Example 46 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createGroup.
private void createGroup(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
// Invoke the Pre Processing plugin
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
String entryDN = getNamingAttribute(AMObject.GROUP) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.GROUP, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.GROUP), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicGroup", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
com.iplanet.ums.StaticGroup sgroup = new com.iplanet.ums.StaticGroup(creationTemp, attrSet);
parentObj.addChild(sgroup);
Attr um = attrSet.getAttribute(UNIQUE_MEMBER_ATTRIBUTE);
if (um != null) {
String[] values = um.getStringValues();
Set members = new HashSet();
members.addAll(Arrays.asList(values));
updateUserAttribute(token, members, sgroup.getDN(), true);
}
// Invoke Post processing impls
callBackHelper.postProcess(token, sgroup.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.GROUP, false);
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
Guid(com.iplanet.ums.Guid)
StaticGroup(com.iplanet.ums.StaticGroup)
Attr(com.iplanet.services.ldap.Attr)
AttrSet(com.iplanet.services.ldap.AttrSet)
CreationTemplate(com.iplanet.ums.CreationTemplate)
StaticGroup(com.iplanet.ums.StaticGroup)
TemplateManager(com.iplanet.ums.TemplateManager)
HashSet(java.util.HashSet)
Example 47 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeAdminRole.
/**
* Remove group admin role
*
* @param token
* SSOToken of the caller
* @param dn
* group DN
* @param recursive
* true to delete all admin roles for all sub groups or sub
* people container
*/
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
SSOTokenManager.getInstance().validateToken(token);
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
}
// first find out the admin role dn for the group
DN ldapDN = DN.valueOf(dn);
String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
String newdn = dn.replace(',', '_');
String roleNameAttr = getNamingAttribute(AMObject.ROLE);
String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
Set adminRoles = Collections.EMPTY_SET;
if (recursive) {
String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
StringBuilder sb = new StringBuilder();
sb.append("(&").append(roleSearchFilter).append("(");
sb.append(roleNameAttr).append("=*").append(newdn).append("))");
adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
} else {
adminRoles = new HashSet();
adminRoles.add(roleDN);
}
Iterator iter = adminRoles.iterator();
while (iter.hasNext()) {
String adminRoleDN = (String) iter.next();
// remove all members from the role
try {
ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
roleObj.removeAllMembers();
// removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMRole role = amsc.getRole(adminRoleDN);
role.delete(recursive);
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
}
}
}
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Iterator(java.util.Iterator)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
Guid(com.iplanet.ums.Guid)
AMRole(com.iplanet.am.sdk.AMRole)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
UMSException(com.iplanet.ums.UMSException)
AMEventManagerException(com.iplanet.am.sdk.AMEventManagerException)
AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException)
SizeLimitExceededException(com.iplanet.ums.SizeLimitExceededException)
AMInvalidDNException(com.iplanet.am.sdk.AMInvalidDNException)
TimeLimitExceededException(com.iplanet.ums.TimeLimitExceededException)
SSOException(com.iplanet.sso.SSOException)
AccessRightsException(com.iplanet.ums.AccessRightsException)
LdapException(org.forgerock.opendj.ldap.LdapException)
InvalidSearchFilterException(com.iplanet.ums.InvalidSearchFilterException)
SMSException(com.sun.identity.sm.SMSException)
AMException(com.iplanet.am.sdk.AMException)
AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException)
HashSet(java.util.HashSet)
ManagedRole(com.iplanet.ums.ManagedRole)
Example 48 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method modifyAssignDynamicGroupMembership.
private void modifyAssignDynamicGroupMembership(SSOToken token, String target, Set members, int operation, int profileType) throws UMSException, AMException {
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup tmpgroup = new AssignableDynamicGroup();
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(target));
// Make call backs to the plugins to let them know modification
// to role membership.
// Since this target cannot be an Org. Get the parent
String parentDN = adgroup.getParentGuid().getDn();
String orgDN = getOrganizationDN(token, parentDN);
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
members = callBackHelper.preProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
if (members == null || members.isEmpty()) {
return;
}
}
switch(operation) {
case ADD_MEMBER:
Guid[] membersGuid = CommonUtils.toGuidArray(members);
adgroup.addMembers(CommonUtils.toGuidArray(members));
if (ComplianceServicesImpl.isAdminGroupsEnabled(AMStoreConnection.getAMSdkBaseDN())) {
complianceImpl.verifyAndLinkGroupToRole(token, membersGuid, target);
}
break;
case REMOVE_MEMBER:
Object[] entries = members.toArray();
for (int i = 0; i < entries.length; i++) {
adgroup.removeMember(new Guid((String) entries[i]));
}
// compliance related operations if needed.
if (ComplianceServicesImpl.isAdminGroupsEnabled(AMStoreConnection.getAMSdkBaseDN())) {
complianceImpl.verifyAndUnLinkGroupToRole(token, members, target);
}
break;
default:
throw new AMException(token, "114");
}
// role membership.
