Search in sources :

Example 6 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method doDelete.

private void doDelete(User user, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
    boolean isExternal = false;
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    String dn = null;
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), new String[] { "1.1" }, false);
    if (!res.hasMore()) {
        if (this.supportExternalUsers) {
            LDAPEntry entry = getMyVDUser(filter);
            if (entry == null) {
                StringBuffer b = new StringBuffer("User does not exist ").append(user.getUserID());
                throw new ProvisioningException(b.toString());
            } else {
                dn = entry.getDN();
                isExternal = true;
            }
        } else {
            StringBuffer b = new StringBuffer();
            b.append("User does not exist ").append(user.getUserID());
            throw new ProvisioningException(b.toString());
        }
    } else {
        try {
            dn = res.next().getDN();
            while (res.hasMore()) res.next();
        } catch (LDAPReferralException e) {
        }
    }
    if (dn == null) {
        if (this.supportExternalUsers) {
            LDAPEntry entry = getMyVDUser(filter);
            if (entry == null) {
                StringBuffer b = new StringBuffer();
                b.append("User does not exist ").append(user.getUserID());
                throw new ProvisioningException(b.toString());
            } else {
                dn = entry.getDN();
                isExternal = true;
            }
        } else {
            StringBuffer b = new StringBuffer();
            b.append("User does not exist ").append(user.getUserID());
            throw new ProvisioningException(b.toString());
        }
    }
    if (!isExternal) {
        con.delete(dn);
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "dn", dn);
    } else {
        for (String groupName : user.getGroups()) {
            StringBuffer b = new StringBuffer();
            b.append("(CN=").append(groupName).append(")");
            res = con.search(this.searchBase, LDAPConnection.SCOPE_SUB, b.toString(), new String[] { "1.1" }, false);
            if (res.hasMore()) {
                LDAPEntry entry = res.next();
                if (entry != null) {
                    String groupdn = entry.getDN();
                    LDAPAttribute attr = new LDAPAttribute(this.externalGroupAttr, dn);
                    LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
                    con.modify(groupdn, mod);
                    this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, this.externalGroupAttr, groupdn);
                }
            }
        }
    }
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPAttribute(com.novell.ldap.LDAPAttribute) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPModification(com.novell.ldap.LDAPModification) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow)

Example 7 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method isGroupExists.

@Override
public boolean isGroupExists(String name, User user, Map<String, Object> request) throws ProvisioningException {
    try {
        LdapConnection con;
        try {
            con = this.ldapPool.getConnection();
        } catch (Exception e) {
            throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
        }
        try {
            logger.info("Looking for '" + name + "' - " + and(equal("objectClass", "group"), equal("cn", name)).toString());
            LDAPSearchResults res = con.getConnection().search(this.searchBase, 2, and(equal("objectClass", "group"), equal("cn", name)).toString(), new String[] { "1.1" }, false);
            if (!res.hasMore()) {
                logger.info("Not found");
                return false;
            } else {
                try {
                    LDAPEntry entry = res.next();
                } catch (LDAPReferralException e) {
                    logger.info("referral, skipping");
                    return false;
                }
            }
            return true;
        } finally {
            con.returnCon();
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not set user's password", e);
    }
}
Also used : LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LdapConnection(com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)

Example 8 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class ADProvider method doCreate.

