use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createGroup.
private void createGroup(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
// Invoke the Pre Processing plugin
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
String entryDN = getNamingAttribute(AMObject.GROUP) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.GROUP, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.GROUP), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicGroup", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
com.iplanet.ums.StaticGroup sgroup = new com.iplanet.ums.StaticGroup(creationTemp, attrSet);
parentObj.addChild(sgroup);
Attr um = attrSet.getAttribute(UNIQUE_MEMBER_ATTRIBUTE);
if (um != null) {
String[] values = um.getStringValues();
Set members = new HashSet();
members.addAll(Arrays.asList(values));
updateUserAttribute(token, members, sgroup.getDN(), true);
}
// Invoke Post processing impls
callBackHelper.postProcess(token, sgroup.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.GROUP, false);
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeAdminRole.
/**
* Remove group admin role
*
* @param token
* SSOToken of the caller
* @param dn
* group DN
* @param recursive
* true to delete all admin roles for all sub groups or sub
* people container
*/
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
SSOTokenManager.getInstance().validateToken(token);
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
}
// first find out the admin role dn for the group
DN ldapDN = DN.valueOf(dn);
String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
String newdn = dn.replace(',', '_');
String roleNameAttr = getNamingAttribute(AMObject.ROLE);
String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
Set adminRoles = Collections.EMPTY_SET;
if (recursive) {
String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
StringBuilder sb = new StringBuilder();
sb.append("(&").append(roleSearchFilter).append("(");
sb.append(roleNameAttr).append("=*").append(newdn).append("))");
adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
} else {
adminRoles = new HashSet();
adminRoles.add(roleDN);
}
Iterator iter = adminRoles.iterator();
while (iter.hasNext()) {
String adminRoleDN = (String) iter.next();
// remove all members from the role
try {
ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
roleObj.removeAllMembers();
// removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMRole role = amsc.getRole(adminRoleDN);
role.delete(recursive);
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
}
}
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method modifyAssignDynamicGroupMembership.
private void modifyAssignDynamicGroupMembership(SSOToken token, String target, Set members, int operation, int profileType) throws UMSException, AMException {
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup tmpgroup = new AssignableDynamicGroup();
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(target));
// Make call backs to the plugins to let them know modification
// to role membership.
// Since this target cannot be an Org. Get the parent
String parentDN = adgroup.getParentGuid().getDn();
String orgDN = getOrganizationDN(token, parentDN);
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
members = callBackHelper.preProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
if (members == null || members.isEmpty()) {
return;
}
}
switch(operation) {
case ADD_MEMBER:
Guid[] membersGuid = CommonUtils.toGuidArray(members);
adgroup.addMembers(CommonUtils.toGuidArray(members));
if (ComplianceServicesImpl.isAdminGroupsEnabled(AMStoreConnection.getAMSdkBaseDN())) {
complianceImpl.verifyAndLinkGroupToRole(token, membersGuid, target);
}
break;
case REMOVE_MEMBER:
Object[] entries = members.toArray();
for (int i = 0; i < entries.length; i++) {
adgroup.removeMember(new Guid((String) entries[i]));
}
// compliance related operations if needed.
if (ComplianceServicesImpl.isAdminGroupsEnabled(AMStoreConnection.getAMSdkBaseDN())) {
complianceImpl.verifyAndUnLinkGroupToRole(token, members, target);
}
break;
default:
throw new AMException(token, "114");
}
// role membership.
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
// Here the new members are just the ones added not the complete Set
callBackHelper.postProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createAMTemplate.