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
// Here the new members are just the ones added not the complete Set
callBackHelper.postProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
}
}
Also used :
AMException(com.iplanet.am.sdk.AMException)
AMObject(com.iplanet.am.sdk.AMObject)
UMSObject(com.iplanet.ums.UMSObject)
PersistentObject(com.iplanet.ums.PersistentObject)
Guid(com.iplanet.ums.Guid)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
Example 49 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createAMTemplate.
/**
* Create an AMTemplate (COSTemplate)
*
* @param token
* token
* @param entryDN
* DN of the profile whose template is to be set
* @param objectType
* the entry type
* @param serviceName
* Service Name
* @param attributes
* attributes to be set
* @param priority
* template priority
* @return String DN of the newly created template
*/
public String createAMTemplate(SSOToken token, String entryDN, int objectType, String serviceName, Map attributes, int priority) throws AMException {
// TBD, each time a Org/PC is created, need to create default role
COSManager cm = null;
DirectCOSDefinition dCOS = null;
String roleDN = null;
// TBD, change "cn" to flesible naming attrsibute for AMObject.ROLE
try {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
// get COS Definition depends on different profile type
switch(objectType) {
case AMObject.ROLE:
case AMObject.FILTERED_ROLE:
roleDN = entryDN;
cm = COSManager.getCOSManager(token, po.getParentGuid());
dCOS = (DirectCOSDefinition) cm.getDefinition(serviceName);
break;
case AMObject.ORGANIZATION:
case AMObject.ORGANIZATIONAL_UNIT:
case AMObject.PEOPLE_CONTAINER:
roleDN = "cn=" + CONTAINER_DEFAULT_TEMPLATE_ROLE + "," + entryDN;
cm = COSManager.getCOSManager(token, po.getGuid());
dCOS = (DirectCOSDefinition) cm.getDefinition(serviceName);
break;
default:
// does not have COS
throw new AMException(token, "450");
}
// add template priority
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
if (priority != AMTemplate.UNDEFINED_PRIORITY) {
Attr attr = new Attr("cospriority");
attr.addValue("" + priority);
attrSet.add(attr);
}
COSTemplate template = createCOSTemplate(serviceName, attrSet, roleDN);
dCOS.addCOSTemplate(template);
return template.getGuid().toString();
} catch (COSNotFoundException e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.createAMTemplate() " + "COSDefinition for service: " + serviceName + " not found: ", e);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("459", locale), "459", args);
} catch (EntryAlreadyExistsException e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.createAMTemplate: template " + "already exists for " + serviceName, e);
}
String[] params = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("854", params, locale), "854", params);
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createAMTemplate() " + "Insufficient access rights to create template for: " + serviceName + " & entryDN: " + entryDN, e);
}
throw new AMException(token, "460");
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createAMTemplate() Unable" + " to create AMTemplate for: " + serviceName + " & entryDN: " + entryDN, e);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("459", locale), "459", args, e);
} catch (Exception e) {
if (debug.warningEnabled())
debug.warning("DirectoryServicesImpl.createAMTemplate", e);
throw new AMException(token, "451");
}
}
Also used :
AccessRightsException(com.iplanet.ums.AccessRightsException)
UMSException(com.iplanet.ums.UMSException)
COSTemplate(com.iplanet.ums.cos.COSTemplate)
PersistentObject(com.iplanet.ums.PersistentObject)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
Attr(com.iplanet.services.ldap.Attr)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
UMSException(com.iplanet.ums.UMSException)
AMEventManagerException(com.iplanet.am.sdk.AMEventManagerException)
AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException)
SizeLimitExceededException(com.iplanet.ums.SizeLimitExceededException)
AMInvalidDNException(com.iplanet.am.sdk.AMInvalidDNException)
TimeLimitExceededException(com.iplanet.ums.TimeLimitExceededException)
SSOException(com.iplanet.sso.SSOException)
AccessRightsException(com.iplanet.ums.AccessRightsException)
LdapException(org.forgerock.opendj.ldap.LdapException)
InvalidSearchFilterException(com.iplanet.ums.InvalidSearchFilterException)
SMSException(com.sun.identity.sm.SMSException)
AMException(com.iplanet.am.sdk.AMException)
AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException)
AttrSet(com.iplanet.services.ldap.AttrSet)
DirectCOSDefinition(com.iplanet.ums.cos.DirectCOSDefinition)
COSManager(com.iplanet.ums.cos.COSManager)
COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException)
Example 50 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createEntry.
