use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.
the class LDAPModify method doToolProcessing.
/**
* {@inheritDoc}
*/
@Override()
@NotNull()
public ResultCode doToolProcessing() {
// Examine the arguments to determine the sets of controls to use for each
// type of request.
final ArrayList<Control> addControls = new ArrayList<>(10);
final ArrayList<Control> deleteControls = new ArrayList<>(10);
final ArrayList<Control> modifyControls = new ArrayList<>(10);
final ArrayList<Control> modifyDNControls = new ArrayList<>(10);
final ArrayList<Control> searchControls = new ArrayList<>(10);
try {
createRequestControls(addControls, deleteControls, modifyControls, modifyDNControls, searchControls);
} catch (final LDAPException le) {
Debug.debugException(le);
for (final String line : ResultUtils.formatResult(le, true, 0, WRAP_COLUMN)) {
err(line);
}
return le.getResultCode();
}
// If an encryption passphrase file was specified, then read its value.
String encryptionPassphrase = null;
if (encryptionPassphraseFile.isPresent()) {
try {
encryptionPassphrase = ToolUtils.readEncryptionPassphraseFromFile(encryptionPassphraseFile.getValue());
} catch (final LDAPException e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, e.getMessage());
return e.getResultCode();
}
}
LDAPConnectionPool connectionPool = null;
LDIFReader ldifReader = null;
LDIFWriter rejectWriter = null;
try {
// before performing the bind.
try {
final StartAdministrativeSessionPostConnectProcessor p;
if (useAdministrativeSession.isPresent()) {
p = new StartAdministrativeSessionPostConnectProcessor(new StartAdministrativeSessionExtendedRequest(getToolName(), true));
} else {
p = null;
}
if (!dryRun.isPresent()) {
connectionPool = getConnectionPool(1, 2, 0, p, null, true, new ReportBindResultLDAPConnectionPoolHealthCheck(this, true, verbose.isPresent()));
}
} catch (final LDAPException le) {
Debug.debugException(le);
// If the failure was something else, then display that failure result.
if (le.getResultCode() != ResultCode.INVALID_CREDENTIALS) {
for (final String line : ResultUtils.formatResult(le, true, 0, WRAP_COLUMN)) {
err(line);
}
}
return le.getResultCode();
}
if (connectionPool != null) {
connectionPool.setRetryFailedOperationsDueToInvalidConnections((!neverRetry.isPresent()));
}
// Report that the connection was successfully established.
if (connectionPool != null) {
try {
final LDAPConnection connection = connectionPool.getConnection();
final String hostPort = connection.getHostPort();
connectionPool.releaseConnection(connection);
commentToOut(INFO_LDAPMODIFY_CONNECTION_ESTABLISHED.get(hostPort));
out();
} catch (final LDAPException le) {
Debug.debugException(le);
// This should never happen.
}
}
// If we should process the operations in a transaction, then start that
// now.
final ASN1OctetString txnID;
if (useTransaction.isPresent()) {
final Control[] startTxnControls;
if (proxyAs.isPresent()) {
// In a transaction, the proxied authorization control must only be
// used in the start transaction request and not in any of the
// subsequent operation requests.
startTxnControls = new Control[] { new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()) };
} else if (proxyV1As.isPresent()) {
// In a transaction, the proxied authorization control must only be
// used in the start transaction request and not in any of the
// subsequent operation requests.
startTxnControls = new Control[] { new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()) };
} else {
startTxnControls = StaticUtils.NO_CONTROLS;
}
try {
final StartTransactionExtendedResult startTxnResult = (StartTransactionExtendedResult) connectionPool.processExtendedOperation(new StartTransactionExtendedRequest(startTxnControls));
if (startTxnResult.getResultCode() == ResultCode.SUCCESS) {
txnID = startTxnResult.getTransactionID();
final TransactionSpecificationRequestControl c = new TransactionSpecificationRequestControl(txnID);
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
final String txnIDString;
if (StaticUtils.isPrintableString(txnID.getValue())) {
txnIDString = txnID.stringValue();
} else {
final StringBuilder hexBuffer = new StringBuilder();
StaticUtils.toHex(txnID.getValue(), ":", hexBuffer);
txnIDString = hexBuffer.toString();
}
commentToOut(INFO_LDAPMODIFY_STARTED_TXN.get(txnIDString));
} else {
commentToErr(ERR_LDAPMODIFY_CANNOT_START_TXN.get(startTxnResult.getResultString()));
return startTxnResult.getResultCode();
}
} catch (final LDAPException le) {
Debug.debugException(le);
commentToErr(ERR_LDAPMODIFY_CANNOT_START_TXN.get(StaticUtils.getExceptionMessage(le)));
return le.getResultCode();
}
} else {
txnID = null;
}
// Create an LDIF reader that will be used to read the changes to process.
