use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.
the class ADProvider method doDelete.
private void doDelete(User user, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
boolean isExternal = false;
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
String dn = null;
Workflow workflow = (Workflow) request.get("WORKFLOW");
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
if (this.supportExternalUsers) {
LDAPEntry entry = getMyVDUser(filter);
if (entry == null) {
StringBuffer b = new StringBuffer("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
} else {
dn = entry.getDN();
isExternal = true;
}
} else {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
}
} else {
try {
dn = res.next().getDN();
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
}
if (dn == null) {
if (this.supportExternalUsers) {
LDAPEntry entry = getMyVDUser(filter);
if (entry == null) {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
} else {
dn = entry.getDN();
isExternal = true;
}
} else {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
}
}
if (!isExternal) {
con.delete(dn);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "dn", dn);
} else {
for (String groupName : user.getGroups()) {
StringBuffer b = new StringBuffer();
b.append("(CN=").append(groupName).append(")");
res = con.search(this.searchBase, LDAPConnection.SCOPE_SUB, b.toString(), new String[] { "1.1" }, false);
if (res.hasMore()) {
LDAPEntry entry = res.next();
if (entry != null) {
String groupdn = entry.getDN();
LDAPAttribute attr = new LDAPAttribute(this.externalGroupAttr, dn);
LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
con.modify(groupdn, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, this.externalGroupAttr, groupdn);
}
}
}
}
}
use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.
the class ADProvider method isGroupExists.
@Override
public boolean isGroupExists(String name, User user, Map<String, Object> request) throws ProvisioningException {
try {
LdapConnection con;
try {
con = this.ldapPool.getConnection();
} catch (Exception e) {
throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
}
try {
logger.info("Looking for '" + name + "' - " + and(equal("objectClass", "group"), equal("cn", name)).toString());
LDAPSearchResults res = con.getConnection().search(this.searchBase, 2, and(equal("objectClass", "group"), equal("cn", name)).toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
logger.info("Not found");
return false;
} else {
try {
LDAPEntry entry = res.next();
} catch (LDAPReferralException e) {
logger.info("referral, skipping");
return false;
}
}
return true;
} finally {
con.returnCon();
}
} catch (Exception e) {
throw new ProvisioningException("Could not set user's password", e);
}
}
use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.
the class ADProvider method doCreate.
private void doCreate(User user, String dn, LDAPAttributeSet attrs, LDAPConnection con, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
if (logger.isDebugEnabled()) {
logger.debug("To Add : '" + attrs + "'");
}
con.add(new LDAPEntry(dn, attrs));
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "dn", dn);
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
String[] vals = attr.getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attr.getName(), val);
}
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not add user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
if (this.createShadowAccounts) {
StringBuffer password = new StringBuffer();
GenPasswd gp = new GenPasswd(15);
password.append('"').append(gp.getPassword()).append('"');
byte[] unicodePwd;
try {
unicodePwd = password.toString().getBytes("UTF-16LE");
} catch (UnsupportedEncodingException e) {
throw new ProvisioningException("Could not generate password", e);
}
LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("unicodePwd", unicodePwd));
try {
con.modify(dn, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "unicodePwd", "*******");
} catch (LDAPException e) {
throw new ProvisioningException("Could not set password", e);
}
try {
LDAPSearchResults res = con.search(dn, 0, "(objectClass=*)", new String[] { "userAccountControl" }, false);
res.hasMore();
LDAPEntry entry = res.next();
LDAPAttribute attr = entry.getAttribute("userAccountControl");
int val = Integer.parseInt(attr.getStringValue());
if ((val & 2) == 2) {
val -= 2;
}
if ((val & 65536) != 65536) {
val += 65536;
}
mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("userAccountControl", Integer.toString(val)));
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userAccountControl", Integer.toString(val));
con.modify(dn, mod);
} catch (LDAPException e) {
throw new ProvisioningException("Could not set userAccountControl", e);
}
}
try {
Iterator<String> groupNames = user.getGroups().iterator();
while (groupNames.hasNext()) {
String groupName = groupNames.next();
StringBuffer b = new StringBuffer();
b.append("(cn=").append(groupName).append(")");
LDAPSearchResults res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
b.setLength(0);
b.append("Group ").append(groupName).append(" does not exist");
throw new ProvisioningException(b.toString());
}
String groupDN = res.next().getDN();
try {
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
LDAPAttribute attr = new LDAPAttribute("member", dn);
LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
con.modify(groupDN, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not provision groups for user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
}
use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.
the class AzUtils method getApproverByDN.
public static Approvers getApproverByDN(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, String dn, boolean sendNotification) throws ProvisioningException {
try {
ArrayList<String> attrs = new ArrayList<String>();
// attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
LDAPEntry entry = null;
try {
LDAPSearchResults res = cfg.getMyVD().search(dn, 0, "(objectClass=*)", attrs);
if (!res.hasMore()) {
if (logger.isDebugEnabled()) {
logger.debug("Can not find '" + dn + "'");
}
return null;
}
entry = res.next();
} catch (LDAPException e) {
if (e.getResultCode() == 32) {
if (logger.isDebugEnabled()) {
logger.debug("Can not find '" + dn + "'");
}
return null;
} else {
throw e;
}
}
if (logger.isDebugEnabled()) {
logger.debug("Approver DN - " + entry.getDN());
LDAPAttributeSet attrsx = entry.getAttributeSet();
for (Object o : attrsx) {
LDAPAttribute attrx = (LDAPAttribute) o;
for (String val : attrx.getStringValueArray()) {
logger.debug("Approver Attribute '" + attrx.getName() + "'='" + val + "'");
}
}
}
String userID = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute()).getStringValue();
if (entry.getAttribute("mail") == null) {
StringBuffer b = new StringBuffer();
b.append("No email address for ").append(dn);
logger.warn(b.toString());
} else {
String mail = entry.getAttribute("mail").getStringValue();
if (sendNotification) {
cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
}
}
return getApprover(approval, emailTemplate, cfg, session, userID, entry);
} catch (LDAPReferralException le) {
StringBuffer b = new StringBuffer();
b.append("DN : '").append(dn).append("' not found");
logger.warn(b.toString());
return null;
} catch (LDAPException le) {
if (le.getResultCode() == 32) {
StringBuffer b = new StringBuffer();
b.append("DN : '").append(dn).append("' not found");
logger.warn(b.toString());
return null;
} else {
throw new ProvisioningException("could not create approver", le);
}
} catch (Exception e) {
throw new ProvisioningException("Could not create approver", e);
}
}
Aggregations