Search in sources :

Example 1 with ProxiedAuthorizationV1RequestControl

use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.

the class LDAPModify method doToolProcessing.

/**
 * {@inheritDoc}
 */
@Override()
@NotNull()
public ResultCode doToolProcessing() {
    // Examine the arguments to determine the sets of controls to use for each
    // type of request.
    final ArrayList<Control> addControls = new ArrayList<>(10);
    final ArrayList<Control> deleteControls = new ArrayList<>(10);
    final ArrayList<Control> modifyControls = new ArrayList<>(10);
    final ArrayList<Control> modifyDNControls = new ArrayList<>(10);
    final ArrayList<Control> searchControls = new ArrayList<>(10);
    try {
        createRequestControls(addControls, deleteControls, modifyControls, modifyDNControls, searchControls);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        for (final String line : ResultUtils.formatResult(le, true, 0, WRAP_COLUMN)) {
            err(line);
        }
        return le.getResultCode();
    }
    // If an encryption passphrase file was specified, then read its value.
    String encryptionPassphrase = null;
    if (encryptionPassphraseFile.isPresent()) {
        try {
            encryptionPassphrase = ToolUtils.readEncryptionPassphraseFromFile(encryptionPassphraseFile.getValue());
        } catch (final LDAPException e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, e.getMessage());
            return e.getResultCode();
        }
    }
    LDAPConnectionPool connectionPool = null;
    LDIFReader ldifReader = null;
    LDIFWriter rejectWriter = null;
    try {
        // before performing the bind.
        try {
            final StartAdministrativeSessionPostConnectProcessor p;
            if (useAdministrativeSession.isPresent()) {
                p = new StartAdministrativeSessionPostConnectProcessor(new StartAdministrativeSessionExtendedRequest(getToolName(), true));
            } else {
                p = null;
            }
            if (!dryRun.isPresent()) {
                connectionPool = getConnectionPool(1, 2, 0, p, null, true, new ReportBindResultLDAPConnectionPoolHealthCheck(this, true, verbose.isPresent()));
            }
        } catch (final LDAPException le) {
            Debug.debugException(le);
            // If the failure was something else, then display that failure result.
            if (le.getResultCode() != ResultCode.INVALID_CREDENTIALS) {
                for (final String line : ResultUtils.formatResult(le, true, 0, WRAP_COLUMN)) {
                    err(line);
                }
            }
            return le.getResultCode();
        }
        if (connectionPool != null) {
            connectionPool.setRetryFailedOperationsDueToInvalidConnections((!neverRetry.isPresent()));
        }
        // Report that the connection was successfully established.
        if (connectionPool != null) {
            try {
                final LDAPConnection connection = connectionPool.getConnection();
                final String hostPort = connection.getHostPort();
                connectionPool.releaseConnection(connection);
                commentToOut(INFO_LDAPMODIFY_CONNECTION_ESTABLISHED.get(hostPort));
                out();
            } catch (final LDAPException le) {
                Debug.debugException(le);
            // This should never happen.
            }
        }
        // If we should process the operations in a transaction, then start that
        // now.
        final ASN1OctetString txnID;
        if (useTransaction.isPresent()) {
            final Control[] startTxnControls;
            if (proxyAs.isPresent()) {
                // In a transaction, the proxied authorization control must only be
                // used in the start transaction request and not in any of the
                // subsequent operation requests.
                startTxnControls = new Control[] { new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()) };
            } else if (proxyV1As.isPresent()) {
                // In a transaction, the proxied authorization control must only be
                // used in the start transaction request and not in any of the
                // subsequent operation requests.