try {
final InputStream ldifInputStream;
if (ldifFile.isPresent()) {
ldifInputStream = ToolUtils.getInputStreamForLDIFFiles(ldifFile.getValues(), encryptionPassphrase, getOut(), getErr()).getFirst();
} else {
ldifInputStream = in;
}
ldifReader = new LDIFReader(ldifInputStream, 0, null, null, characterSet.getValue());
} catch (final Exception e) {
commentToErr(ERR_LDAPMODIFY_CANNOT_CREATE_LDIF_READER.get(StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
if (stripTrailingSpaces.isPresent()) {
ldifReader.setTrailingSpaceBehavior(TrailingSpaceBehavior.STRIP);
}
// If appropriate, create a reject writer.
if (rejectFile.isPresent()) {
try {
rejectWriter = new LDIFWriter(rejectFile.getValue());
// Set the maximum allowed wrap column. This is better than setting a
// wrap column of zero because it will ensure that comments don't get
// wrapped either.
rejectWriter.setWrapColumn(Integer.MAX_VALUE);
} catch (final Exception e) {
Debug.debugException(e);
commentToErr(ERR_LDAPMODIFY_CANNOT_CREATE_REJECT_WRITER.get(rejectFile.getValue().getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
}
// If appropriate, create a rate limiter.
final FixedRateBarrier rateLimiter;
if (ratePerSecond.isPresent()) {
rateLimiter = new FixedRateBarrier(1000L, ratePerSecond.getValue());
} else {
rateLimiter = null;
}
// Iterate through the set of changes to process.
boolean commitTransaction = true;
ResultCode resultCode = null;
final ArrayList<LDAPRequest> multiUpdateRequests = new ArrayList<>(10);
final boolean isBulkModify = modifyEntriesMatchingFilter.isPresent() || modifyEntriesMatchingFiltersFromFile.isPresent() || modifyEntryWithDN.isPresent() || modifyEntriesWithDNsFromFile.isPresent();
readChangeRecordLoop: while (true) {
// If there is a rate limiter, then use it to sleep if necessary.
if ((rateLimiter != null) && (!isBulkModify)) {
rateLimiter.await();
}
// Read the next LDIF change record. If we get an error then handle it
// and abort if appropriate.
final LDIFChangeRecord changeRecord;
try {
changeRecord = ldifReader.readChangeRecord(defaultAdd.isPresent());
} catch (final IOException ioe) {
Debug.debugException(ioe);
final String message = ERR_LDAPMODIFY_IO_ERROR_READING_CHANGE.get(StaticUtils.getExceptionMessage(ioe));
commentToErr(message);
writeRejectedChange(rejectWriter, message, null);
commitTransaction = false;
resultCode = ResultCode.LOCAL_ERROR;
break;
} catch (final LDIFException le) {
Debug.debugException(le);
final StringBuilder buffer = new StringBuilder();
if (le.mayContinueReading() && (!useTransaction.isPresent())) {
buffer.append(ERR_LDAPMODIFY_RECOVERABLE_LDIF_ERROR_READING_CHANGE.get(le.getLineNumber(), StaticUtils.getExceptionMessage(le)));
} else {
buffer.append(ERR_LDAPMODIFY_UNRECOVERABLE_LDIF_ERROR_READING_CHANGE.get(le.getLineNumber(), StaticUtils.getExceptionMessage(le)));
}
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS)) {
resultCode = ResultCode.LOCAL_ERROR;
}
if ((le.getDataLines() != null) && (!le.getDataLines().isEmpty())) {
buffer.append(StaticUtils.EOL);
buffer.append(StaticUtils.EOL);
buffer.append(ERR_LDAPMODIFY_INVALID_LINES.get());
buffer.append(StaticUtils.EOL);
for (final String s : le.getDataLines()) {
buffer.append(s);
buffer.append(StaticUtils.EOL);
}
}
final String message = buffer.toString();
commentToErr(message);
writeRejectedChange(rejectWriter, message, null);
if (le.mayContinueReading() && (!useTransaction.isPresent())) {
continue;
} else {
commitTransaction = false;
resultCode = ResultCode.LOCAL_ERROR;
break;
}
}
// type.
