiceSchema = schemaManager.getGlobalSchema();
//
// the internalDB & externalDB share the same schema (5)
//
clientSchema = clientServiceSchema.getSubSchema(DBSTORE_SUBSCHEMA_ID);
//(6)
clientSchema = clientSchema.getSubSchema(CLIENT_SUBSCHEMA_ID);
amConnection = new AMStoreConnection(adminToken);
// (7)
topLevelDN = amConnection.getOrganizationDN(null, null);
// (8)
initClientSchema();
initConfigurationInfo(clientServiceSchema);
clientDataDN = CLIENT_DATA_DN_PREFIX + COMMA + topLevelDN;
// TBD : Commented so that persistant search is not setup to
// directory server when running in remote client SDK mode.
// This is temporary fix. Proper fix for this problem is TBD.
// initEventListeners (adminToken, clientDataDN); // (9)
}
databaseDN = instanceRDN + COMMA + clientDataDN;
amClientOrg = amConnection.getOrganizationalUnit(databaseDN);
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
ServiceManager(com.sun.identity.sm.ServiceManager)
ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)
Aggregations
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)18
Set (java.util.Set)11
SSOException (com.iplanet.sso.SSOException)10
HashSet (java.util.HashSet)10
AMException (com.iplanet.am.sdk.AMException)9
AMOrganization (com.iplanet.am.sdk.AMOrganization)8
Iterator (java.util.Iterator)7
Map (java.util.Map)7
HashMap (java.util.HashMap)6
DN (org.forgerock.opendj.ldap.DN)5
AttrSet (com.iplanet.services.ldap.AttrSet)4
SMSException (com.sun.identity.sm.SMSException)4
AMObject (com.iplanet.am.sdk.AMObject)3
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)3
RDN (org.forgerock.opendj.ldap.RDN)3
AMEntity (com.iplanet.am.sdk.AMEntity)2
AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)2
AMRole (com.iplanet.am.sdk.AMRole)2
AMUser (com.iplanet.am.sdk.AMUser)2
PolicyException (com.sun.identity.policy.PolicyException)2
