Example 1 with RepoSearchResults
use of com.sun.identity.idm.RepoSearchResults in project OpenAM by OpenRock.
the class AMSDKRepo method search.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean, int, int, java.util.Set)
*/
public RepoSearchResults search(SSOToken token, IdType type, String pattern, Map avPairs, boolean recursive, int maxResults, int maxTime, Set returnAttrs) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKRepo: search called" + type + ": " + pattern + ": " + avPairs);
}
String searchDN = orgDN;
int profileType = getProfileType(type);
if (type.equals(IdType.USER)) {
searchDN = "ou=" + getDefaultPeopleContainerName() + "," + orgDN;
} else if (type.equals(IdType.AGENT)) {
searchDN = "ou=" + getDefaultAgentContainerName() + "," + orgDN;
} else if (type.equals(IdType.GROUP)) {
searchDN = "ou=" + getDefaultGroupContainerName() + "," + orgDN;
}
// String avFilter = AMObjectImpl.constructFilter(avPairs);
AMSearchControl ctrl = new AMSearchControl();
ctrl.setMaxResults(maxResults);
ctrl.setTimeOut(maxTime);
ctrl.setSearchScope(AMConstants.SCOPE_ONE);
if (returnAttrs == null || returnAttrs.isEmpty()) {
ctrl.setAllReturnAttributes(true);
} else {
ctrl.setReturnAttributes(returnAttrs);
}
AMSearchResults results;
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
switch(profileType) {
case AMObject.USER:
AMPeopleContainer pc = amsc.getPeopleContainer(searchDN);
if (avPairs == null || avPairs.isEmpty()) {
results = pc.searchUsers(pattern, avPairs, ctrl);
} else {
// avPairs is being passed. Create an OR condition
// filter.
String avFilter = constructFilter(IdRepo.OR_MOD, avPairs);
results = pc.searchUsers(pattern, ctrl, avFilter);
}
if (recursive) {
// It could be an Auth
// search and if no matching user found then we need
// to do a scope-sub search
Set usersFound = results.getSearchResults();
if (usersFound == null || usersFound.isEmpty()) {
// matching is found.
if (avPairs == null || avPairs.isEmpty()) {
AMOrganization org = amsc.getOrganization(orgDN);
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
results = org.searchUsers(pattern, ctrl);
} else {
String avFilter = constructFilter(IdRepo.OR_MOD, avPairs);
AMOrganization org = amsc.getOrganization(orgDN);
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
results = org.searchUsers("*", ctrl, avFilter);
}
}
}
break;
case 100:
AMOrganizationalUnit ou = amsc.getOrganizationalUnit(searchDN);
results = ou.searchEntities(pattern, avPairs, null, ctrl);
// results = ou.searchEntities(pattern, ctrl, avFilter, null);
break;
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
AMGroupContainer gc = amsc.getGroupContainer(searchDN);
results = gc.searchGroups(pattern, avPairs, ctrl);
break;
case AMObject.ROLE:
AMOrganization org = amsc.getOrganization(searchDN);
results = org.searchRoles(pattern, ctrl);
break;
case AMObject.FILTERED_ROLE:
org = amsc.getOrganization(searchDN);
results = org.searchFilteredRoles(pattern, ctrl);
break;
default:
Object[] args = { CLASS_NAME, type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SEARCH_OPERATION_NOT_SUPPORTED, args);
}
} catch (AMException ame) {
debug.error("AMSDKRepo.search: Unable to perform search operation", ame);
;
throw IdUtils.convertAMException(ame);
}
return new RepoSearchResults(results.getSearchResults(), results.getErrorCode(), results.getResultAttributes(), type);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
Example 2 with RepoSearchResults
use of com.sun.identity.idm.RepoSearchResults in project OpenAM by OpenRock.
