use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method isAncestorOrgDeleted.
/**
* Method which checks all the parent organizations of this entry till the
* base DN, and returns true if any one of them is deleted.
*
* @param token Single Sign On token of user.
* @param dn Distinguished name of the object.
* @param profileType the profile type of the object whose ancestor is
* being checked.
* @throws AMException if there are errors from data layer.
*/
public boolean isAncestorOrgDeleted(SSOToken token, String dn, int profileType) throws AMException {
if (debug.messageEnabled()) {
debug.message("Compliance.isAncestorOrgDeleted-> " + " checking from... " + dn);
}
String tdn = DN.valueOf(dn).toString().toLowerCase();
if ((profileType == AMObject.ORGANIZATION) && deletedOrg.containsKey(tdn)) {
if (((Boolean) deletedOrg.get(tdn)).booleanValue()) {
return true;
}
// else continue
}
if (profileType != AMObject.ORGANIZATION) {
tdn = DirectoryServicesFactory.getInstance().getOrganizationDN(internalToken, dn);
}
while (!tdn.equalsIgnoreCase(rootSuffix)) {
// Check to see if ancestor is in the cache deleted cache.
if (debug.messageEnabled()) {
debug.message("Compliance.isAncestorOrgDeleted-> " + "Checking for deleted status of " + tdn);
}
if (deletedOrg.containsKey(tdn)) {
return ((Boolean) deletedOrg.get(tdn)).booleanValue();
}
try {
PersistentObject po = UMSObject.getObject(internalToken, new Guid(tdn));
Attr attr = po.getAttribute(ORG_STATUS_ATTRIBUTE);
if (debug.messageEnabled() && (attr != null)) {
debug.message("Compliance.isAncestorOrgDeleted-> " + ORG_STATUS_ATTRIBUTE + "=" + attr.toString());
}
if (((attr != null) && (attr.size() != 0)) && attr.contains("deleted")) {
// Org is deleted
if (debug.messageEnabled()) {
debug.message("isAncestorOrgDeleted: caching org: " + tdn + " as deleted");
}
synchronized (deletedOrg) {
deletedOrg.put(tdn, Boolean.TRUE);
}
// who is deleted so return true.
return true;
} else {
if (debug.messageEnabled()) {
debug.message("isAncestorOrgDeleted: caching org: " + tdn + " as active");
}
synchronized (deletedOrg) {
deletedOrg.put(tdn, Boolean.FALSE);
}
}
} catch (UMSException umse) {
debug.error("Compliance.isAncestorOrgDeleted-> " + "UMSException", umse);
return false;
}
// continue till we reach the rootSuffix. any one of
// the ancestors could still be marked deleted.
tdn = DirectoryServicesFactory.getInstance().getOrganizationDN(token, dn);
}
// reached the rootsuffix. This will should never be marked deleted
return false;
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndUnLinkGroupToRole.
/**
* Method which verifies if the groupDN corresponds to an admin role. If
* true then the <Code> members </Code> are removed from the admin role.
*
* @param token Single Sign On Token.
* @param members Set of member DNs to be operated.
* @param groupDN Distinguished Name of the group.
* @throws AMException if unsuccessful in removing the members from the
* corresponding admin groups and updating the <code>memberOf</code>
* and <code>adminRole</code> attribute values to null.
*/
protected void verifyAndUnLinkGroupToRole(SSOToken token, Set members, String groupDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndUnlinkGroupToRole(): " + "Unlinking group: " + groupDN + " to role :" + roleDN);
}
// Remove the members from the admin role
Iterator itr = members.iterator();
try {
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
while (itr.hasNext()) {
String memberDN = (String) itr.next();
role.removeMember(new Guid(memberDN));
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndUnLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndUnLinkGroupToRole(): ", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "772", args);
}
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class ComplianceServicesImpl method checkIfDeletedUser.
