Search in sources :

Example 6 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method getBinaryAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
     *      com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
     *      java.lang.String, java.util.Set)
     */
public Map getBinaryAttributes(SSOToken token, IdType type, String name, Set attrNames) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("AMSDKIdRepo: getBinaryAttributes called" + ": " + type + ": " + name);
    }
    AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    // Use adminToken if present
    if (adminToken != null) {
        token = adminToken;
    }
    try {
        if (amsc.isValidEntry(dn)) {
            IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
            return dsServices.getAttributesByteValues(token, dn, attrNames, profileType);
        } else {
            Object[] args = { name };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
        }
    } catch (AMException ame) {
        debug.error("AMSDKRepo.getBinaryAttributes(): AMException ", ame);
        throw IdUtils.convertAMException(ame);
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 7 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method changePassword.

public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("AMSDKRepo.changePassword: name = " + name);
    }
    if (!type.equals(IdType.USER)) {
        Object[] args = { this.getClass().getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, args);
    }
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    try {
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        dsServices.changePassword(token, dn, attrName, oldPassword, newPassword);
    } catch (AMException ame) {
        debug.error("AMSDKRepo.changePassword:", ame);
        throw IdUtils.convertAMException(ame);
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)

Example 8 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSearchFilterManager method getSearchFilter.

/**
     * Method to get search filter for the specified object type defined at the
     * specified Organization. If a search template corresponding to the
     * AMObject, is not found at the specified Organization, then one defined at
     * global one will be returned.
     * 
     * @param objectType
     *            type of AMObject
     * @param orgDN
     *            the DN of the organization where the AMObject resides.
     * @param searchTemplateName
     *            name of the search template to be used. If this is null, then
     *            default search templates are used.
     * @param ignoreComplianceFilter
     *            if true then modify the compliance related search filters will
     *            not be applied. If false, compliance related filters will be
     *            applied.
     * @return a search filter String in lower case.
     */
public static String getSearchFilter(int objectType, String orgDN, String searchTemplateName, boolean ignoreComplianceFilter) {
    String filter;
    String organizationDN = DN.valueOf(orgDN).toString();
    // Already in RFC
    String rootSuffixDN = AMStoreConnection.getAMSdkBaseDN();
    if (orgDN != null && organizationDN.equals(rootSuffixDN)) {
        orgDN = null;
    }
    String cacheKey = (new Integer(objectType)).toString() + ":" + searchTemplateName + ":" + organizationDN;
    if ((filter = (String) searchfilterMap.get(cacheKey)) == null) {
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        filter = dsServices.getSearchFilterFromTemplate(objectType, orgDN, searchTemplateName);
        searchfilterMap.put(cacheKey, filter);
    }
    // Now modify the obtained search filter if necessary. Also, mostly
    // do the modification here, if you do not want the modified filter
    // to be cached. Applicable to cases where filter may change dynamically
    // Note: Always add lowercase filters, to guarantee a lowercase filter
    // String to be returned.
    filter = modifyFilter(filter, objectType);
    filter = addAdminGroupFilters(filter, orgDN, objectType);
    filter = addComplianceModeFilters(filter, objectType, ignoreComplianceFilter);
    return filter;
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)

Example 9 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method getAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
     *      com.sun.identity.idm.IdType, java.lang.String)
     */
public Map getAttributes(SSOToken token, IdType type, String name) throws IdRepoException, SSOException {
    AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    if (debug.messageEnabled()) {
        debug.message("AMSDKIdRepo: getAttributes called" + ": " + type + ": " + name + " DN: '" + dn + "'");
    }
    // Use adminToken if present
    if (adminToken != null) {
        token = adminToken;
    }
    try {
        if (amsc.isValidEntry(dn)) {
            IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
            return dsServices.getAttributes(token, dn, false, false, profileType);
        } else {
            Object[] args = { name };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
        }
    } catch (AMException ame) {
        debug.error("AMSDKRepo.getAttributes(): AMException ", ame);
        throw IdUtils.convertAMException(ame);
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 10 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class IdUtils method getIdentity.