the class AMSDKRepo method search.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map)
*/
public RepoSearchResults search(SSOToken token, IdType type, String pattern, int maxTime, int maxResults, Set returnAttrs, boolean returnAllAttrs, int filterOp, Map avPairs, boolean recursive) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKRepo: search called" + type + ": " + pattern + ": " + avPairs);
}
String searchDN = orgDN;
int profileType = getProfileType(type);
if (type.equals(IdType.GROUP)) {
searchDN = "ou=" + getDefaultGroupContainerName() + "," + orgDN;
}
AMSearchControl ctrl = new AMSearchControl();
ctrl.setMaxResults(maxResults);
ctrl.setTimeOut(maxTime);
ctrl.setSearchScope(AMConstants.SCOPE_ONE);
if (returnAllAttrs) {
ctrl.setAllReturnAttributes(true);
} else {
if (returnAttrs != null && !returnAttrs.isEmpty()) {
ctrl.setReturnAttributes(returnAttrs);
}
}
AMSearchResults results;
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
switch(profileType) {
case AMObject.USER:
if (pcDN != null) {
if (!dataStoreRecursive) {
searchDN = pcDN;
} else {
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
}
} else {
if (!dataStoreRecursive) {
searchDN = "ou=" + getDefaultPeopleContainerName() + "," + orgDN;
} else {
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
}
}
AMPeopleContainer pc = amsc.getPeopleContainer(searchDN);
if (avPairs == null || avPairs.isEmpty()) {
results = pc.searchUsers(pattern, avPairs, ctrl);
} else {
// avPairs is being passed. Create an OR condition
// filter.
String avFilter = constructFilter(filterOp, avPairs);
results = pc.searchUsers(pattern, ctrl, avFilter);
}
break;
case 100:
// IdType is Agent.
if (agentDN != null) {
if (!dataStoreRecursive) {
searchDN = agentDN;
} else {
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
}
} else {
if (!dataStoreRecursive) {
searchDN = "ou=" + getDefaultAgentContainerName() + "," + orgDN;
} else {
ctrl.setSearchScope(AMConstants.SCOPE_SUB);
}
}
AMOrganizationalUnit ou = amsc.getOrganizationalUnit(searchDN);
// fix 6515502
if (avPairs == null || avPairs.isEmpty()) {
results = ou.searchEntities(pattern, avPairs, null, ctrl);
} else {
// avPairs is being passed. Create an OR condition
// filter.
String avFilter = constructFilter(filterOp, avPairs);
results = ou.searchEntities(pattern, ctrl, avFilter, null);
}
break;
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
AMGroupContainer gc = amsc.getGroupContainer(searchDN);
results = gc.searchStaticGroups(pattern, avPairs, ctrl);
break;
case AMObject.ROLE:
AMOrganization org = amsc.getOrganization(searchDN);
results = org.searchRoles(pattern, ctrl);
break;
case AMObject.FILTERED_ROLE:
org = amsc.getOrganization(searchDN);
results = org.searchFilteredRoles(pattern, ctrl);
break;
default:
Object[] args = { CLASS_NAME, type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SEARCH_OPERATION_NOT_SUPPORTED, args);
}
} catch (AMException ame) {
String amErrorCode = ame.getErrorCode();
if (!amErrorCode.equals("341")) {
debug.error("AMSDKRepo.search: Unable to perform search operation", ame);
}
if (profileType == 100 && amErrorCode.equals("341")) {
// then return empty results
return new RepoSearchResults(new HashSet(), RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
throw IdUtils.convertAMException(ame);
}
return new RepoSearchResults(results.getSearchResults(), results.getErrorCode(), results.getResultAttributes(), type);
}
Also used :
IdRepoException(com.sun.identity.idm.IdRepoException)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
HashSet(java.util.HashSet)
Example 3 with RepoSearchResults
use of com.sun.identity.idm.RepoSearchResults in project OpenAM by OpenRock.
the class DatabaseRepo method search.
/*
* Search for specific type of identities using a {@link CrestQuery}.
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map, boolean)
*
* @param token
* Single sign on token of identity performing the task. (Not Using)
* @param type
* Identity type of this object.