if (changeRecord == null) {
break;
}
// the change record into a set of modifications.
if (modifyEntriesMatchingFilter.isPresent()) {
for (final Filter filter : modifyEntriesMatchingFilter.getValues()) {
final ResultCode rc = handleModifyMatchingFilter(connectionPool, changeRecord, modifyEntriesMatchingFilter.getIdentifierString(), filter, searchControls, modifyControls, rateLimiter, rejectWriter);
if (rc != ResultCode.SUCCESS) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = rc;
}
}
}
}
if (modifyEntriesMatchingFiltersFromFile.isPresent()) {
for (final File f : modifyEntriesMatchingFiltersFromFile.getValues()) {
final FilterFileReader filterReader;
try {
filterReader = new FilterFileReader(f);
} catch (final Exception e) {
Debug.debugException(e);
commentToErr(ERR_LDAPMODIFY_ERROR_OPENING_FILTER_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
try {
while (true) {
final Filter filter;
try {
filter = filterReader.readFilter();
} catch (final IOException ioe) {
Debug.debugException(ioe);
commentToErr(ERR_LDAPMODIFY_IO_ERROR_READING_FILTER_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(ioe)));
return ResultCode.LOCAL_ERROR;
} catch (final LDAPException le) {
Debug.debugException(le);
commentToErr(le.getMessage());
if (continueOnError.isPresent()) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = le.getResultCode();
}
continue;
} else {
return le.getResultCode();
}
}
if (filter == null) {
break;
}
final ResultCode rc = handleModifyMatchingFilter(connectionPool, changeRecord, modifyEntriesMatchingFiltersFromFile.getIdentifierString(), filter, searchControls, modifyControls, rateLimiter, rejectWriter);
if (rc != ResultCode.SUCCESS) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = rc;
}
}
}
} finally {
try {
filterReader.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
}
}
if (modifyEntryWithDN.isPresent()) {
for (final DN dn : modifyEntryWithDN.getValues()) {
final ResultCode rc = handleModifyWithDN(connectionPool, changeRecord, modifyEntryWithDN.getIdentifierString(), dn, modifyControls, rateLimiter, rejectWriter);
if (rc != ResultCode.SUCCESS) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = rc;
}
}
}
}
if (modifyEntriesWithDNsFromFile.isPresent()) {
for (final File f : modifyEntriesWithDNsFromFile.getValues()) {
final DNFileReader dnReader;
try {
dnReader = new DNFileReader(f);
} catch (final Exception e) {
Debug.debugException(e);
commentToErr(ERR_LDAPMODIFY_ERROR_OPENING_DN_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
try {
while (true) {
final DN dn;
try {
dn = dnReader.readDN();
} catch (final IOException ioe) {
Debug.debugException(ioe);
commentToErr(ERR_LDAPMODIFY_IO_ERROR_READING_DN_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(ioe)));
return ResultCode.LOCAL_ERROR;
} catch (final LDAPException le) {
Debug.debugException(le);
commentToErr(le.getMessage());
if (continueOnError.isPresent()) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = le.getResultCode();
}
continue;
} else {
return le.getResultCode();
}
}
if (dn == null) {
break;
}
final ResultCode rc = handleModifyWithDN(connectionPool, changeRecord, modifyEntriesWithDNsFromFile.getIdentifierString(), dn, modifyControls, rateLimiter, rejectWriter);
if (rc != ResultCode.SUCCESS) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = rc;
}
}
}
} finally {
try {
dnReader.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
}
}
if (isBulkModify) {
continue;
}
try {
final ResultCode rc;
if (changeRecord instanceof LDIFAddChangeRecord) {
rc = doAdd((LDIFAddChangeRecord) changeRecord, addControls, connectionPool, multiUpdateRequests, rejectWriter);
} else if (changeRecord instanceof LDIFDeleteChangeRecord) {
rc = doDelete((LDIFDeleteChangeRecord) changeRecord, deleteControls, connectionPool, multiUpdateRequests, rejectWriter);
} else if (changeRecord instanceof LDIFModifyChangeRecord) {
rc = doModify((LDIFModifyChangeRecord) changeRecord, modifyControls, connectionPool, multiUpdateRequests, rejectWriter);
} else if (changeRecord instanceof LDIFModifyDNChangeRecord) {
rc = doModifyDN((LDIFModifyDNChangeRecord) changeRecord, modifyDNControls, connectionPool, multiUpdateRequests, rejectWriter);
} else {
// This should never happen.