                startTxnControls = new Control[] { new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()) };
            } else {
                startTxnControls = StaticUtils.NO_CONTROLS;
            }
            try {
                final StartTransactionExtendedResult startTxnResult = (StartTransactionExtendedResult) connectionPool.processExtendedOperation(new StartTransactionExtendedRequest(startTxnControls));
                if (startTxnResult.getResultCode() == ResultCode.SUCCESS) {
                    txnID = startTxnResult.getTransactionID();
                    final TransactionSpecificationRequestControl c = new TransactionSpecificationRequestControl(txnID);
                    addControls.add(c);
                    deleteControls.add(c);
                    modifyControls.add(c);
                    modifyDNControls.add(c);
                    final String txnIDString;
                    if (StaticUtils.isPrintableString(txnID.getValue())) {
                        txnIDString = txnID.stringValue();
                    } else {
                        final StringBuilder hexBuffer = new StringBuilder();
                        StaticUtils.toHex(txnID.getValue(), ":", hexBuffer);
                        txnIDString = hexBuffer.toString();
                    }
                    commentToOut(INFO_LDAPMODIFY_STARTED_TXN.get(txnIDString));
                } else {
                    commentToErr(ERR_LDAPMODIFY_CANNOT_START_TXN.get(startTxnResult.getResultString()));
                    return startTxnResult.getResultCode();
                }
            } catch (final LDAPException le) {
                Debug.debugException(le);
                commentToErr(ERR_LDAPMODIFY_CANNOT_START_TXN.get(StaticUtils.getExceptionMessage(le)));
                return le.getResultCode();
            }
        } else {
            txnID = null;
        }
        // Create an LDIF reader that will be used to read the changes to process.
        try {
            final InputStream ldifInputStream;
            if (ldifFile.isPresent()) {
                ldifInputStream = ToolUtils.getInputStreamForLDIFFiles(ldifFile.getValues(), encryptionPassphrase, getOut(), getErr()).getFirst();
            } else {
                ldifInputStream = in;
            }
            ldifReader = new LDIFReader(ldifInputStream, 0, null, null, characterSet.getValue());
        } catch (final Exception e) {
            commentToErr(ERR_LDAPMODIFY_CANNOT_CREATE_LDIF_READER.get(StaticUtils.getExceptionMessage(e)));
            return ResultCode.LOCAL_ERROR;
        }
        if (stripTrailingSpaces.isPresent()) {
            ldifReader.setTrailingSpaceBehavior(TrailingSpaceBehavior.STRIP);
        }
        // If appropriate, create a reject writer.
        if (rejectFile.isPresent()) {
            try {
                rejectWriter = new LDIFWriter(rejectFile.getValue());
                // Set the maximum allowed wrap column.  This is better than setting a
                // wrap column of zero because it will ensure that comments don't get
                // wrapped either.
                rejectWriter.setWrapColumn(Integer.MAX_VALUE);
            } catch (final Exception e) {
                Debug.debugException(e);
                commentToErr(ERR_LDAPMODIFY_CANNOT_CREATE_REJECT_WRITER.get(rejectFile.getValue().getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
                return ResultCode.LOCAL_ERROR;
            }
        }
        // If appropriate, create a rate limiter.
        final FixedRateBarrier rateLimiter;
        if (ratePerSecond.isPresent()) {
            rateLimiter = new FixedRateBarrier(1000L, ratePerSecond.getValue());
        } else {
            rateLimiter = null;
        }
        // Iterate through the set of changes to process.
        boolean commitTransaction = true;
        ResultCode resultCode = null;
        final ArrayList<LDAPRequest> multiUpdateRequests = new ArrayList<>(10);
        final boolean isBulkModify = modifyEntriesMatchingFilter.isPresent() || modifyEntriesMatchingFiltersFromFile.isPresent() || modifyEntryWithDN.isPresent() || modifyEntriesWithDNsFromFile.isPresent();
        readChangeRecordLoop: while (true) {
            // If there is a rate limiter, then use it to sleep if necessary.
            if ((rateLimiter != null) && (!isBulkModify)) {
                rateLimiter.await();
            }
            // Read the next LDIF change record.  If we get an error then handle it
            // and abort if appropriate.