* @param crestQuery
* Either a string pattern to search for (possibly from a _queryId CREST endpoint parameter, or an
* _queryFilter from your REST endpoint). If a string, it can either be an id, for example a user's id.
* Or a * which means all. Or a string that contains *, eg. *ea* matching 'sean'. Wildcard searches can
* be modified as they are affected by other params like avPairs which add other conditions to the searches.
* @param maxTime
* maximum wait time for search. (Not Using)
* @param maxResults
* maximum records to return.
* @param returnAttrs
* Set of attribute names to return. If this is null, then all
* attributes will be fetched and returned. If empty then no attributes
* will be fetched and returned, and just the set of ids will be
* returned, and for each id it will have an empty set for values.
* @param returnAllAttrs
* flag specifies if should return all attributes for each id
* that matches search. This overrides the setting of returnAttrs, so if
* this flag is true then all attributes will be fetched and returned
* no matter what the value of returnAttrs parameter.
* @param filterOp
* filter condition. For example IdRepo.OR_MOD or IdRepo.AND_MOD and
* then the WHERE clause of SQL search will use this operand between
* the avPairs comparisons
* @param avPairs
* additional search conditions. For example, these would be added to
* the search query WHERE clause, like WHERE last_name = 'Jones' and
* you could use the attribute-value in the map for column last_name
* and value 'Jones'.
* @param recursive
* boolean to indicate recursive search? (Not Using)
*
* @return RepoSearchResults
* @throws IdRepoException If there are repository related error conditions.
* @throws SSOException If identity's single sign on token is invalid.
*/
@Override
public RepoSearchResults search(SSOToken token, IdType type, CrestQuery crestQuery, int maxTime, int maxResults, Set returnAttrs, boolean returnAllAttrs, int filterOp, Map avPairs, boolean recursive) throws IdRepoException, SSOException {
if (initializationException != null) {
debug.error("DatabaseRepo.search: throwing" + " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo:search called with :" + " token=" + token + " IdType=" + type + " crestQuery=" + crestQuery + " maxTime=" + maxTime + " maxResults=" + maxResults + " returnAttrs=" + returnAttrs + " filter= " + filterOp + " avPairs= " + avPairs + " recursive=" + recursive);
}
if (crestQuery.hasQueryId()) {
return search(token, type, crestQuery.getQueryId(), maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
}
// throw exception if this type user not allowed to do this
isValidType(type, "search");
if (maxResults < 1) {
maxResults = defaultSearchMaxResults;
if (debug.messageEnabled()) {
debug.message("DatabaseRepo:search changing value of maxResults to default, so now maxResults=" + maxResults);
}
}
//?? SHOULD THE RETURNED LIST BE ORDERED ????
// a set of Maps where each map is a user and their attributes
Map<String, Map<String, Set<String>>> users = new HashMap<>();
// determine the set of attributes to fetch from the database
Set<String> attributesToFetch = null;
if (returnAttrs == null) {
// to fetch all user attributes, need to pass in all attr names
if (type.equals(IdType.USER)) {
attributesToFetch = userAtttributesAllowed;
} else if (type.equals(IdType.GROUP)) {
// RFE: treat groupAttrsAllowed in same way as userAttributesAllowed
Set<String> groupAttrsAllowed = new HashSet<String>();
groupAttrsAllowed.add(membershipIdAttributeName);
attributesToFetch = groupAttrsAllowed;
}
} else if (returnAttrs.isEmpty()) {
// fetch just userIDs
attributesToFetch = new HashSet<String>();
if (type.equals(IdType.USER)) {
attributesToFetch.add(userIDAttributeName);
} else if (type.equals(IdType.GROUP)) {
attributesToFetch.add(membershipIdAttributeName);
}
} else {
attributesToFetch = returnAttrs;
}
// IdRepo.NO_MOD default is NONE
String filterOpString = "NONE";
if (filterOp == IdRepo.OR_MOD) {
filterOpString = "OR";
} else if (filterOp == IdRepo.AND_MOD) {
filterOpString = "AND";
}
if (type.equals(IdType.USER)) {
users = dao.search(userIDAttributeName, maxResults, crestQuery.getQueryFilter(), attributesToFetch, filterOpString, avPairs);
} else if (type.equals(IdType.GROUP)) {
users = dao.searchForGroups(membershipIdAttributeName, maxResults, crestQuery.getQueryId(), attributesToFetch, filterOpString, avPairs);
}
if (users == null) {
return new RepoSearchResults(Collections.EMPTY_SET, RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
if (users.isEmpty()) {
return new RepoSearchResults(Collections.EMPTY_SET, RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
Set allUserIds = users.keySet();
if (returnAttrs != null && returnAttrs.isEmpty()) {
// I believe that is this case, we should only return the userids
// and each Map is empty???