commentToErr(ERR_LDAPMODIFY_UNSUPPORTED_CHANGE_RECORD_HEADER.get());
for (final String line : changeRecord.toLDIF()) {
err("# " + line);
}
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_LDAPMODIFY_UNSUPPORTED_CHANGE_RECORD_HEADER.get() + changeRecord.toString());
}
if ((resultCode == null) && (rc != ResultCode.SUCCESS)) {
resultCode = rc;
}
} catch (final LDAPException le) {
Debug.debugException(le);
commitTransaction = false;
if (continueOnError.isPresent()) {
if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
resultCode = le.getResultCode();
}
} else {
resultCode = le.getResultCode();
break;
}
}
}
// operation, then process that now.
if (useTransaction.isPresent()) {
LDAPResult endTxnResult;
final EndTransactionExtendedRequest endTxnRequest = new EndTransactionExtendedRequest(txnID, commitTransaction);
try {
endTxnResult = connectionPool.processExtendedOperation(endTxnRequest);
} catch (final LDAPException le) {
endTxnResult = le.toLDAPResult();
}
displayResult(endTxnResult, false);
if (((resultCode == null) || (resultCode == ResultCode.SUCCESS)) && (endTxnResult.getResultCode() != ResultCode.SUCCESS)) {
resultCode = endTxnResult.getResultCode();
}
} else if (multiUpdateErrorBehavior.isPresent()) {
final MultiUpdateErrorBehavior errorBehavior;
if (multiUpdateErrorBehavior.getValue().equalsIgnoreCase("atomic")) {
errorBehavior = MultiUpdateErrorBehavior.ATOMIC;
} else if (multiUpdateErrorBehavior.getValue().equalsIgnoreCase("abort-on-error")) {
errorBehavior = MultiUpdateErrorBehavior.ABORT_ON_ERROR;
} else {
errorBehavior = MultiUpdateErrorBehavior.CONTINUE_ON_ERROR;
}
final Control[] multiUpdateControls;
if (proxyAs.isPresent()) {
multiUpdateControls = new Control[] { new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()) };
} else if (proxyV1As.isPresent()) {
multiUpdateControls = new Control[] { new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()) };
} else {
multiUpdateControls = StaticUtils.NO_CONTROLS;
}
ExtendedResult multiUpdateResult;
try {
commentToOut(INFO_LDAPMODIFY_SENDING_MULTI_UPDATE_REQUEST.get());
final MultiUpdateExtendedRequest multiUpdateRequest = new MultiUpdateExtendedRequest(errorBehavior, multiUpdateRequests, multiUpdateControls);
multiUpdateResult = connectionPool.processExtendedOperation(multiUpdateRequest);
} catch (final LDAPException le) {
multiUpdateResult = new ExtendedResult(le);
}
displayResult(multiUpdateResult, false);
resultCode = multiUpdateResult.getResultCode();
}
if (resultCode == null) {
return ResultCode.SUCCESS;
} else {
return resultCode;
}
} finally {
if (rejectWriter != null) {
try {
rejectWriter.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
if (ldifReader != null) {
try {
ldifReader.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
if (connectionPool != null) {
try {
connectionPool.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
}
}
use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.
the class LDAPSearch method getSearchControls.
/**
* Retrieves a list of the controls that should be used when processing search
* operations.
*
* @return A list of the controls that should be used when processing search
* operations.
*
* @throws LDAPException If a problem is encountered while generating the
* controls for a search request.
