Search in sources :

Example 1 with ServerInstance

use of com.iplanet.services.ldap.ServerInstance in project OpenAM by OpenRock.

the class LocalLdapAuthModule method authenticate.

private boolean authenticate(String dn, String passwd) throws LoginException {
    // LDAP connection used for authentication
    Connection localConn = null;
    String host;
    int port;
    Options ldapOptions = Options.defaultOptions();
    // Check if organization is present in options
    String orgUrl = (String) options.get(LoginContext.ORGNAME);
    if ((orgUrl == null) || (orgUrl.equals(LoginContext.LDAP_AUTH_URL)) || (orgUrl.equals(LoginContext.LDAPS_AUTH_URL)) || !(orgUrl.startsWith(LoginContext.LDAP_AUTH_URL) || orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL))) {
        try {
            DSConfigMgr dscm = DSConfigMgr.getDSConfigMgr();
            // We need a handle on server instance so we can know the
            // Connection type. If it is SSL, the connection needs to be
            // accordingly created. Note: The user type does not make
            // a difference, as the connection type is Server group based,
            // so passing any user type for the second argument.
            ServerInstance si = dscm.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
            String hostName = dscm.getHostName(DSConfigMgr.DEFAULT);
            if (si.getConnectionType() == Server.Type.CONN_SSL) {
                try {
                    ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
                } catch (GeneralSecurityException e) {
                    debug.error("getConnection.JSSESocketFactory", e);
                    throw new LDAPServiceException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_JSSSFFAIL));
                }
            }
            if (dn != null && passwd != null) {
                // The 389 port number passed is overridden by the
                // hostName:port
                // constructed by the getHostName method. So, this is not
                // a hardcoded port number.
                host = hostName;
                port = 389;
            } else {
                // Throw LoginException
                throw new LoginException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_CONNECTFAIL));
            }
        } catch (LDAPServiceException ex) {
            debug.error("Authenticate failed: " + ex);
            throw new LoginException(ex.getMessage());
        }
    } else {
        try {
            if (debug.messageEnabled()) {
                debug.message("authenticate(): orgUrl= " + orgUrl);
            }
            // Get hostname
            int start;
            boolean useSSL = false;
            if (orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL)) {
                start = LoginContext.LDAPS_AUTH_URL.length();
                useSSL = true;
            } else {
                start = LoginContext.LDAP_AUTH_URL.length();
            }
            int end = orgUrl.indexOf(':', start);
            if (end == -1) {
                end = orgUrl.indexOf('/', start);
                if (end == -1)
                    end = orgUrl.length();
            }
            String hostName = orgUrl.substring(start, end);
            // Get port number
            String portNumber = "389";
            start = end + 1;
            if (start < orgUrl.length()) {
                end = orgUrl.indexOf('/', start);
                if (end == -1)
                    end = orgUrl.length();
                portNumber = orgUrl.substring(start, end);
            }
            if (useSSL) {
                try {
                    ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
                } catch (GeneralSecurityException e) {
                    debug.error("authentication().JSSESocketFactory()", e);
                    throw (new LoginException(e.getMessage()));
                }
            }
            if (debug.messageEnabled()) {
                debug.message("before connect(), hostName=" + hostName + ",port=" + portNumber);
            }
            host = hostName;
            port = Integer.parseInt(portNumber);
        } catch (Exception e) {
            debug.error("authentication", e);
            throw (new LoginException(e.getMessage()));
        }
    }
    try (ConnectionFactory factory = LDAPUtils.createFailoverConnectionFactory(host, port, dn, passwd, ldapOptions);
        Connection conn = factory.getConnection()) {
        return true;
    } catch (LdapException e) {
        throw new LoginException(e.getMessage());
    }
}
Also used : Options(org.forgerock.util.Options) GeneralSecurityException(java.security.GeneralSecurityException) Connection(org.forgerock.opendj.ldap.Connection) DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance) SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder) LdapException(org.forgerock.opendj.ldap.LdapException)

Example 2 with ServerInstance

use of com.iplanet.services.ldap.ServerInstance in project OpenAM by OpenRock.

the class LocalLdapAuthModule method readServerConfig.

private void readServerConfig() throws LoginException {
    if (readServerConfiguration)
        return;
    try {
        DSConfigMgr cfgMgr = DSConfigMgr.getDSConfigMgr();
        conn = cfgMgr.getNewBasicConnectionFactory().getConnection();
        ServerInstance si = cfgMgr.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
        baseDN = si.getBaseDN();
        readServerConfiguration = true;
    } catch (LDAPServiceException | LdapException ex) {
        throw new LoginException(ex.getMessage());
    }
}
Also used : DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance) LdapException(org.forgerock.opendj.ldap.LdapException)