            final LDIFChangeRecord changeRecord;
            try {
                changeRecord = ldifReader.readChangeRecord(defaultAdd.isPresent());
            } catch (final IOException ioe) {
                Debug.debugException(ioe);
                final String message = ERR_LDAPMODIFY_IO_ERROR_READING_CHANGE.get(StaticUtils.getExceptionMessage(ioe));
                commentToErr(message);
                writeRejectedChange(rejectWriter, message, null);
                commitTransaction = false;
                resultCode = ResultCode.LOCAL_ERROR;
                break;
            } catch (final LDIFException le) {
                Debug.debugException(le);
                final StringBuilder buffer = new StringBuilder();
                if (le.mayContinueReading() && (!useTransaction.isPresent())) {
                    buffer.append(ERR_LDAPMODIFY_RECOVERABLE_LDIF_ERROR_READING_CHANGE.get(le.getLineNumber(), StaticUtils.getExceptionMessage(le)));
                } else {
                    buffer.append(ERR_LDAPMODIFY_UNRECOVERABLE_LDIF_ERROR_READING_CHANGE.get(le.getLineNumber(), StaticUtils.getExceptionMessage(le)));
                }
                if ((resultCode == null) || (resultCode == ResultCode.SUCCESS)) {
                    resultCode = ResultCode.LOCAL_ERROR;
                }
                if ((le.getDataLines() != null) && (!le.getDataLines().isEmpty())) {
                    buffer.append(StaticUtils.EOL);
                    buffer.append(StaticUtils.EOL);
                    buffer.append(ERR_LDAPMODIFY_INVALID_LINES.get());
                    buffer.append(StaticUtils.EOL);
                    for (final String s : le.getDataLines()) {
                        buffer.append(s);
                        buffer.append(StaticUtils.EOL);
                    }
                }
                final String message = buffer.toString();
                commentToErr(message);
                writeRejectedChange(rejectWriter, message, null);
                if (le.mayContinueReading() && (!useTransaction.isPresent())) {
                    continue;
                } else {
                    commitTransaction = false;
                    resultCode = ResultCode.LOCAL_ERROR;
                    break;
                }
            }
            // type.
            if (changeRecord == null) {
                break;
            }
            // the change record into a set of modifications.
            if (modifyEntriesMatchingFilter.isPresent()) {
                for (final Filter filter : modifyEntriesMatchingFilter.getValues()) {
                    final ResultCode rc = handleModifyMatchingFilter(connectionPool, changeRecord, modifyEntriesMatchingFilter.getIdentifierString(), filter, searchControls, modifyControls, rateLimiter, rejectWriter);
                    if (rc != ResultCode.SUCCESS) {
                        if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                            resultCode = rc;
                        }
                    }
                }
            }
            if (modifyEntriesMatchingFiltersFromFile.isPresent()) {
                for (final File f : modifyEntriesMatchingFiltersFromFile.getValues()) {
                    final FilterFileReader filterReader;
                    try {
                        filterReader = new FilterFileReader(f);
                    } catch (final Exception e) {
                        Debug.debugException(e);
                        commentToErr(ERR_LDAPMODIFY_ERROR_OPENING_FILTER_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
                        return ResultCode.LOCAL_ERROR;
                    }
                    try {
                        while (true) {
                            final Filter filter;
                            try {
                                filter = filterReader.readFilter();
                            } catch (final IOException ioe) {
                                Debug.debugException(ioe);
                                commentToErr(ERR_LDAPMODIFY_IO_ERROR_READING_FILTER_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(ioe)));
                                return ResultCode.LOCAL_ERROR;
                            } catch (final LDAPException le) {
                                Debug.debugException(le);
                                commentToErr(le.getMessage());
                                if (continueOnError.isPresent()) {
                                    if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                                        resultCode = le.getResultCode();
                                    }
                                    continue;
                                } else {
                                    return le.getResultCode();
                                }
                            }
                            if (filter == null) {
                                break;
                            }