*/
@NotNull()
private List<Control> getSearchControls() {
final ArrayList<Control> controls = new ArrayList<>(10);
if (searchControl.isPresent()) {
controls.addAll(searchControl.getValues());
}
if (joinRequestControl != null) {
controls.add(joinRequestControl);
}
if (matchedValuesRequestControl != null) {
controls.add(matchedValuesRequestControl);
}
if (matchingEntryCountRequestControl != null) {
controls.add(matchingEntryCountRequestControl);
}
if (overrideSearchLimitsRequestControl != null) {
controls.add(overrideSearchLimitsRequestControl);
}
if (persistentSearchRequestControl != null) {
controls.add(persistentSearchRequestControl);
}
if (sortRequestControl != null) {
controls.add(sortRequestControl);
}
if (vlvRequestControl != null) {
controls.add(vlvRequestControl);
}
controls.addAll(routeToBackendSetRequestControls);
if (accountUsable.isPresent()) {
controls.add(new AccountUsableRequestControl(true));
}
if (getBackendSetID.isPresent()) {
controls.add(new GetBackendSetIDRequestControl(false));
}
if (getServerID.isPresent()) {
controls.add(new GetServerIDRequestControl(false));
}
if (includeReplicationConflictEntries.isPresent()) {
controls.add(new ReturnConflictEntriesRequestControl(true));
}
if (includeSoftDeletedEntries.isPresent()) {
final String valueStr = StaticUtils.toLowerCase(includeSoftDeletedEntries.getValue());
if (valueStr.equals("with-non-deleted-entries")) {
controls.add(new SoftDeletedEntryAccessRequestControl(true, true, false));
} else if (valueStr.equals("without-non-deleted-entries")) {
controls.add(new SoftDeletedEntryAccessRequestControl(true, false, false));
} else {
controls.add(new SoftDeletedEntryAccessRequestControl(true, false, true));
}
}
if (draftLDUPSubentries.isPresent()) {
controls.add(new DraftLDUPSubentriesRequestControl(true));
}
if (rfc3672Subentries.isPresent()) {
controls.add(new RFC3672SubentriesRequestControl(rfc3672Subentries.getValue()));
}
if (manageDsaIT.isPresent()) {
controls.add(new ManageDsaITRequestControl(true));
}
if (realAttributesOnly.isPresent()) {
controls.add(new RealAttributesOnlyRequestControl(true));
}
if (routeToServer.isPresent()) {
controls.add(new RouteToServerRequestControl(false, routeToServer.getValue(), false, false, false));
}
if (virtualAttributesOnly.isPresent()) {
controls.add(new VirtualAttributesOnlyRequestControl(true));
}
if (excludeBranch.isPresent()) {
final ArrayList<String> dns = new ArrayList<>(excludeBranch.getValues().size());
for (final DN dn : excludeBranch.getValues()) {
dns.add(dn.toString());
}
controls.add(new ExcludeBranchRequestControl(true, dns));
}
if (assertionFilter.isPresent()) {
controls.add(new AssertionRequestControl(assertionFilter.getValue(), true));
}
if (getEffectiveRightsAuthzID.isPresent()) {
final String[] attributes;
if (getEffectiveRightsAttribute.isPresent()) {
attributes = new String[getEffectiveRightsAttribute.getValues().size()];
for (int i = 0; i < attributes.length; i++) {
attributes[i] = getEffectiveRightsAttribute.getValues().get(i);
}
} else {
attributes = StaticUtils.NO_STRINGS;
}
controls.add(new GetEffectiveRightsRequestControl(true, getEffectiveRightsAuthzID.getValue(), attributes));
}
if (operationPurpose.isPresent()) {
controls.add(new OperationPurposeRequestControl(true, "ldapsearch", Version.NUMERIC_VERSION_STRING, "LDAPSearch.getSearchControls", operationPurpose.getValue()));
}
if (proxyAs.isPresent()) {
controls.add(new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()));
}
if (proxyV1As.isPresent()) {
controls.add(new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()));
}
if (suppressOperationalAttributeUpdates.isPresent()) {
final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
for (final String s : suppressOperationalAttributeUpdates.getValues()) {
if (s.equalsIgnoreCase("last-access-time")) {
suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
} else if (s.equalsIgnoreCase("last-login-time")) {
suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
} else if (s.equalsIgnoreCase("last-login-ip")) {
suppressTypes.add(SuppressType.LAST_LOGIN_IP);
}
}
controls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
}
if (rejectUnindexedSearch.isPresent()) {
controls.add(new RejectUnindexedSearchRequestControl());
}
if (permitUnindexedSearch.isPresent()) {
controls.add(new PermitUnindexedSearchRequestControl());
}
return controls;
}
use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.
the class ParallelUpdate method getOperationControls.