Example 3 with ServerInstance

use of com.iplanet.services.ldap.ServerInstance in project OpenAM by OpenRock.

the class AdminUtils method initialize.

public static void initialize() {
    debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
    try {
        DSConfigMgr dscMgr = DSConfigMgr.getDSConfigMgr();
        ServerInstance svrInstance = dscMgr.getServerInstance(LDAPUser.Type.AUTH_ADMIN);
        if (svrInstance != null) {
            adminDN = svrInstance.getAuthID();
            String adminPW = (String) AccessController.doPrivileged(new ServerInstanceAction(svrInstance));
            adminPassword = xor(adminPW.getBytes());
        } else {
            debug.error("AdminUtils.initialize: server instance not found");
        }
    } catch (LDAPServiceException e) {
        if (SystemProperties.isServerMode()) {
            debug.error("AdminUtils.initialize: Initialize admin info ", e);
        } else if (debug.messageEnabled()) {
            debug.message("AdminUtilsinitialize: Could not initialize admin info message:" + e.getMessage());
        }
    }
}
Also used : ServerInstanceAction(com.sun.identity.security.ServerInstanceAction) DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance)

Example 4 with ServerInstance

use of com.iplanet.services.ldap.ServerInstance in project OpenAM by OpenRock.

the class AMSDKRepo method getDsSvrCfg.

private ServerInstance getDsSvrCfg(LDAPUser.Type authType) throws IdRepoException {
    ServerInstance svrCfg = null;
    try {
        DSConfigMgr dsCfg = DSConfigMgr.getDSConfigMgr();
        svrCfg = dsCfg.getServerInstance(authType);
    } catch (LDAPServiceException ldex) {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo: getFullyQualifiedName" + " LDAPServiceException: " + ldex.getMessage());
        }
        Object[] args = { CLASS_NAME };
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SEARCH_FAILED, args);
    }
    return (svrCfg);
}
Also used : IdRepoException(com.sun.identity.idm.IdRepoException) DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance)

Example 5 with ServerInstance

use of com.iplanet.services.ldap.ServerInstance in project OpenAM by OpenRock.

the class AMSDKRepo method getFullyQualifiedName.

/**
     * Returns the fully qualified name for the identity. It is expected that
     * the fully qualified name would be unique, hence it is recommended to
     * prefix the name with the data store name or protocol. Used by IdRepo
     * framework to check for equality of two identities
     *
     * @param token
     *            administrator SSOToken that can be used by the datastore to
     *            determine the fully qualified name
     * @param type
     *            type of the identity
     * @param name
     *            name of the identity
     *
     * @return fully qualified name for the identity within the data store
     */
public String getFullyQualifiedName(SSOToken token, IdType type, String name) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("AMSDKRepo: getFullyQualifiedName." + " type=" + type + "; name=" + name);
    }
    // given idtype and name, we will do search to get its FDN.
    if ((name == null) || (name.length() == 0)) {
        Object[] args = { CLASS_NAME, "" };
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_FIND_ENTRY, args);
    }
    String dn;
    AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
    dn = getDN(type, name);
    boolean exists = amsc.isValidEntry(dn);
    ServerInstance svrCfg = getDsSvrCfg(LDAPUser.Type.AUTH_ADMIN);
    return ("amsdk://" + svrCfg.getServerName() + ":" + svrCfg.getPort() + "/" + dn);
}
Also used : IdRepoException(com.sun.identity.idm.IdRepoException) ServerInstance(com.iplanet.services.ldap.ServerInstance)

Aggregations

ServerInstance (com.iplanet.services.ldap.ServerInstance)22 DSConfigMgr (com.iplanet.services.ldap.DSConfigMgr)13 ServerGroup (com.iplanet.services.ldap.ServerGroup)11 Test (org.testng.annotations.Test)8 LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)7 Server (com.iplanet.services.ldap.Server)4 IdRepoException (com.sun.identity.idm.IdRepoException)3 ServerConfigurationFactory (org.forgerock.openam.sm.ServerConfigurationFactory)3 LdapException (org.forgerock.opendj.ldap.LdapException)3 IOException (java.io.IOException)2 Collection (java.util.Collection)2 Iterator (java.util.Iterator)2 LoginException (javax.security.auth.login.LoginException)2 LDAPURL (org.forgerock.openam.ldap.LDAPURL)2 ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)2 ShutdownListener (org.forgerock.util.thread.listener.ShutdownListener)2 ShutdownManager (org.forgerock.util.thread.listener.ShutdownManager)2 Matchers.anyString (org.mockito.Matchers.anyString)2 EventException (com.iplanet.services.ldap.event.EventException)1 SSOToken (com.iplanet.sso.SSOToken)1