use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createPeopleContainer.
private void createPeopleContainer(PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException {
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.PEOPLE_CONTAINER), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicPeopleContainer", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
com.iplanet.ums.PeopleContainer pc = new PeopleContainer(creationTemp, attrSet);
parentObj.addChild(pc);
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getAttributesFromDS.
/**
* Gets the specific attributes corresponding to the entryDN. This method
* obtains the DC Tree node attributes and also performs compliance related
* verification checks in compliance mode. Note: In compliance mode you can
* skip the compliance checks by setting ignoreCompliance to "false".
*
* @param token
* a valid SSOToken
* @param entryDN
* the DN of the entry whose attributes need to retrieved
* @param attrNames
* a Set of names of the attributes that need to be retrieved.
* The attrNames should not be null.
* @param ignoreCompliance
* a boolean value specificying if compliance related entries
* need to ignored or not. Ignored if true.
* @return a Map containing attribute names as keys and Set of values
* corresponding to each key.
* @throws AMException
* if an error is encountered in fetching the attributes
*/
public Map getAttributesFromDS(SSOToken token, String entryDN, Set attrNames, boolean ignoreCompliance, boolean byteValues, int profileType) throws AMException, SSOException {
if (attrNames == null) {
return getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);
}
try {
// Convert the attrNames to String[]
String[] names = (String[]) attrNames.toArray(new String[attrNames.size()]);
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
// Perform compliance related checks
AttrSet attrSet;
if (!ignoreCompliance && ComplianceServicesImpl.isComplianceUserDeletionEnabled()) {
// check for deleted user by getting complaince attributes
attrSet = complianceImpl.verifyAndGetAttributes(po, names);
} else {
attrSet = po.getAttributes(names);
}
AMHashMap attributes = (AMHashMap) CommonUtils.attrSetToMap(attrSet, byteValues);
// Obtain DC tree attributes if applicable
Map dcAttributes = getDCTreeAttributes(token, entryDN, attrNames, byteValues, profileType);
attributes.copy(dcAttributes);
return attributes;
} catch (UMSException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.getAttributes(): " + "Unable to get attributes: ", e);
}
// Extract the ldap error code from Exception
throw new AMException(token, "330", e);
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class LocalLdapAuthModule method getDN.
private String getDN(String uid) throws LoginException {
String retVal = "";
if (uid == null) {
throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
}
if (LDAPUtils.isDN(uid)) {
return uid;
}
String namingAttribute = UIDATTR;
try {
String orgName = (String) options.get(LoginContext.ORGNAME);
if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
// Use orgname only if it a DN, else baseDN
orgName = baseDN;
}
if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
}
} catch (Exception e) {
// Ignore the exception and use the default naming attribute
}
StringBuilder filter = new StringBuilder();
filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
String[] attrs = { "noAttr" };
ConnectionEntryReader results = null;
try {
// Read the serverconfig.xml for LDAP information
if (!readServerConfiguration) {
readServerConfig();
}
if (conn == null) {
debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
throw (new LoginException("INVALID_USER_NAME"));
} else {
results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
}
if (results.hasNext()) {
SearchResultEntry entry = results.readEntry();
retVal = entry.getName().toString();
}
if (retVal == null || retVal.equals("")) {
throw new LoginException("INVALID_USER_NAME");
}
return retVal;
} catch (LdapException | SearchResultReferenceIOException ex) {
throw new LoginException(ex.getMessage());
} finally {
IOUtils.closeIfNotNull(conn);
conn = null;
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class CommonUtils method toGuidArray.
/**
* Convert a Set to Guid object array
*
* @param set
* the Set to be converted
* @return an array of Guid[] objects
*/
protected static Guid[] toGuidArray(Set set) {
Object[] obj = set.toArray();
Guid[] ss = new Guid[obj.length];
for (int i = 0; i < obj.length; i++) {
ss[i] = new Guid((String) obj[i]);
}
return ss;
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkGroupToRole.
/**
* Method which verifies if the <code>groupDN</code> corresponds to an
* administrative role. If true then the members listed in
* <Code>membersGuid</Code> are added to the admin role.
*
* @param token
* SSO Token
* @param membersGuid
* Guid array of members to be operated on
* @param groupDN
* DN of the role
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
// Obtain the role corresponding to groupDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
}
try {
// Add the members to corresponding group.
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
role.addMembers(membersGuid);
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "771", args);
}
}
}
Aggregations