/**
* Method which checks if the entry corresponding to userDN represents a
* deleted user entry (entry with inetuserstatus:deleted)
*
* @param token
* a SSOToken object
* @param userDN
* a String representing a user DN
*
* @exception AMEntryExistsException
* if the userDN corresponds to a deleted user
*/
protected void checkIfDeletedUser(SSOToken token, String userDN) throws AMEntryExistsException {
String[] userAttribute = { USER_STATUS_ATTRIBUTE };
Attr attr;
try {
PersistentObject po = UMSObject.getObject(token, new Guid(userDN), userAttribute);
attr = po.getAttribute(USER_STATUS_ATTRIBUTE);
} catch (UMSException ue) {
if (debug.messageEnabled())
debug.message("Compliance.checkIfDeletedUser(): ", ue);
return;
}
if (attr != null) {
String attrValue = attr.getValue();
if (attrValue != null && attrValue.equalsIgnoreCase("deleted")) {
debug.warning("Compliance.checkIfDeletedUser(): " + "deleted user entry: " + userDN);
throw new AMEntryExistsException(AMSDKBundle.getString("329"), "329");
}
}
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class MiscUtils method toGuidArray.
/**
* Convert a Set to Guid object array
*
* @param set
* the Set to be converted
* @return an array of Guid[] objects
*/
public static Guid[] toGuidArray(Set set) {
Object[] obj = set.toArray();
Guid[] ss = new Guid[obj.length];
for (int i = 0; i < obj.length; i++) {
ss[i] = new Guid((String) obj[i]);
}
return ss;
}
use of com.iplanet.ums.Guid in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeSubtree.
/**
* Private method used by "removeEntry" to delete an entire subtree
*/
private void removeSubtree(SSOToken token, String entryDN, boolean softDelete) throws AMException, SSOException {
int type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
Guid guid = new Guid(entryDN);
PersistentObject po = UMSObject.getObjectHandle(internalToken, guid);
// first get all the children of the object
SearchControl control = new SearchControl();
control.setSearchScope(SearchControl.SCOPE_SUB);
String searchFilter = "(|(objectclass=*)(objectclass=ldapsubEntry))";
List list = new ArrayList();
// get number of RDNs in the entry itself
int entryRDNs = DN.valueOf(entryDN).size();
// to count maximum level of RDNs in the search return
int maxRDNCount = entryRDNs;
// go through all search results, add DN to the list, and
// set the maximun RDN count, will be used to remove DNs
SearchResults children = po.getChildren(searchFilter, control);
while (children.hasMoreElements()) {
PersistentObject object = children.next();
DN dn = DN.valueOf(object.getDN());
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): " + "found child: " + object.getDN());
}
int count = dn.size();
if (count > maxRDNCount) {
maxRDNCount = count;
}
list.add(dn);
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): max " + "RDNs: " + maxRDNCount);
}
// go through all search results, delete entries from the
// bottom up, starting from entries whose's RDN count
// equals the maxRDNCount
// TODO : If the list has too many entries, then the multiple
// iteration in the inner for loop may be the bottleneck.
// One enhancement to the existing algorithm is to store all
// the entries by level in a different List. Per Sai's comments
int len = list.size();
for (int i = maxRDNCount; i >= entryRDNs; i--) {
for (int j = 0; j < len; j++) {
DN dn = (DN) list.get(j);
// check if we need delete it now
if (dn.size() == i) {
// remove the entry
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "removeEntry(): del " + dn.toString());
}
String rfcDN = dn.toString();
type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
type = getObjectType(internalToken, rfcDN);
} catch (AMException ae) {
// Not a managed type, just delete it.
Guid g = new Guid(rfcDN);
UMSObject.removeObject(token, g);
}
// Do a non-recursive delete
if (type != AMObject.UNKNOWN_OBJECT_TYPE && type != AMObject.UNDETERMINED_OBJECT_TYPE) {
try {
removeSingleEntry(token, rfcDN, type, softDelete);
} catch (AMPreCallBackException amp) {
debug.error("DirectoryServicesImpl." + "removeSubTree: Aborting delete of: " + rfcDN + " due to pre-callback exception", amp);
}
}
// remove the deleted entry from the list
list.remove(j);
// move back pointer, as current element is removed
j--;
// reduce list length
len--;
}
}
}
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.removeEntry() Insufficient " + "access rights to remove entry: " + entryDN, e);
throw new AMException(token, "460");
} catch (EntryNotFoundException e) {
String entry = getEntryName(e);
debug.error("DirectoryServicesImpl.removeEntry() Entry not found: " + entry, e);
String msgid = getEntryNotFoundMsgID(type);
Object[] args = { entry };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString(msgid, args, locale), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.removeEntry() Unable to remove: " + " Internal error occurred: ", e);
throw new AMException(token, "325", e);
}
}
Aggregations