Example 11 with UMSException
use of com.iplanet.ums.UMSException in project OpenAM by OpenRock.
the class DCTreeServicesImpl method setDomainAttributes.
protected void setDomainAttributes(SSOToken token, String orgDN, AttrSet attrSet) throws AMException {
String domainName = null;
try {
domainName = getCanonicalDomain(token, orgDN);
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
if (domainName == null) {
if (debug.messageEnabled()) {
debug.message("DCTree.setDomainAttrs: " + "No domain found for org : " + orgDN);
}
return;
}
DomainComponent dcNode = dcTree.getDomainComponent(domainName);
if (attrSet != null) {
if (debug.messageEnabled()) {
debug.message("DCTree.setDomainAttrs: " + " setting attributes on domain " + domainName + ": " + attrSet.toString());
}
Attr ocAttr = attrSet.getAttribute("objectclass");
if (ocAttr != null) {
Attr oldOCAttr = dcNode.getAttribute("objectclass");
if (oldOCAttr != null) {
ocAttr.addValues(oldOCAttr.getStringValues());
}
if (debug.messageEnabled()) {
debug.message("DCTree.setDomainAttrs-> " + "objectclasses to be set " + ocAttr.toString());
}
if (ocAttr.size() == 0)
dcNode.modify(ocAttr, ModificationType.DELETE);
else
dcNode.modify(ocAttr, ModificationType.REPLACE);
dcNode.save();
attrSet.remove("objectclass");
}
int size = attrSet.size();
for (int i = 0; i < size; i++) {
Attr attr = attrSet.elementAt(i);
if (attr.size() == 0) {
// remove attribute
dcNode.modify(attr, ModificationType.DELETE);
} else {
// replace attribute
dcNode.modify(attr, ModificationType.REPLACE);
}
}
dcNode.save();
}
} catch (UMSException umse) {
debug.error("DCTree.setDomainAttributes: " + " error setting " + " attribute for domain " + domainName, umse);
}
}
Also used :
DomainComponent(com.iplanet.ums.dctree.DomainComponent)
UMSException(com.iplanet.ums.UMSException)
DomainComponentTree(com.iplanet.ums.dctree.DomainComponentTree)
Guid(com.iplanet.ums.Guid)
Attr(com.iplanet.services.ldap.Attr)
Example 12 with UMSException
use of com.iplanet.ums.UMSException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getMembers.
/**
* Get members for roles, dynamic group or static group
*
* @param token
* SSOToken
* @param entryDN
* DN of the role or group
* @param objectType
* objectType of the target object, AMObject.ROLE or
* AMObject.GROUP
* @return Set Member DNs
*/
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
try {
SearchResults results;
switch(objectType) {
case AMObject.ROLE:
case AMObject.MANAGED_ROLE:
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
results = role.getMemberIDs();
return searchResultsToSet(results);
case AMObject.FILTERED_ROLE:
FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
results = filteredRole.getMemberIDs();
return searchResultsToSet(results);
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
results = group.getMemberIDs();
return searchResultsToSet(results);
case AMObject.DYNAMIC_GROUP:
DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = dynamicGroup.getMemberIDs();
return searchResultsToSet(results);
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
// TODO: See if it works after removing this workaround
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = adgroup.getMemberIDs();
return searchResultsToSet(results);
default:
throw new AMException(token, "114");
}
} catch (EntryNotFoundException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
String msgid = getEntryNotFoundMsgID(objectType);
String entryName = getEntryName(e);
Object[] args = { entryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
LdapException le = (LdapException) e.getRootCause();
if (le != null) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
throw new AMException(token, "505", e);
}
}
throw new AMException(token, "454", e);
}
}
Also used :
DynamicGroup(com.iplanet.ums.DynamicGroup)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
UMSException(com.iplanet.ums.UMSException)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
SearchResults(com.iplanet.ums.SearchResults)
StaticGroup(com.iplanet.ums.StaticGroup)
ManagedRole(com.iplanet.ums.ManagedRole)
FilteredRole(com.iplanet.ums.FilteredRole)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
LdapException(org.forgerock.opendj.ldap.LdapException)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 13 with UMSException
use of com.iplanet.ums.UMSException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndUnLinkRoleToGroup.
/**
* Verifies if the <code>roleDN</code> corresponds to an admin role. If
* true the <code>memberOf</code> and <code>adminRole</code> attributes
* of each member/user are set to null. Each of the members/users are also
* removed to the corresponding admin group.
*
* @param token
* single sign on token.
* @param members
* Set of member distinguished name to be operated.
* @param roleDN
* distinguished name of the role.
* @exception AMException
* if unsuccessful in removing the members from the
* corresponding administrative groups and updating the
* <code>memberOf</code> and <code>adminRole</code>
* attribute values to null.
*/
protected void verifyAndUnLinkRoleToGroup(SSOToken token, Set members, String roleDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(roleDN);
String groupName = getGroupFromRoleDN(dn);
if (groupName != null) {
String orgDN = dn.parent().toString();
String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
// Delete the attributes memberOf & adminRole attribute values'
// corresponding to this groupDN.