/**
* Updates the provided lists with the appropriate controls to include in
* each type of request.
*
* @param addControls The list that should be updated with controls to
* include in add requests. It must not be
* {@code null} and must be updatable.
* @param deleteControls The list that should be updated with controls to
* include in delete requests. It must not be
* {@code null} and must be updatable.
* @param modifyControls The list that should be updated with controls to
* include in modify requests. It must not be
* {@code null} and must be updatable.
* @param modifyDNControls The list that should be updated with controls to
* include in modify DN requests. It must not be
* {@code null} and must be updatable.
*
* @throws LDAPException If a problem is encountered while creating any of
* the controls.
*/
private void getOperationControls(@NotNull final List<Control> addControls, @NotNull final List<Control> deleteControls, @NotNull final List<Control> modifyControls, @NotNull final List<Control> modifyDNControls) throws LDAPException {
if (addControlArg.isPresent()) {
addControls.addAll(addControlArg.getValues());
}
if (deleteControlArg.isPresent()) {
deleteControls.addAll(deleteControlArg.getValues());
}
if (modifyControlArg.isPresent()) {
modifyControls.addAll(modifyControlArg.getValues());
}
if (modifyDNControlArg.isPresent()) {
modifyDNControls.addAll(modifyDNControlArg.getValues());
}
if (proxyAsArg.isPresent()) {
final ProxiedAuthorizationV2RequestControl c = new ProxiedAuthorizationV2RequestControl(proxyAsArg.getValue());
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
} else if (proxyV1AsArg.isPresent()) {
final ProxiedAuthorizationV1RequestControl c = new ProxiedAuthorizationV1RequestControl(proxyV1AsArg.getValue());
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
if (usePermissiveModifyArg.isPresent()) {
modifyControls.add(new PermissiveModifyRequestControl(true));
}
if (ignoreNoUserModificationArg.isPresent()) {
final IgnoreNoUserModificationRequestControl c = new IgnoreNoUserModificationRequestControl();
addControls.add(c);
modifyControls.add(c);
}
if (useManageDsaITArg.isPresent()) {
final ManageDsaITRequestControl c = new ManageDsaITRequestControl(true);
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
if (nameWithEntryUUIDArg.isPresent()) {
addControls.add(new NameWithEntryUUIDRequestControl(true));
}
if (softDeleteArg.isPresent()) {
deleteControls.add(new SoftDeleteRequestControl(true, true));
} else if (hardDeleteArg.isPresent()) {
deleteControls.add(new HardDeleteRequestControl(true));
}
if (operationPurposeArg.isPresent()) {
final OperationPurposeRequestControl c = new OperationPurposeRequestControl(false, "parallel-update", Version.NUMERIC_VERSION_STRING, ParallelUpdate.class.getName() + ".getOperationControls", operationPurposeArg.getValue());
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
if (replicationRepairArg.isPresent()) {
final ReplicationRepairRequestControl c = new ReplicationRepairRequestControl();
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
if (suppressReferentialIntegrityUpdatesArg.isPresent()) {
final SuppressReferentialIntegrityUpdatesRequestControl c = new SuppressReferentialIntegrityUpdatesRequestControl(true);
deleteControls.add(c);
modifyDNControls.add(c);
}
if (useAssuredReplicationArg.isPresent()) {
final AssuredReplicationLocalLevel localLevel;
if (assuredReplicationLocalLevelArg.isPresent()) {
final String localLevelStr = StaticUtils.toLowerCase(assuredReplicationLocalLevelArg.getValue());
switch(localLevelStr) {
case ASSURED_REPLICATION_LOCAL_LEVEL_NONE:
localLevel = AssuredReplicationLocalLevel.NONE;
break;
case ASSURED_REPLICATION_LOCAL_LEVEL_RECEIVED_ANY_SERVER:
localLevel = AssuredReplicationLocalLevel.RECEIVED_ANY_SERVER;
break;
case ASSURED_REPLICATION_LOCAL_LEVEL_PROCESSED_ALL_SERVERS:
localLevel = AssuredReplicationLocalLevel.PROCESSED_ALL_SERVERS;
break;
default:
// This should never happen.