// Or should it be the user id and for
// each user id the Set of just useridattrname=value ????
// for now, just return userids and empty map
// throw away any fetched attrs for each userid, if any
users = new HashMap<String, Map<String, Set<String>>>();
// now set each id's value set to an empty set
for (Iterator<String> usersIt = allUserIds.iterator(); usersIt.hasNext(); ) {
users.put(usersIt.next(), Collections.EMPTY_MAP);
}
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.search: returning users= " + users);
}
return (new RepoSearchResults(allUserIds, RepoSearchResults.SUCCESS, users, type));
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with RepoSearchResults
use of com.sun.identity.idm.RepoSearchResults in project OpenAM by OpenRock.
the class SpecialRepo method search.
@Override
public RepoSearchResults search(SSOToken token, IdType type, CrestQuery crestQuery, int maxTime, int maxResults, Set<String> returnAttrs, boolean returnAllAttrs, int filterOp, Map<String, Set<String>> avPairs, boolean recursive) throws IdRepoException, SSOException {
if (crestQuery.hasQueryFilter()) {
throw new IdRepoException("SpecialRepo search does not support query filters");
}
Set userRes = new HashSet();
Map userAttrs = new HashMap();
int errorCode = RepoSearchResults.SUCCESS;
String pattern = crestQuery.getQueryId();
try {
if (type.equals(IdType.USER)) {
ServiceConfig userConfig = getUserConfig();
// Support aliasing for "uid" at least..
if (pattern.equals("*") && avPairs != null && !avPairs.isEmpty()) {
Set uidVals = (Set) avPairs.get("uid");
if (uidVals != null && !uidVals.isEmpty()) {
pattern = (String) uidVals.iterator().next();
} else {
// empty results
return new RepoSearchResults(Collections.EMPTY_SET, RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
}
// If wild card is used for pattern, do a search else a lookup
if (pattern.indexOf('*') != -1) {
userRes = userConfig.getSubConfigNames(pattern);
} else {
for (Iterator items = userConfig.getSubConfigNames().iterator(); items.hasNext(); ) {
String name = (String) items.next();
if (name.equalsIgnoreCase(pattern)) {
userRes.add(pattern);
break;
}
}
}
if (userRes != null) {
Iterator it = userRes.iterator();
while (it.hasNext()) {
String u = (String) it.next();
ServiceConfig thisUser = userConfig.getSubConfig(u);
Map attrs = thisUser.getAttributes();
// BugID: 6309830
if (u.equalsIgnoreCase(IdConstants.AMADMIN_USER) || u.equalsIgnoreCase(IdConstants.ANONYMOUS_USER)) {
// The passwords for these would
// be returned from LDAP
attrs.remove("userPassword");
}
// Add the AMSDK root suffix to the DN attribute
replaceDNAttributeIfPresent(attrs);
userAttrs.put(u, attrs);
}
}
return new RepoSearchResults(userRes, errorCode, userAttrs, type);
} else {
return new RepoSearchResults(Collections.EMPTY_SET, RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
} catch (SMSException smse) {
debug.error("SpecialRepo.search: Unable to retrieve entries: ", smse);
Object[] args = { NAME };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SEARCH_FAILED, args);
}
}
Also used :
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 5 with RepoSearchResults
use of com.sun.identity.idm.RepoSearchResults in project OpenAM by OpenRock.