/**
* Create an entry in the Directory
*
* @param token
* SSOToken
* @param entryName
* name of the entry (naming value), e.g. "sun.com", "manager"
* @param objectType
* Profile Type, ORGANIZATION, AMObject.ROLE, AMObject.USER, etc.
* @param parentDN
* the parent DN
* @param attributes
* the initial attribute set for creation
*/
public void createEntry(SSOToken token, String entryName, int objectType, String parentDN, Map attributes) throws AMEntryExistsException, AMException, SSOException {
try {
if (entryName == null || entryName.length() == 0) {
throw new AMException(token, "320");
} else if (parentDN == null) {
throw new AMException(token, "322");
}
// tmpDN to be used only when validating since the method
// expects a DN.
String tmpDN = getNamingAttribute(objectType) + "=" + entryName + "," + parentDN;
validateAttributeUniqueness(tmpDN, objectType, true, attributes);
// Get handle to the parent object
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(parentDN));
switch(objectType) {
case AMObject.USER:
createUser(token, po, attributes, entryName);
break;
case AMObject.MANAGED_ROLE:
case // same as MANAGED ROLE
AMObject.ROLE:
createRole(token, po, attributes, entryName);
break;
case AMObject.ORGANIZATION:
createOrganization(token, po, attributes, entryName);
break;
case AMObject.STATIC_GROUP:
case AMObject.GROUP:
createGroup(token, po, attributes, entryName);
break;
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
createAssignDynamicGroup(token, po, attributes, entryName);
break;
case AMObject.DYNAMIC_GROUP:
createDynamicGroup(token, po, attributes, entryName);
break;
case AMObject.PEOPLE_CONTAINER:
createPeopleContainer(po, attributes, entryName);
break;
case AMObject.ORGANIZATIONAL_UNIT:
createOrganizationalUnit(token, po, attributes, entryName);
break;
case AMObject.GROUP_CONTAINER:
createGroupContainer(po, attributes, entryName);
break;
case AMObject.FILTERED_ROLE:
createFilteredRole(token, po, attributes, entryName);
break;
case AMObject.RESOURCE:
createResource(po, attributes, entryName);
break;
case AMObject.UNDETERMINED_OBJECT_TYPE:
case AMObject.UNKNOWN_OBJECT_TYPE:
throw new AMException(token, "326");
default:
// Supported generic type
createEntity(token, po, objectType, attributes, entryName);
}
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() " + "Insufficient access rights to create entry: " + entryName, e);
}
throw new AMException(token, "460");
} catch (EntryAlreadyExistsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() Entry: " + entryName + "already exists: ", e);
}
String msgid = getEntryExistsMsgID(objectType);
String name = getEntryName(e);
Object[] args = { name };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() Unable to " + "create entry: " + entryName, e);
}
throw new AMException(token, "324", e);
}
}
Also used :
AccessRightsException(com.iplanet.ums.AccessRightsException)
UMSException(com.iplanet.ums.UMSException)
AMException(com.iplanet.am.sdk.AMException)
PersistentObject(com.iplanet.ums.PersistentObject)
Guid(com.iplanet.ums.Guid)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
Aggregations
Guid (com.iplanet.ums.Guid)63
UMSException (com.iplanet.ums.UMSException)41
AMException (com.iplanet.am.sdk.AMException)33
PersistentObject (com.iplanet.ums.PersistentObject)29
AttrSet (com.iplanet.services.ldap.AttrSet)23
Attr (com.iplanet.services.ldap.Attr)16
CreationTemplate (com.iplanet.ums.CreationTemplate)13
TemplateManager (com.iplanet.ums.TemplateManager)13
EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)11
AccessRightsException (com.iplanet.ums.AccessRightsException)10
AssignableDynamicGroup (com.iplanet.ums.AssignableDynamicGroup)9
DomainComponentTree (com.iplanet.ums.dctree.DomainComponentTree)8
AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)6
EntryAlreadyExistsException (com.iplanet.ums.EntryAlreadyExistsException)6
SearchResults (com.iplanet.ums.SearchResults)6
DN (org.forgerock.opendj.ldap.DN)6
LdapException (org.forgerock.opendj.ldap.LdapException)6
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)5
ManagedRole (com.iplanet.ums.ManagedRole)5
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)5