localLevel = null;
break;
}
} else {
localLevel = null;
}
final AssuredReplicationRemoteLevel remoteLevel;
if (assuredReplicationRemoteLevelArg.isPresent()) {
final String remoteLevelStr = StaticUtils.toLowerCase(assuredReplicationRemoteLevelArg.getValue());
switch(remoteLevelStr) {
case ASSURED_REPLICATION_REMOTE_LEVEL_NONE:
remoteLevel = AssuredReplicationRemoteLevel.NONE;
break;
case ASSURED_REPLICATION_REMOTE_LEVEL_RECEIVED_ANY_REMOTE_LOCATION:
remoteLevel = AssuredReplicationRemoteLevel.RECEIVED_ANY_REMOTE_LOCATION;
break;
case ASSURED_REPLICATION_REMOTE_LEVEL_RECEIVED_ALL_REMOTE_LOCATIONS:
remoteLevel = AssuredReplicationRemoteLevel.RECEIVED_ALL_REMOTE_LOCATIONS;
break;
case ASSURED_REPLICATION_REMOTE_LEVEL_PROCESSED_ALL_REMOTE_SERVERS:
remoteLevel = AssuredReplicationRemoteLevel.PROCESSED_ALL_REMOTE_SERVERS;
break;
default:
// This should never happen.
remoteLevel = null;
break;
}
} else {
remoteLevel = null;
}
final Long timeoutMillis;
if (assuredReplicationTimeoutArg.isPresent()) {
timeoutMillis = assuredReplicationTimeoutArg.getValue(TimeUnit.MILLISECONDS);
} else {
timeoutMillis = null;
}
final AssuredReplicationRequestControl c = new AssuredReplicationRequestControl(true, localLevel, null, remoteLevel, null, timeoutMillis, false);
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
if (passwordUpdateBehaviorArg.isPresent()) {
final PasswordUpdateBehaviorRequestControlProperties properties = new PasswordUpdateBehaviorRequestControlProperties();
for (final String argValue : passwordUpdateBehaviorArg.getValues()) {
final int equalPos = argValue.indexOf('=');
if (equalPos < 0) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PARALLEL_UPDATE_MALFORMED_PW_UPDATE_VALUE.get(argValue, passwordUpdateBehaviorArg.getIdentifierString()));
}
final String propertyName = argValue.substring(0, equalPos).trim();
final String lowerName = StaticUtils.toLowerCase(propertyName);
switch(lowerName) {
case PW_UPDATE_BEHAVIOR_NAME_IS_SELF_CHANGE:
properties.setIsSelfChange(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_ALLOW_PRE_ENCODED_PW:
properties.setAllowPreEncodedPassword(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_SKIP_PW_VALIDATION:
properties.setSkipPasswordValidation(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_IGNORE_PW_HISTORY:
properties.setIgnorePasswordHistory(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_IGNORE_MIN_PW_AGE:
properties.setIgnoreMinimumPasswordAge(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_MUST_CHANGE_PW:
properties.setMustChangePassword(getBooleanPWUpdateBehaviorValue(argValue));
break;
case PW_UPDATE_BEHAVIOR_NAME_PW_STORAGE_SCHEME:
final String propertyValue = argValue.substring(equalPos + 1).trim();
properties.setPasswordStorageScheme(propertyValue);
break;
default:
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PARALLEL_UPDATE_UNKNOWN_PW_UPDATE_PROP.get(argValue, passwordUpdateBehaviorArg.getIdentifierString(), PW_UPDATE_BEHAVIOR_NAME_IS_SELF_CHANGE, PW_UPDATE_BEHAVIOR_NAME_ALLOW_PRE_ENCODED_PW, PW_UPDATE_BEHAVIOR_NAME_SKIP_PW_VALIDATION, PW_UPDATE_BEHAVIOR_NAME_IGNORE_PW_HISTORY, PW_UPDATE_BEHAVIOR_NAME_IGNORE_MIN_PW_AGE, PW_UPDATE_BEHAVIOR_NAME_PW_STORAGE_SCHEME, PW_UPDATE_BEHAVIOR_NAME_MUST_CHANGE_PW));
}
}
final PasswordUpdateBehaviorRequestControl c = new PasswordUpdateBehaviorRequestControl(properties, true);
addControls.add(c);
modifyControls.add(c);
}
if (suppressOperationalAttributeUpdatesArg.isPresent()) {
final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
for (final String s : suppressOperationalAttributeUpdatesArg.getValues()) {
if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_ACCESS_TIME)) {
suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
} else if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_LOGIN_TIME)) {
suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
} else if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_LOGIN_IP)) {
suppressTypes.add(SuppressType.LAST_LOGIN_IP);
}
}
final SuppressOperationalAttributeUpdateRequestControl c = new SuppressOperationalAttributeUpdateRequestControl(true, suppressTypes);
addControls.add(c);
deleteControls.add(c);
modifyControls.add(c);
modifyDNControls.add(c);
}
}
use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.