private void doCreate(User user, String dn, LDAPAttributeSet attrs, LDAPConnection con, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        if (logger.isDebugEnabled()) {
            logger.debug("To Add : '" + attrs + "'");
        }
        con.add(new LDAPEntry(dn, attrs));
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "dn", dn);
        for (Object obj : attrs) {
            LDAPAttribute attr = (LDAPAttribute) obj;
            String[] vals = attr.getStringValueArray();
            for (String val : vals) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attr.getName(), val);
            }
        }
    } catch (LDAPException e) {
        StringBuffer b = new StringBuffer();
        b.append("Could not add user ").append(user.getUserID());
        throw new ProvisioningException(b.toString(), e);
    }
    if (this.createShadowAccounts) {
        StringBuffer password = new StringBuffer();
        GenPasswd gp = new GenPasswd(15);
        password.append('"').append(gp.getPassword()).append('"');
        byte[] unicodePwd;
        try {
            unicodePwd = password.toString().getBytes("UTF-16LE");
        } catch (UnsupportedEncodingException e) {
            throw new ProvisioningException("Could not generate password", e);
        }
        LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("unicodePwd", unicodePwd));
        try {
            con.modify(dn, mod);
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "unicodePwd", "*******");
        } catch (LDAPException e) {
            throw new ProvisioningException("Could not set password", e);
        }
        try {
            LDAPSearchResults res = con.search(dn, 0, "(objectClass=*)", new String[] { "userAccountControl" }, false);
            res.hasMore();
            LDAPEntry entry = res.next();
            LDAPAttribute attr = entry.getAttribute("userAccountControl");
            int val = Integer.parseInt(attr.getStringValue());
            if ((val & 2) == 2) {
                val -= 2;
            }
            if ((val & 65536) != 65536) {
                val += 65536;
            }
            mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("userAccountControl", Integer.toString(val)));
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userAccountControl", Integer.toString(val));
            con.modify(dn, mod);
        } catch (LDAPException e) {
            throw new ProvisioningException("Could not set userAccountControl", e);
        }
    }
    try {
        Iterator<String> groupNames = user.getGroups().iterator();
        while (groupNames.hasNext()) {
            String groupName = groupNames.next();
            StringBuffer b = new StringBuffer();
            b.append("(cn=").append(groupName).append(")");
            LDAPSearchResults res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
            if (!res.hasMore()) {
                b.setLength(0);
                b.append("Group ").append(groupName).append(" does not exist");
                throw new ProvisioningException(b.toString());
            }
            String groupDN = res.next().getDN();
            try {
                while (res.hasMore()) res.next();
            } catch (LDAPReferralException e) {
            }
            LDAPAttribute attr = new LDAPAttribute("member", dn);
            LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
            con.modify(groupDN, mod);
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
        }
    } catch (LDAPException e) {
        StringBuffer b = new StringBuffer();
        b.append("Could not provision groups for user ").append(user.getUserID());
        throw new ProvisioningException(b.toString(), e);
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) Workflow(com.tremolosecurity.provisioning.core.Workflow) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) LDAPModification(com.novell.ldap.LDAPModification) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 9 with LDAPReferralException

use of com.novell.ldap.LDAPReferralException in project OpenUnison by TremoloSecurity.

the class AzUtils method getApproverByDN.

public static Approvers getApproverByDN(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, String dn, boolean sendNotification) throws ProvisioningException {
    try {
        ArrayList<String> attrs = new ArrayList<String>();
        // attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
        LDAPEntry entry = null;
        try {
            LDAPSearchResults res = cfg.getMyVD().search(dn, 0, "(objectClass=*)", attrs);
            if (!res.hasMore()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Can not find '" + dn + "'");
                }
                return null;
            }
            entry = res.next();
        } catch (LDAPException e) {
            if (e.getResultCode() == 32) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Can not find '" + dn + "'");
                }
                return null;
            } else {
                throw e;
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Approver DN - " + entry.getDN());
            LDAPAttributeSet attrsx = entry.getAttributeSet();
            for (Object o : attrsx) {
                LDAPAttribute attrx = (LDAPAttribute) o;
                for (String val : attrx.getStringValueArray()) {
                    logger.debug("Approver Attribute '" + attrx.getName() + "'='" + val + "'");
                }
            }
        }
        String userID = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute()).getStringValue();
        if (entry.getAttribute("mail") == null) {
            StringBuffer b = new StringBuffer();
            b.append("No email address for ").append(dn);
            logger.warn(b.toString());
        } else {
            String mail = entry.getAttribute("mail").getStringValue();
            if (sendNotification) {
                cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
            }
        }
        return getApprover(approval, emailTemplate, cfg, session, userID, entry);
    } catch (LDAPReferralException le) {
        StringBuffer b = new StringBuffer();
        b.append("DN : '").append(dn).append("' not found");
        logger.warn(b.toString());
        return null;
    } catch (LDAPException le) {
        if (le.getResultCode() == 32) {
            StringBuffer b = new StringBuffer();
            b.append("DN : '").append(dn).append("' not found");
            logger.warn(b.toString());
            return null;
        } else {
            throw new ProvisioningException("could not create approver", le);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create approver", e);
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) User(com.tremolosecurity.provisioning.core.User) LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) ArrayList(java.util.ArrayList) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

LDAPEntry (com.novell.ldap.LDAPEntry)9 LDAPReferralException (com.novell.ldap.LDAPReferralException)9 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)9 LDAPAttribute (com.novell.ldap.LDAPAttribute)7 LDAPException (com.novell.ldap.LDAPException)5 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5 LDAPModification (com.novell.ldap.LDAPModification)4 User (com.tremolosecurity.provisioning.core.User)4 Workflow (com.tremolosecurity.provisioning.core.Workflow)3 ArrayList (java.util.ArrayList)3 LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)2 Attribute (com.tremolosecurity.saml.Attribute)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 SQLException (java.sql.SQLException)2 GenPasswd (com.tremolosecurity.provisioning.util.GenPasswd)1 LdapConnection (com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)1 IOException (java.io.IOException)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1