Example 31 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createPeopleContainer.
private void createPeopleContainer(PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.PEOPLE_CONTAINER), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicPeopleContainer", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
com.iplanet.ums.PeopleContainer pc = new PeopleContainer(creationTemp, attrSet);
parentObj.addChild(pc);
}
Also used :
CreationTemplate(com.iplanet.ums.CreationTemplate)
PeopleContainer(com.iplanet.ums.PeopleContainer)
TemplateManager(com.iplanet.ums.TemplateManager)
PeopleContainer(com.iplanet.ums.PeopleContainer)
Guid(com.iplanet.ums.Guid)
AttrSet(com.iplanet.services.ldap.AttrSet)
Example 32 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getAttributesFromDS.
/**
* Gets the specific attributes corresponding to the entryDN. This method
* obtains the DC Tree node attributes and also performs compliance related
* verification checks in compliance mode. Note: In compliance mode you can
* skip the compliance checks by setting ignoreCompliance to "false".
*
* @param token
* a valid SSOToken
* @param entryDN
* the DN of the entry whose attributes need to retrieved
* @param attrNames
* a Set of names of the attributes that need to be retrieved.
* The attrNames should not be null.
* @param ignoreCompliance
* a boolean value specificying if compliance related entries
* need to ignored or not. Ignored if true.
* @return a Map containing attribute names as keys and Set of values
* corresponding to each key.
* @throws AMException
* if an error is encountered in fetching the attributes
*/
public Map getAttributesFromDS(SSOToken token, String entryDN, Set attrNames, boolean ignoreCompliance, boolean byteValues, int profileType) throws AMException, SSOException {
if (attrNames == null) {
return getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);
}
try {
// Convert the attrNames to String[]
String[] names = (String[]) attrNames.toArray(new String[attrNames.size()]);
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
// Perform compliance related checks
AttrSet attrSet;
if (!ignoreCompliance && ComplianceServicesImpl.isComplianceUserDeletionEnabled()) {
// check for deleted user by getting complaince attributes
attrSet = complianceImpl.verifyAndGetAttributes(po, names);
} else {
attrSet = po.getAttributes(names);
}
AMHashMap attributes = (AMHashMap) CommonUtils.attrSetToMap(attrSet, byteValues);
// Obtain DC tree attributes if applicable
Map dcAttributes = getDCTreeAttributes(token, entryDN, attrNames, byteValues, profileType);
attributes.copy(dcAttributes);
return attributes;
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.getAttributes(): " + "Unable to get attributes: ", e);
}
// Extract the ldap error code from Exception
throw new AMException(token, "330", e);
}
}
Also used :
UMSException(com.iplanet.ums.UMSException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
PersistentObject(com.iplanet.ums.PersistentObject)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
AttrSet(com.iplanet.services.ldap.AttrSet)
Example 33 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class LocalLdapAuthModule method getDN.
private String getDN(String uid) throws LoginException {
String retVal = "";
if (uid == null) {
throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
}
if (LDAPUtils.isDN(uid)) {
return uid;
}
String namingAttribute = UIDATTR;
try {
String orgName = (String) options.get(LoginContext.ORGNAME);
if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
// Use orgname only if it a DN, else baseDN
orgName = baseDN;
}
if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
}
} catch (Exception e) {
// Ignore the exception and use the default naming attribute
}
StringBuilder filter = new StringBuilder();
filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
String[] attrs = { "noAttr" };
ConnectionEntryReader results = null;
try {
// Read the serverconfig.xml for LDAP information
if (!readServerConfiguration) {
readServerConfig();
}
if (conn == null) {
debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
throw (new LoginException("INVALID_USER_NAME"));
} else {
results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
}
if (results.hasNext()) {
SearchResultEntry entry = results.readEntry();
retVal = entry.getName().toString();
}
if (retVal == null || retVal.equals("")) {
throw new LoginException("INVALID_USER_NAME");
}
return retVal;
} catch (LdapException | SearchResultReferenceIOException ex) {
throw new LoginException(ex.getMessage());
} finally {
IOUtils.closeIfNotNull(conn);
conn = null;
}
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
LoginException(javax.security.auth.login.LoginException)
Guid(com.iplanet.ums.Guid)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
LoginException(javax.security.auth.login.LoginException)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 34 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class CommonUtils method toGuidArray.
/**
* Convert a Set to Guid object array
*
* @param set
* the Set to be converted
* @return an array of Guid[] objects
*/
protected static Guid[] toGuidArray(Set set) {
Object[] obj = set.toArray();
Guid[] ss = new Guid[obj.length];
for (int i = 0; i < obj.length; i++) {
ss[i] = new Guid((String) obj[i]);
}
return ss;
}
Also used :
Guid(com.iplanet.ums.Guid)
Example 35 with Guid
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkGroupToRole.
/**
* Method which verifies if the <code>groupDN</code> corresponds to an
* administrative role. If true then the members listed in
* <Code>membersGuid</Code> are added to the admin role.
*
* @param token
* SSO Token
* @param membersGuid
* Guid array of members to be operated on
* @param groupDN
* DN of the role
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
// Obtain the role corresponding to groupDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
}
try {
// Add the members to corresponding group.
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
role.addMembers(membersGuid);
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "771", args);
}
}
}
Also used :
UMSException(com.iplanet.ums.UMSException)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
AMException(com.iplanet.am.sdk.AMException)
DN(org.forgerock.opendj.ldap.DN)
Guid(com.iplanet.ums.Guid)
ManagedRole(com.iplanet.ums.ManagedRole)
Aggregations
Guid (com.iplanet.ums.Guid)63
UMSException (com.iplanet.ums.UMSException)41
AMException (com.iplanet.am.sdk.AMException)33
PersistentObject (com.iplanet.ums.PersistentObject)29
AttrSet (com.iplanet.services.ldap.AttrSet)23
Attr (com.iplanet.services.ldap.Attr)16
CreationTemplate (com.iplanet.ums.CreationTemplate)13
TemplateManager (com.iplanet.ums.TemplateManager)13
EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)11
AccessRightsException (com.iplanet.ums.AccessRightsException)10
AssignableDynamicGroup (com.iplanet.ums.AssignableDynamicGroup)9
DomainComponentTree (com.iplanet.ums.dctree.DomainComponentTree)8
AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)6
EntryAlreadyExistsException (com.iplanet.ums.EntryAlreadyExistsException)6
SearchResults (com.iplanet.ums.SearchResults)6
DN (org.forgerock.opendj.ldap.DN)6
LdapException (org.forgerock.opendj.ldap.LdapException)6
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)5
ManagedRole (com.iplanet.ums.ManagedRole)5
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)5