Attr[] attrs = new Attr[1];
attrs[0] = new Attr("adminrole", groupRDN);
AttrSet attrSet = new AttrSet(attrs);
Iterator itr = members.iterator();
try {
AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
while (itr.hasNext()) {
String memberDN = (String) itr.next();
removeAttributesFromEntry(token, memberDN, attrSet);
group.removeMember(new Guid(memberDN));
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndUnLinkRoleToGroup: " + "Admin groups are missing");
} catch (UMSException ue) {
debug.error("Compliance." + "verifyAndUnLinkRoleToGroup(): ", ue);
throw new AMException(AMSDKBundle.getString("772"), "772");
}
}
}
Also used :
UMSException(com.iplanet.ums.UMSException)
Iterator(java.util.Iterator)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
AMException(com.iplanet.am.sdk.AMException)
DN(org.forgerock.opendj.ldap.DN)
Guid(com.iplanet.ums.Guid)
Attr(com.iplanet.services.ldap.Attr)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
AttrSet(com.iplanet.services.ldap.AttrSet)
Example 14 with UMSException
use of com.iplanet.ums.UMSException in project OpenAM by OpenRock.
the class DCTreeServicesImpl method updateCacheAndReturnDomain.
/**
* This is a private method to update cache
*/
private String updateCacheAndReturnDomain(SSOToken token, String canonOrgDN) throws AMException {
try {
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
SearchControl scontrol = new SearchControl();
scontrol.setSearchScope(SearchControl.SCOPE_SUB);
PersistentObject po = UMSObject.getObject(token, new Guid(DCTREE_START_DN));
String searchFilter = "(inetDomainBaseDN=" + canonOrgDN + ")";
if (debug.messageEnabled()) {
debug.message("DCTree.updateCache-> " + "searchFilter= " + searchFilter);
}
SearchResults results = po.search(searchFilter, null);
int count = 0;
String domainName = null;
String canonDomain = null;
while (results.hasMoreElements()) {
DomainComponent dcNode = (DomainComponent) results.next();
count++;
domainName = dcTree.mapDCToDomainName(dcNode);
if (debug.messageEnabled()) {
debug.message("DCTree:updateCache-> " + "domainName= " + domainName);
}
Attr isCanonical = dcNode.getAttribute(INET_CANONICAL_DOMAIN);
if (isCanonical != null) {
/*
* if (AMCacheManager.isCachingEnabled()) {
* synchronized(canonicalDomainMap) {
* canonicalDomainMap.put(canonOrgDN, domainName); } }
*/
canonDomain = domainName;
}
/*
* if (AMCacheManager.isCachingEnabled()) {
* synchronized(domainMap) { domainMap.put(canonOrgDN,
* domainName); } }
*/
}
results.abandon();
if (count == 1) {
canonDomain = domainName;
/*
* if (AMCacheManager.isCachingEnabled()) {
* canonicalDomainMap.put(canonOrgDN, domainName); }
*/
}
if (debug.messageEnabled()) {
debug.message("DCTree.updateCache-> " + "returning domain= " + canonDomain);
}
return canonDomain;
} catch (UMSException umse) {
debug.error("DCTree:updateCache: UMSException", umse);
return null;
}
}
Also used :
DomainComponent(com.iplanet.ums.dctree.DomainComponent)
UMSException(com.iplanet.ums.UMSException)
PersistentObject(com.iplanet.ums.PersistentObject)
DomainComponentTree(com.iplanet.ums.dctree.DomainComponentTree)
Guid(com.iplanet.ums.Guid)
SearchControl(com.iplanet.ums.SearchControl)
SearchResults(com.iplanet.ums.SearchResults)
Attr(com.iplanet.services.ldap.Attr)
Example 15 with UMSException
use of com.iplanet.ums.UMSException in project OpenAM by OpenRock.
the class DCTreeServicesImpl method getOrganizationDN.
/**
* Returns the organization DN matching the domain name
*
* @param token
* SSOToken
* @param domainName
* String representing domin name
* @return
* the organization dn
* @throws AMException
*/
public String getOrganizationDN(SSOToken token, String domainName) throws AMException {
try {
DomainComponentTree dcTree = new DomainComponentTree(token, new Guid(DCTREE_START_DN));
Hashtable domainToOrgTable = dcTree.getChildDomainIDs();
if (debug.messageEnabled()) {
debug.message("DCTree:getOrgDN-> domain=" + domainName);
}
return ((String) domainToOrgTable.get(domainName));
} catch (UMSException umse) {
// Deepa: Is there a localized property for 1000?
debug.error("DCTree:getOrganizationDN: " + "UMS Exception: ", umse);
throw new AMException(AMSDKBundle.getString("1000"), "1000");
}
}
Also used :
UMSException(com.iplanet.ums.UMSException)
Hashtable(java.util.Hashtable)
AMException(com.iplanet.am.sdk.AMException)
DomainComponentTree(com.iplanet.ums.dctree.DomainComponentTree)
Guid(com.iplanet.ums.Guid)
Aggregations
UMSException (com.iplanet.ums.UMSException)48
Guid (com.iplanet.ums.Guid)40
AMException (com.iplanet.am.sdk.AMException)31
PersistentObject (com.iplanet.ums.PersistentObject)24
AttrSet (com.iplanet.services.ldap.AttrSet)16
Attr (com.iplanet.services.ldap.Attr)14
EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)11
AccessRightsException (com.iplanet.ums.AccessRightsException)10
DomainComponentTree (com.iplanet.ums.dctree.DomainComponentTree)8
AssignableDynamicGroup (com.iplanet.ums.AssignableDynamicGroup)6
SearchResults (com.iplanet.ums.SearchResults)6
HashMap (java.util.HashMap)6
Map (java.util.Map)6
DN (org.forgerock.opendj.ldap.DN)6
AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)5
AMHashMap (com.iplanet.am.sdk.AMHashMap)5
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)5
EntryAlreadyExistsException (com.iplanet.ums.EntryAlreadyExistsException)5
TreeMap (java.util.TreeMap)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