                            final ResultCode rc = handleModifyMatchingFilter(connectionPool, changeRecord, modifyEntriesMatchingFiltersFromFile.getIdentifierString(), filter, searchControls, modifyControls, rateLimiter, rejectWriter);
                            if (rc != ResultCode.SUCCESS) {
                                if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                                    resultCode = rc;
                                }
                            }
                        }
                    } finally {
                        try {
                            filterReader.close();
                        } catch (final Exception e) {
                            Debug.debugException(e);
                        }
                    }
                }
            }
            if (modifyEntryWithDN.isPresent()) {
                for (final DN dn : modifyEntryWithDN.getValues()) {
                    final ResultCode rc = handleModifyWithDN(connectionPool, changeRecord, modifyEntryWithDN.getIdentifierString(), dn, modifyControls, rateLimiter, rejectWriter);
                    if (rc != ResultCode.SUCCESS) {
                        if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                            resultCode = rc;
                        }
                    }
                }
            }
            if (modifyEntriesWithDNsFromFile.isPresent()) {
                for (final File f : modifyEntriesWithDNsFromFile.getValues()) {
                    final DNFileReader dnReader;
                    try {
                        dnReader = new DNFileReader(f);
                    } catch (final Exception e) {
                        Debug.debugException(e);
                        commentToErr(ERR_LDAPMODIFY_ERROR_OPENING_DN_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)));
                        return ResultCode.LOCAL_ERROR;
                    }
                    try {
                        while (true) {
                            final DN dn;
                            try {
                                dn = dnReader.readDN();
                            } catch (final IOException ioe) {
                                Debug.debugException(ioe);
                                commentToErr(ERR_LDAPMODIFY_IO_ERROR_READING_DN_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(ioe)));
                                return ResultCode.LOCAL_ERROR;
                            } catch (final LDAPException le) {
                                Debug.debugException(le);
                                commentToErr(le.getMessage());
                                if (continueOnError.isPresent()) {
                                    if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                                        resultCode = le.getResultCode();
                                    }
                                    continue;
                                } else {
                                    return le.getResultCode();
                                }
                            }
                            if (dn == null) {
                                break;
                            }
                            final ResultCode rc = handleModifyWithDN(connectionPool, changeRecord, modifyEntriesWithDNsFromFile.getIdentifierString(), dn, modifyControls, rateLimiter, rejectWriter);
                            if (rc != ResultCode.SUCCESS) {
                                if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                                    resultCode = rc;
                                }
                            }
                        }
                    } finally {
                        try {
                            dnReader.close();
                        } catch (final Exception e) {
                            Debug.debugException(e);
                        }
                    }
                }
            }
            if (isBulkModify) {
                continue;
            }
            try {
                final ResultCode rc;
                if (changeRecord instanceof LDIFAddChangeRecord) {
                    rc = doAdd((LDIFAddChangeRecord) changeRecord, addControls, connectionPool, multiUpdateRequests, rejectWriter);
                } else if (changeRecord instanceof LDIFDeleteChangeRecord) {
                    rc = doDelete((LDIFDeleteChangeRecord) changeRecord, deleteControls, connectionPool, multiUpdateRequests, rejectWriter);
                } else if (changeRecord instanceof LDIFModifyChangeRecord) {
                    rc = doModify((LDIFModifyChangeRecord) changeRecord, modifyControls, connectionPool, multiUpdateRequests, rejectWriter);
                } else if (changeRecord instanceof LDIFModifyDNChangeRecord) {
                    rc = doModifyDN((LDIFModifyDNChangeRecord) changeRecord, modifyDNControls, connectionPool, multiUpdateRequests, rejectWriter);
                } else {
                    // This should never happen.