/**
* Create an AMTemplate (COSTemplate)
*
* @param token
* token
* @param entryDN
* DN of the profile whose template is to be set
* @param objectType
* the entry type
* @param serviceName
* Service Name
* @param attributes
* attributes to be set
* @param priority
* template priority
* @return String DN of the newly created template
*/
public String createAMTemplate(SSOToken token, String entryDN, int objectType, String serviceName, Map attributes, int priority) throws AMException {
// TBD, each time a Org/PC is created, need to create default role
COSManager cm = null;
DirectCOSDefinition dCOS = null;
String roleDN = null;
// TBD, change "cn" to flesible naming attrsibute for AMObject.ROLE
try {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
// get COS Definition depends on different profile type
switch(objectType) {
case AMObject.ROLE:
case AMObject.FILTERED_ROLE:
roleDN = entryDN;
cm = COSManager.getCOSManager(token, po.getParentGuid());
dCOS = (DirectCOSDefinition) cm.getDefinition(serviceName);
break;
case AMObject.ORGANIZATION:
case AMObject.ORGANIZATIONAL_UNIT:
case AMObject.PEOPLE_CONTAINER:
roleDN = "cn=" + CONTAINER_DEFAULT_TEMPLATE_ROLE + "," + entryDN;
cm = COSManager.getCOSManager(token, po.getGuid());
dCOS = (DirectCOSDefinition) cm.getDefinition(serviceName);
break;
default:
// does not have COS
throw new AMException(token, "450");
}
// add template priority
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
if (priority != AMTemplate.UNDEFINED_PRIORITY) {
Attr attr = new Attr("cospriority");
attr.addValue("" + priority);
attrSet.add(attr);
}
COSTemplate template = createCOSTemplate(serviceName, attrSet, roleDN);
dCOS.addCOSTemplate(template);
return template.getGuid().toString();
} catch (COSNotFoundException e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.createAMTemplate() " + "COSDefinition for service: " + serviceName + " not found: ", e);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("459", locale), "459", args);
} catch (EntryAlreadyExistsException e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.createAMTemplate: template " + "already exists for " + serviceName, e);
}
String[] params = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("854", params, locale), "854", params);
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createAMTemplate() " + "Insufficient access rights to create template for: " + serviceName + " & entryDN: " + entryDN, e);
}
throw new AMException(token, "460");
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createAMTemplate() Unable" + " to create AMTemplate for: " + serviceName + " & entryDN: " + entryDN, e);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("459", locale), "459", args, e);
} catch (Exception e) {
if (debug.warningEnabled())
debug.warning("DirectoryServicesImpl.createAMTemplate", e);
throw new AMException(token, "451");
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createEntry.
/**
* Create an entry in the Directory
*
* @param token
* SSOToken
* @param entryName
* name of the entry (naming value), e.g. "sun.com", "manager"
* @param objectType
* Profile Type, ORGANIZATION, AMObject.ROLE, AMObject.USER, etc.
* @param parentDN
* the parent DN
* @param attributes
* the initial attribute set for creation
*/
public void createEntry(SSOToken token, String entryName, int objectType, String parentDN, Map attributes) throws AMEntryExistsException, AMException, SSOException {
try {
if (entryName == null || entryName.length() == 0) {
throw new AMException(token, "320");
} else if (parentDN == null) {
throw new AMException(token, "322");
}
// tmpDN to be used only when validating since the method
// expects a DN.
String tmpDN = getNamingAttribute(objectType) + "=" + entryName + "," + parentDN;
validateAttributeUniqueness(tmpDN, objectType, true, attributes);
// Get handle to the parent object
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(parentDN));
switch(objectType) {
case AMObject.USER:
createUser(token, po, attributes, entryName);
break;
case AMObject.MANAGED_ROLE:
case // same as MANAGED ROLE
AMObject.ROLE:
createRole(token, po, attributes, entryName);
break;
case AMObject.ORGANIZATION:
createOrganization(token, po, attributes, entryName);
break;
case AMObject.STATIC_GROUP:
case AMObject.GROUP:
createGroup(token, po, attributes, entryName);
break;
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
createAssignDynamicGroup(token, po, attributes, entryName);
break;
case AMObject.DYNAMIC_GROUP:
createDynamicGroup(token, po, attributes, entryName);
break;
case AMObject.PEOPLE_CONTAINER:
createPeopleContainer(po, attributes, entryName);
break;
case AMObject.ORGANIZATIONAL_UNIT:
createOrganizationalUnit(token, po, attributes, entryName);
break;
case AMObject.GROUP_CONTAINER:
createGroupContainer(po, attributes, entryName);
break;
case AMObject.FILTERED_ROLE:
createFilteredRole(token, po, attributes, entryName);
break;
case AMObject.RESOURCE:
createResource(po, attributes, entryName);
break;
case AMObject.UNDETERMINED_OBJECT_TYPE:
case AMObject.UNKNOWN_OBJECT_TYPE:
throw new AMException(token, "326");
default:
// Supported generic type
createEntity(token, po, objectType, attributes, entryName);
}
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() " + "Insufficient access rights to create entry: " + entryName, e);
}
throw new AMException(token, "460");
} catch (EntryAlreadyExistsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() Entry: " + entryName + "already exists: ", e);
}
String msgid = getEntryExistsMsgID(objectType);
String name = getEntryName(e);
Object[] args = { name };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntry() Unable to " + "create entry: " + entryName, e);
}
throw new AMException(token, "324", e);
}
}
Aggregations