use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndUnLinkRoleToGroup.
/**
* Verifies if the <code>roleDN</code> corresponds to an admin role. If
* true the <code>memberOf</code> and <code>adminRole</code> attributes
* of each member/user are set to null. Each of the members/users are also
* removed to the corresponding admin group.
*
* @param token
* single sign on token.
* @param members
* Set of member distinguished name to be operated.
* @param roleDN
* distinguished name of the role.
* @exception AMException
* if unsuccessful in removing the members from the
* corresponding administrative groups and updating the
* <code>memberOf</code> and <code>adminRole</code>
* attribute values to null.
*/
protected void verifyAndUnLinkRoleToGroup(SSOToken token, Set members, String roleDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(roleDN);
String groupName = getGroupFromRoleDN(dn);
if (groupName != null) {
String orgDN = dn.parent().toString();
String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
// Delete the attributes memberOf & adminRole attribute values'
// corresponding to this groupDN.
Attr[] attrs = new Attr[1];
attrs[0] = new Attr("adminrole", groupRDN);
AttrSet attrSet = new AttrSet(attrs);
Iterator itr = members.iterator();
try {
AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
while (itr.hasNext()) {
String memberDN = (String) itr.next();
removeAttributesFromEntry(token, memberDN, attrSet);
group.removeMember(new Guid(memberDN));
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndUnLinkRoleToGroup: " + "Admin groups are missing");
} catch (UMSException ue) {
debug.error("Compliance." + "verifyAndUnLinkRoleToGroup(): ", ue);
throw new AMException(AMSDKBundle.getString("772"), "772");
}
}
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class DCTreeServicesImpl method updateCacheAndReturnDomain.
/**
* This is a private method to update cache
*/
private String updateCacheAndReturnDomain(SSOToken token, String canonOrgDN) throws AMException {
try {
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
SearchControl scontrol = new SearchControl();
scontrol.setSearchScope(SearchControl.SCOPE_SUB);
PersistentObject po = UMSObject.getObject(token, new Guid(DCTREE_START_DN));
String searchFilter = "(inetDomainBaseDN=" + canonOrgDN + ")";
if (debug.messageEnabled()) {
debug.message("DCTree.updateCache-> " + "searchFilter= " + searchFilter);
}
SearchResults results = po.search(searchFilter, null);
int count = 0;
String domainName = null;
String canonDomain = null;
while (results.hasMoreElements()) {
DomainComponent dcNode = (DomainComponent) results.next();
count++;
domainName = dcTree.mapDCToDomainName(dcNode);
if (debug.messageEnabled()) {
debug.message("DCTree:updateCache-> " + "domainName= " + domainName);
}
Attr isCanonical = dcNode.getAttribute(INET_CANONICAL_DOMAIN);
if (isCanonical != null) {
/*
* if (AMCacheManager.isCachingEnabled()) {
* synchronized(canonicalDomainMap) {
* canonicalDomainMap.put(canonOrgDN, domainName); } }
*/
canonDomain = domainName;
}
/*
* if (AMCacheManager.isCachingEnabled()) {
* synchronized(domainMap) { domainMap.put(canonOrgDN,
* domainName); } }
*/
}
results.abandon();
if (count == 1) {
canonDomain = domainName;
/*
* if (AMCacheManager.isCachingEnabled()) {
* canonicalDomainMap.put(canonOrgDN, domainName); }
*/
}
if (debug.messageEnabled()) {
debug.message("DCTree.updateCache-> " + "returning domain= " + canonDomain);
}
return canonDomain;
} catch (UMSException umse) {
debug.error("DCTree:updateCache: UMSException", umse);
return null;
}
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class DirectoryServicesImpl method modifyAndSaveEntry.
private void modifyAndSaveEntry(SSOToken token, String entryDN, Map stringAttributes, Map byteAttributes, boolean isAdd) throws AccessRightsException, EntryNotFoundException, UMSException {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
// Add string attributes
if (stringAttributes != null && !stringAttributes.isEmpty()) {
Iterator itr = stringAttributes.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) (itr.next());
if (!attrName.equalsIgnoreCase("dn")) {
Set set = (Set) (stringAttributes.get(attrName));
String[] attrValues = (set == null) ? null : (String[]) set.toArray(new String[set.size()]);
Attr attr = new Attr(attrName, attrValues);
/*
* AMObjectImpl.removeAttributes(...) sets the values to be
* Collections.EMPTY_SET.
*/
modifyPersistentObject(po, attr, isAdd, (set == AMConstants.REMOVE_ATTRIBUTE));
}
}
}
// Add byte attributes
if (byteAttributes != null && !byteAttributes.isEmpty()) {
Iterator itr = byteAttributes.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) (itr.next());
byte[][] attrValues = (byte[][]) (byteAttributes.get(attrName));
Attr attr = new Attr(attrName, attrValues);
modifyPersistentObject(po, attr, isAdd, false);
}
}
po.save();
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class DirectoryServicesImpl method combineOCs.
/**
* When an object is being created and attribute sets are being passed UMS
* does not overrid objectclasses in the attribute set, with the ones from
* creation template. This method takes care of that.
*
* @param ct
* @param aSet
*/
private AttrSet combineOCs(CreationTemplate ct, AttrSet aSet) {
// UMS creation template will not append default user
// objectclasses if the "objectclass" attribute is present
// so we need to append those default objectclass here
Attr attr = aSet.getAttribute("objectclass");
// if (attr != null) {
// TO: To write a separate method for attrSet combine object class
// values. Need to avoid conversion from string array to sets.
// get default user objectclass from creation template
Attr defAttr = ct.getAttribute("objectclass");
Set addOCs = (attr != null) ? CommonUtils.stringArrayToSet(attr.getStringValues()) : new HashSet();
Set ctOCs = CommonUtils.stringArrayToSet(defAttr.getStringValues());
Set finalOCs = CommonUtils.combineOCs(addOCs, ctOCs);
aSet.remove("objectclass");
Attr finalOCAttr = new Attr("objectclass", (String[]) finalOCs.toArray(new String[finalOCs.size()]));
aSet.add(finalOCAttr);
// }
return aSet;
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createFilteredRole.
private void createFilteredRole(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
// Invoke the Pre Processing plugin
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
String entryDN = getNamingAttribute(AMObject.FILTERED_ROLE) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.FILTERED_ROLE, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.FILTERED_ROLE), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicFilteredRole", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
if (!attrSet.contains(FilteredRole.FILTER_ATTR_NAME)) {
Attr attr = new Attr(FilteredRole.FILTER_ATTR_NAME, SearchFilterManager.getSearchFilter(AMObject.USER, orgDN));
attrSet.add(attr);
}
FilteredRole frole = new FilteredRole(creationTemp, attrSet);
parentObj.addChild(frole);
// Invoke Post processing impls
callBackHelper.postProcess(token, frole.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.FILTERED_ROLE, false);
}
Aggregations