                    commentToErr(ERR_LDAPMODIFY_UNSUPPORTED_CHANGE_RECORD_HEADER.get());
                    for (final String line : changeRecord.toLDIF()) {
                        err("#      " + line);
                    }
                    throw new LDAPException(ResultCode.PARAM_ERROR, ERR_LDAPMODIFY_UNSUPPORTED_CHANGE_RECORD_HEADER.get() + changeRecord.toString());
                }
                if ((resultCode == null) && (rc != ResultCode.SUCCESS)) {
                    resultCode = rc;
                }
            } catch (final LDAPException le) {
                Debug.debugException(le);
                commitTransaction = false;
                if (continueOnError.isPresent()) {
                    if ((resultCode == null) || (resultCode == ResultCode.SUCCESS) || (resultCode == ResultCode.NO_OPERATION)) {
                        resultCode = le.getResultCode();
                    }
                } else {
                    resultCode = le.getResultCode();
                    break;
                }
            }
        }
        // operation, then process that now.
        if (useTransaction.isPresent()) {
            LDAPResult endTxnResult;
            final EndTransactionExtendedRequest endTxnRequest = new EndTransactionExtendedRequest(txnID, commitTransaction);
            try {
                endTxnResult = connectionPool.processExtendedOperation(endTxnRequest);
            } catch (final LDAPException le) {
                endTxnResult = le.toLDAPResult();
            }
            displayResult(endTxnResult, false);
            if (((resultCode == null) || (resultCode == ResultCode.SUCCESS)) && (endTxnResult.getResultCode() != ResultCode.SUCCESS)) {
                resultCode = endTxnResult.getResultCode();
            }
        } else if (multiUpdateErrorBehavior.isPresent()) {
            final MultiUpdateErrorBehavior errorBehavior;
            if (multiUpdateErrorBehavior.getValue().equalsIgnoreCase("atomic")) {
                errorBehavior = MultiUpdateErrorBehavior.ATOMIC;
            } else if (multiUpdateErrorBehavior.getValue().equalsIgnoreCase("abort-on-error")) {
                errorBehavior = MultiUpdateErrorBehavior.ABORT_ON_ERROR;
            } else {
                errorBehavior = MultiUpdateErrorBehavior.CONTINUE_ON_ERROR;
            }
            final Control[] multiUpdateControls;
            if (proxyAs.isPresent()) {
                multiUpdateControls = new Control[] { new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()) };
            } else if (proxyV1As.isPresent()) {
                multiUpdateControls = new Control[] { new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()) };
            } else {
                multiUpdateControls = StaticUtils.NO_CONTROLS;
            }
            ExtendedResult multiUpdateResult;
            try {
                commentToOut(INFO_LDAPMODIFY_SENDING_MULTI_UPDATE_REQUEST.get());
                final MultiUpdateExtendedRequest multiUpdateRequest = new MultiUpdateExtendedRequest(errorBehavior, multiUpdateRequests, multiUpdateControls);
                multiUpdateResult = connectionPool.processExtendedOperation(multiUpdateRequest);
            } catch (final LDAPException le) {
                multiUpdateResult = new ExtendedResult(le);
            }
            displayResult(multiUpdateResult, false);
            resultCode = multiUpdateResult.getResultCode();
        }
        if (resultCode == null) {
            return ResultCode.SUCCESS;
        } else {
            return resultCode;
        }
    } finally {
        if (rejectWriter != null) {
            try {
                rejectWriter.close();
            } catch (final Exception e) {
                Debug.debugException(e);
            }
        }
        if (ldifReader != null) {
            try {
                ldifReader.close();
            } catch (final Exception e) {
                Debug.debugException(e);
            }
        }
        if (connectionPool != null) {
            try {
                connectionPool.close();
            } catch (final Exception e) {
                Debug.debugException(e);
            }
        }
    }