the class RequestControlPreProcessorTestCase method testProxiedAuthV1Control.
/**
* Provides test coverage for the proxied auth v1 control.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testProxiedAuthV1Control() throws Exception {
final String oid = ProxiedAuthorizationV1RequestControl.PROXIED_AUTHORIZATION_V1_REQUEST_OID;
final Control vc = new ProxiedAuthorizationV1RequestControl("cn=test");
final Control vn = new Control(oid, false, vc.getValue());
final Control ic = new Control(oid, true);
final Control in = new Control(oid, false);
final Class<?> c = ProxiedAuthorizationV1RequestControl.class;
// Test with acceptable operation types.
for (final byte opType : Arrays.asList(LDAPMessage.PROTOCOL_OP_TYPE_ADD_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_COMPARE_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_DELETE_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_DN_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_SEARCH_REQUEST)) {
// A valid critical control.
ensureControlHandled(opType, Arrays.asList(vc), oid, c);
// A valid non-critical control.
ensureControlHandled(opType, Arrays.asList(vn), oid, c);
// Multiple instances of the control.
ensureException(opType, Arrays.asList(vc, vn));
// Malformed critical control.
ensureException(opType, Arrays.asList(ic));
// Malformed non-critical control.
ensureException(opType, Arrays.asList(in));
}
// Test with unacceptable operation types.
for (final byte opType : Arrays.asList(LDAPMessage.PROTOCOL_OP_TYPE_ABANDON_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_BIND_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_EXTENDED_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_UNBIND_REQUEST)) {
// A valid critical control.
ensureException(opType, Arrays.asList(vc));
// A valid non-critical control.
ensureControlIgnored(opType, Arrays.asList(vn), oid);
// Malformed critical control.
ensureException(opType, Arrays.asList(ic));
// Malformed non-critical control.
ensureControlIgnored(opType, Arrays.asList(in), oid);
}
}
use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.
the class DSEETestCase method testProxiedAuthV1.
/**
* Tests the ability to use the proxied authorization V1 request control
* against a Sun DSEE instance.
* <BR><BR>
* Access to a Sun DSEE instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testProxiedAuthV1() throws Exception {
if (!available) {
return;
}
LDAPConnection conn = getAdminDSEEConnection();
try {
LinkedList<Attribute> attrList = new LinkedList<Attribute>();
attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)", "(targetattr=\"description\")(version 3.0; " + "acl \"Deny Description Write for Proxy User\"; deny (write) " + "userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
conn.add(getTestBaseDN(), attrList);
conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
// Establish a second connection that is authenticated as the proxy user.
LDAPConnection proxyConn = new LDAPConnection(getTestDSEEHost(), getTestDSEEPort(), "uid=proxy," + getTestBaseDN(), "password");
// Verify that an attempt to modify the description of the test entry will
// fail without the proxied authorization control.
ModifyRequest modifyRequest = new ModifyRequest("dn: ou=test," + getTestBaseDN(), "changetype: modify", "replace: description", "description: bar");
try {
proxyConn.modify(modifyRequest);
fail("Expected a failure when trying to modify description as the " + "proxy user without the proxied authorization V1 request control");
} catch (LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
}
// Verify that the modification is successful once the proxied auth V1
// request control is added to perform it as the admin user.
modifyRequest.addControl(new ProxiedAuthorizationV1RequestControl("uid=admin," + getTestBaseDN()));
proxyConn.modify(modifyRequest);
proxyConn.close();
conn.delete("uid=admin," + getTestBaseDN());
conn.delete("uid=proxy," + getTestBaseDN());
conn.delete("ou=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
} finally {
conn.close();
}
}
Aggregations