use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkRoleToGroup.
/**
* Method which verifies if the <code>roleDN</code> corresponds to an
* admin role. If true the <code>memberOf</code> and
* <code>adminRole</code> attributes of each member/user are set to the
* corresponding administration <code>groupDN</code> and administration
* <code>groupRDN</code> respectively. Each of the members/users are also
* added to the corresponding admin group.
*
* @param token
* single sign on token.
* @param membersGuid
* Guid array of members to be operated on.
* @param roleDN
* distinguished name of the role.
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkRoleToGroup(SSOToken token, Guid[] membersGuid, String roleDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(roleDN);
String groupName = getGroupFromRoleDN(dn);
if (groupName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().toString();
String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
try {
// Add the members to corresponding group.
AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
group.addMembers(membersGuid);
Attr[] attrs = new Attr[1];
attrs[0] = new Attr("adminrole", groupRDN);
AttrSet attrSet = new AttrSet(attrs);
int numMembers = membersGuid.length;
for (int i = 0; i < numMembers; i++) {
addAttributesToEntry(token, membersGuid[i].getDn(), attrSet);
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkRoleToGroup: " + "Admin groups are missing");
} catch (UMSException ue) {
debug.error("Compliance." + "verifyAndLinkRoleToGroup(): ", ue);
throw new AMException(AMSDKBundle.getString("771"), "771");
}
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createDynamicGroup.
private void createDynamicGroup(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
// Invoke the Pre Process plugin
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
String entryDN = getNamingAttribute(AMObject.GROUP) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.DYNAMIC_GROUP, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.DYNAMIC_GROUP), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicDynamicGroup", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
com.iplanet.ums.DynamicGroup dgroup = new com.iplanet.ums.DynamicGroup(creationTemp, attrSet);
String filter = dgroup.getSearchFilter();
if ("(objectClass=*)".equalsIgnoreCase(filter)) {
dgroup.setSearchFilter(SearchFilterManager.getSearchFilter(AMObject.USER, orgDN));
}
dgroup.setSearchScope(SearchScope.WHOLE_SUBTREE.intValue());
dgroup.setSearchBase(new Guid(orgDN));
parentObj.addChild(dgroup);
// Invoke Post processing impls
callBackHelper.postProcess(token, dgroup.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.DYNAMIC_GROUP, false);
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method modifyGroupMembership.
private void modifyGroupMembership(SSOToken token, String target, Set members, int operation, int profileType) throws UMSException, AMException {
StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(target));
// Make call backs to the plugins to let them know modification
// to role membership.
// Since this target cannot be an Org. Get the parent
String parentDN = group.getParentGuid().getDn();
String orgDN = getOrganizationDN(token, parentDN);
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
members = callBackHelper.preProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
if (members == null || members.isEmpty()) {
return;
}
}
switch(operation) {
case ADD_MEMBER:
group.addMembers(CommonUtils.toGuidArray(members));
updateUserAttribute(token, members, target, true);
break;
case REMOVE_MEMBER:
// UMS does not have Role.removerMembers : TBD
Object[] entries = members.toArray();
for (int i = 0; i < entries.length; i++) {
group.removeMember(new Guid((String) entries[i]));
}
updateUserAttribute(token, members, target, false);
break;
default:
throw new AMException(token, "114");
}
// role membership.
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
// Here the new members are just the ones added not the complete Set
callBackHelper.postProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getGroupFilterAndScope.
// ##########Group and role related APIs
/**
* Returns an array containing the dynamic group's scope, base dn, and
* filter.
*/
public String[] getGroupFilterAndScope(SSOToken token, String entryDN, int profileType) throws SSOException, AMException {
String[] result = new String[3];
int scope;
String base;
String gfilter;
try {
DynamicGroup dg = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
scope = dg.getSearchScope();
base = dg.getSearchBase().getDn();
gfilter = dg.getSearchFilter();
result[0] = Integer.toString(scope);
result[1] = base;
result[2] = gfilter;
} catch (EntryNotFoundException e) {
debug.error("AMGroupImpl.searchUsers", e);
String msgid = getEntryNotFoundMsgID(profileType);
String expectionEntryName = getEntryName(e);
Object[] args = { expectionEntryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
debug.message("AMGroupImpl.searchUsers", e);
throw new AMException(AMSDKBundle.getString("341"), "341", e);
}
return result;
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method search.
// RENAME from searchUsingSearchControl => search()
/**
* Search the Directory
*
* @param token
* SSOToken
* @param entryDN
* DN of the entry to start the search with
* @param searchFilter
* search filter
* @param searchControl
* search control defining the VLV indexes and search scope
* @param attrNames
* name of attributes
* @return Set set of matching DNs
*/
public AMSearchResults search(SSOToken token, String entryDN, String searchFilter, SearchControl searchControl, String[] attrNames) throws AMException {
AMSearchResults amResults = null;
try {
SortKey[] skeys = searchControl.getSortKeys();
SortKey skey = null;
if (skeys != null && skeys.length > 0 && skeys[0].attributeName != null) {
skey = skeys[0];
}
String userLocale = CommonUtils.getUserLocale(token);
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.search() search with " + "searchcontrol locale = " + userLocale);
}
Collator collator = Collator.getInstance(Locale.getLocale(userLocale));
SearchControl sc;
if (skey != null) {
sc = new SearchControl();
sc.setMaxResults(searchControl.getMaxResults());
sc.setSearchScope(searchControl.getSearchScope());
sc.setTimeOut(searchControl.getTimeOut());
} else {
sc = searchControl;
}
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
SearchResults results;
if (attrNames == null) {
if (skey == null) {
results = po.search(searchFilter, sc);
} else {
String[] tmpAttrNames = { skey.attributeName };
results = po.search(searchFilter, tmpAttrNames, sc);
}
} else {
if (skey == null) {
results = po.search(searchFilter, attrNames, sc);
} else {
String[] tmpAttrNames = new String[attrNames.length + 1];
System.arraycopy(attrNames, 0, tmpAttrNames, 0, attrNames.length);
tmpAttrNames[attrNames.length] = skey.attributeName;
results = po.search(searchFilter, tmpAttrNames, sc);
}
}
amResults = getSearchResults(results, skey, attrNames, collator, sc.isGetAllReturnAttributesEnabled());
} catch (UMSException ue) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.search() with search " + "control entryDN: " + entryDN + " Search Filter: " + searchFilter + " Error occurred: ", ue);
}
processInternalException(token, ue, "341");
}
return amResults;
}
Aggregations