/**
     * Returns an <code>AMIdentity</code> object, given the
     * DN of an authenticated identity, realm name and identity type.
     * This interface is mainly for authentication component to get
     * back the identity of the user.
     * 
     * @param token SSOToken of the administrator
     * @param amsdkdn DN of the authenticated user
     * @param realm  realm name where the user was authenticated
     * @return Identity object or <code>null</code> 
     * @throws IdRepoException if the underly components throws
     * exception while obtaining the identity object
     */
public static AMIdentity getIdentity(SSOToken token, String amsdkdn, String realm) throws IdRepoException {
    if (amsdkdn == null || !LDAPUtils.isDN(amsdkdn)) {
        Object[] args = { amsdkdn };
        throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_UNIVERSAL_IDENTIFIER, args));
    }
    DN amsdkdnObject = LDAPUtils.newDN(amsdkdn);
    // Try constructing the identity object
    if (amsdkdn.toLowerCase().startsWith("id=")) {
        try {
            return (new AMIdentity(amsdkdnObject, token));
        } catch (IdRepoException ide) {
            // this could be a AMSDK DN. Follow the AMSDK rules
            if (debug.messageEnabled()) {
                debug.message("IdUtils:getIdentity(token, " + amsdkdn + ") got exception: " + ide.getMessage() + "\n\tContinuing with AMSDK DN check");
            }
        }
    }
    // Check for Special Users
    initializeSpecialUsers();
    if (specialUsers.contains(DNUtils.normalizeDN(amsdkdn))) {
        return new AMIdentity(amsdkdnObject, token, LDAPUtils.rdnValueFromDn(amsdkdnObject), IdType.USER, ROOT_SUFFIX);
    }
    // any of the realms. 
    try {
        if (!ServiceManager.isAMSDKEnabled() || ((realm != null) && !OrgConfigViaAMSDK.isAMSDKConfigured(realm)) || (!ServiceManager.isAMSDKConfigured())) {
            // Not configured for AMSDK, return
            return (null);
        }
    } catch (SMSException smse) {
    // Ignore the exception and continue
    }
    // Initialize root realm suffix, org and user naming attributes
    initializeForGetIdentity();
    // Determine if the amsdkdn is valid. Obtain name & type
    String name = null;
    IdType type = null;
    try {
        // Since we would using AMSDK, get AMDirectoryManager preload
        // all the attributes and check if it exists
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        // force multiple another directory lookup
        try {
            if (amsdkdn.startsWith(USER_NAMING_ATTR)) {
                dsServices.getAttributes(token, amsdkdn, AMObject.USER);
            }
        } catch (Exception e) {
        // Ignore the exception and continue since this for cache
        }
        // Getting object type would use the cached attributes
        int sdkType = dsServices.getObjectType(token, amsdkdn);
        // Convert the sdkType to IdRepo type
        type = getType(AMStoreConnection.getObjectName(sdkType));
        name = AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE;
        if (!type.equals(IdType.REALM)) {
            name = LDAPUtils.rdnValueFromDn(amsdkdnObject);
        }
    } catch (AMException ame) {
        // Debug the message and return null
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN: " + amsdkdn, ame);
        }
        return (null);
    } catch (SSOException ssoe) {
        // Debug the message and return null
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN. Got SSOException", ssoe);
        }
        return (null);
    }
    // Need to determine realm for amsdkdn
    String srealm = ROOT_SUFFIX;
    if (!amsdkdn.equals(ROOT_SUFFIX) && !amsdkdn.equals(SERVICES_SUFFIX)) {
        // Need to get the object type and walk up the tree
        int index = amsdkdn.indexOf(ORG_NAMING_ATTR);
        if (index == 0) {
            srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn, realm);
        } else if (index > 0) {
            srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn.substring(index), realm);
        }
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity:: amsdkdn=" + amsdkdn + " maps to realm=" + srealm);
        }
    } else if (amsdkdn.equals(SERVICES_SUFFIX)) {
        // Since amsdkdn points to services node,
        // it should be reset to root suffix
        amsdkdn = ROOT_SUFFIX;
    }
    return (new AMIdentity(amsdkdnObject, token, name, type, srealm));
}
Also used : SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) SSOException(com.iplanet.sso.SSOException) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) AMObject(com.iplanet.am.sdk.AMObject)

Aggregations

IDirectoryServices (com.iplanet.am.sdk.common.IDirectoryServices)15 IdRepoException (com.sun.identity.idm.IdRepoException)6 Set (java.util.Set)6 Iterator (java.util.Iterator)5 AMObjectListener (com.iplanet.am.sdk.AMObjectListener)4 ICachedDirectoryServices (com.iplanet.am.sdk.common.ICachedDirectoryServices)4 Map (java.util.Map)4 SSOException (com.iplanet.sso.SSOException)3 IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2 IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)2 SMSException (com.sun.identity.sm.SMSException)2 DN (org.forgerock.opendj.ldap.DN)2 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)1 AMException (com.iplanet.am.sdk.AMException)1 AMObject (com.iplanet.am.sdk.AMObject)1 LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1