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) LDAPRequest(com.unboundid.ldap.sdk.LDAPRequest) ArrayList(java.util.ArrayList) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) EndTransactionExtendedRequest(com.unboundid.ldap.sdk.extensions.EndTransactionExtendedRequest) DN(com.unboundid.ldap.sdk.DN) DNFileReader(com.unboundid.util.DNFileReader) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) LDIFModifyDNChangeRecord(com.unboundid.ldif.LDIFModifyDNChangeRecord) RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) SubtreeDeleteRequestControl(com.unboundid.ldap.sdk.controls.SubtreeDeleteRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) TransactionSpecificationRequestControl(com.unboundid.ldap.sdk.controls.TransactionSpecificationRequestControl) AssuredReplicationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationRequestControl) PostReadRequestControl(com.unboundid.ldap.sdk.controls.PostReadRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) NameWithEntryUUIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.NameWithEntryUUIDRequestControl) ReplicationRepairRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReplicationRepairRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) PasswordUpdateBehaviorRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordUpdateBehaviorRequestControl) UndeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.UndeleteRequestControl) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) PermissiveModifyRequestControl(com.unboundid.ldap.sdk.controls.PermissiveModifyRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) Control(com.unboundid.ldap.sdk.Control) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) HardDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.HardDeleteRequestControl) IgnoreNoUserModificationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.IgnoreNoUserModificationRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) PurgePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PurgePasswordRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) SoftDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteRequestControl) RetirePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetirePasswordRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) NoOpRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.NoOpRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) SuppressReferentialIntegrityUpdatesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) RouteToBackendSetRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToBackendSetRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) PasswordValidationDetailsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordValidationDetailsRequestControl) UniquenessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.UniquenessRequestControl) GeneratePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GeneratePasswordRequestControl) PreReadRequestControl(com.unboundid.ldap.sdk.controls.PreReadRequestControl) LDIFException(com.unboundid.ldif.LDIFException) TransactionSpecificationRequestControl(com.unboundid.ldap.sdk.controls.TransactionSpecificationRequestControl) StartAdministrativeSessionPostConnectProcessor(com.unboundid.ldap.sdk.unboundidds.extensions.StartAdministrativeSessionPostConnectProcessor) LDAPConnectionPool(com.unboundid.ldap.sdk.LDAPConnectionPool) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) LDIFAddChangeRecord(com.unboundid.ldif.LDIFAddChangeRecord) LDAPResult(com.unboundid.ldap.sdk.LDAPResult) MultiUpdateExtendedRequest(com.unboundid.ldap.sdk.unboundidds.extensions.MultiUpdateExtendedRequest) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) IOException(java.io.IOException) LDIFModifyChangeRecord(com.unboundid.ldif.LDIFModifyChangeRecord) LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException) ArgumentException(com.unboundid.util.args.ArgumentException) LDAPException(com.unboundid.ldap.sdk.LDAPException) IOException(java.io.IOException) LDIFException(com.unboundid.ldif.LDIFException) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) LDIFChangeRecord(com.unboundid.ldif.LDIFChangeRecord) StartAdministrativeSessionExtendedRequest(com.unboundid.ldap.sdk.unboundidds.extensions.StartAdministrativeSessionExtendedRequest) FilterFileReader(com.unboundid.util.FilterFileReader) LDAPException(com.unboundid.ldap.sdk.LDAPException) Filter(com.unboundid.ldap.sdk.Filter) MultiUpdateErrorBehavior(com.unboundid.ldap.sdk.unboundidds.extensions.MultiUpdateErrorBehavior) LDIFReader(com.unboundid.ldif.LDIFReader) StartTransactionExtendedResult(com.unboundid.ldap.sdk.extensions.StartTransactionExtendedResult) StartTransactionExtendedResult(com.unboundid.ldap.sdk.extensions.StartTransactionExtendedResult) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) StartTransactionExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTransactionExtendedRequest) LDIFWriter(com.unboundid.ldif.LDIFWriter) FixedRateBarrier(com.unboundid.util.FixedRateBarrier) LDIFDeleteChangeRecord(com.unboundid.ldif.LDIFDeleteChangeRecord) File(java.io.File) ResultCode(com.unboundid.ldap.sdk.ResultCode) NotNull(com.unboundid.util.NotNull)

Example 2 with ProxiedAuthorizationV1RequestControl

use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.

the class LDAPSearch method getSearchControls.

/**
 * Retrieves a list of the controls that should be used when processing search
 * operations.
 *
 * @return  A list of the controls that should be used when processing search
 *          operations.