the class FilesRepo method search.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map, boolean)
*/
public RepoSearchResults search(SSOToken token, IdType type, String pattern, int maxTime, int maxResults, Set returnAttrs, boolean returnAllAttrs, int filterOp, Map avPairs, boolean recursive) throws IdRepoException, SSOException {
if (initializationException != null) {
debug.error("FilesRepo.search: throwing initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
debug.message("FilesRepo:search pattern=" + pattern + " type=" + type + " returnAttrs=" + returnAttrs + " filter= " + filterOp + " matchAttrs= " + avPairs);
}
// Directory to start the search
File dir = new File(new File(directory), type.getName());
String[] files = dir.list(new FileRepoFileFilter(pattern));
if (files.length == 0) {
return new RepoSearchResults(Collections.EMPTY_SET, RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
}
// Check if attribute mapping has to be done
Set results = new HashSet();
if (avPairs != null && !avPairs.isEmpty()) {
for (int i = 0; i < files.length; i++) {
// Check if the attributes match
Map allAttrs = getAttributes(token, type, files[i]);
Set attrNames = new CaseInsensitiveHashSet();
attrNames.addAll(allAttrs.keySet());
boolean addResult = (filterOp == IdRepo.AND_MOD);
for (Iterator items = avPairs.keySet().iterator(); items.hasNext(); ) {
String attrName = (String) items.next();
Set attrValue = (Set) avPairs.get(attrName);
if ((attrValue == null) || attrValue.isEmpty() || attrValue.contains("*")) {
// Check if the attribute is present
if (attrNames.contains(attrName)) {
if (filterOp == IdRepo.OR_MOD) {
addResult = true;
break;
}
} else if (filterOp == IdRepo.AND_MOD) {
addResult = false;
break;
}
} else {
// Check if the values are present
Set matchValues = (Set) allAttrs.get(attrName);
if (matchValues != null && containsAttrValue(matchValues, attrValue)) {
if (filterOp == IdRepo.OR_MOD) {
addResult = true;
break;
}
} else if (filterOp == IdRepo.AND_MOD) {
addResult = false;
break;
}
}
}
if (addResult) {
results.add(files[i]);
}
}
} else {
results.addAll(Arrays.asList(files));
}
// Build RepoSearchResults
Map resultsWithAttrs = new HashMap();
for (Iterator items = results.iterator(); items.hasNext(); ) {
String item = (String) items.next();
if (returnAllAttrs || returnAttrs == null) {
resultsWithAttrs.put(item, getAttributes(token, type, item));
} else if (returnAttrs.isEmpty()) {
resultsWithAttrs.put(item, Collections.EMPTY_MAP);
} else {
resultsWithAttrs.put(item, getAttributes(token, type, item, returnAttrs));
}
}
if (debug.messageEnabled()) {
debug.message("FilesRepo:search results: " + results);
}
return (new RepoSearchResults(results, RepoSearchResults.SUCCESS, resultsWithAttrs, type));
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
Iterator(java.util.Iterator)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
File(java.io.File)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
RepoSearchResults (com.sun.identity.idm.RepoSearchResults)25
HashSet (java.util.HashSet)19
Set (java.util.Set)18
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)14
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)13
HashMap (java.util.HashMap)13
Map (java.util.Map)12
IdRepoException (com.sun.identity.idm.IdRepoException)11
Iterator (java.util.Iterator)11
CrestQuery (org.forgerock.openam.utils.CrestQuery)11
Test (org.testng.annotations.Test)7
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)4
NotificationSet (com.iplanet.services.comm.share.NotificationSet)3
SSOException (com.iplanet.sso.SSOException)3
IdRepo (com.sun.identity.idm.IdRepo)3
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)3
AMHashMap (com.iplanet.am.sdk.AMHashMap)2
SSOToken (com.iplanet.sso.SSOToken)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
IdSearchResults (com.sun.identity.idm.IdSearchResults)2