 *
 * @throws  LDAPException  If a problem is encountered while generating the
 *                         controls for a search request.
 */
@NotNull()
private List<Control> getSearchControls() {
    final ArrayList<Control> controls = new ArrayList<>(10);
    if (searchControl.isPresent()) {
        controls.addAll(searchControl.getValues());
    }
    if (joinRequestControl != null) {
        controls.add(joinRequestControl);
    }
    if (matchedValuesRequestControl != null) {
        controls.add(matchedValuesRequestControl);
    }
    if (matchingEntryCountRequestControl != null) {
        controls.add(matchingEntryCountRequestControl);
    }
    if (overrideSearchLimitsRequestControl != null) {
        controls.add(overrideSearchLimitsRequestControl);
    }
    if (persistentSearchRequestControl != null) {
        controls.add(persistentSearchRequestControl);
    }
    if (sortRequestControl != null) {
        controls.add(sortRequestControl);
    }
    if (vlvRequestControl != null) {
        controls.add(vlvRequestControl);
    }
    controls.addAll(routeToBackendSetRequestControls);
    if (accountUsable.isPresent()) {
        controls.add(new AccountUsableRequestControl(true));
    }
    if (getBackendSetID.isPresent()) {
        controls.add(new GetBackendSetIDRequestControl(false));
    }
    if (getServerID.isPresent()) {
        controls.add(new GetServerIDRequestControl(false));
    }
    if (includeReplicationConflictEntries.isPresent()) {
        controls.add(new ReturnConflictEntriesRequestControl(true));
    }
    if (includeSoftDeletedEntries.isPresent()) {
        final String valueStr = StaticUtils.toLowerCase(includeSoftDeletedEntries.getValue());
        if (valueStr.equals("with-non-deleted-entries")) {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, true, false));
        } else if (valueStr.equals("without-non-deleted-entries")) {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, false, false));
        } else {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, false, true));
        }
    }
    if (draftLDUPSubentries.isPresent()) {
        controls.add(new DraftLDUPSubentriesRequestControl(true));
    }
    if (rfc3672Subentries.isPresent()) {
        controls.add(new RFC3672SubentriesRequestControl(rfc3672Subentries.getValue()));
    }
    if (manageDsaIT.isPresent()) {
        controls.add(new ManageDsaITRequestControl(true));
    }
    if (realAttributesOnly.isPresent()) {
        controls.add(new RealAttributesOnlyRequestControl(true));
    }
    if (routeToServer.isPresent()) {
        controls.add(new RouteToServerRequestControl(false, routeToServer.getValue(), false, false, false));
    }
    if (virtualAttributesOnly.isPresent()) {
        controls.add(new VirtualAttributesOnlyRequestControl(true));
    }
    if (excludeBranch.isPresent()) {
        final ArrayList<String> dns = new ArrayList<>(excludeBranch.getValues().size());
        for (final DN dn : excludeBranch.getValues()) {
            dns.add(dn.toString());
        }
        controls.add(new ExcludeBranchRequestControl(true, dns));
    }
    if (assertionFilter.isPresent()) {
        controls.add(new AssertionRequestControl(assertionFilter.getValue(), true));
    }
    if (getEffectiveRightsAuthzID.isPresent()) {
        final String[] attributes;
        if (getEffectiveRightsAttribute.isPresent()) {
            attributes = new String[getEffectiveRightsAttribute.getValues().size()];
            for (int i = 0; i < attributes.length; i++) {
                attributes[i] = getEffectiveRightsAttribute.getValues().get(i);
            }
        } else {
            attributes = StaticUtils.NO_STRINGS;
        }
        controls.add(new GetEffectiveRightsRequestControl(true, getEffectiveRightsAuthzID.getValue(), attributes));
    }
    if (operationPurpose.isPresent()) {
        controls.add(new OperationPurposeRequestControl(true, "ldapsearch", Version.NUMERIC_VERSION_STRING, "LDAPSearch.getSearchControls", operationPurpose.getValue()));
    }
    if (proxyAs.isPresent()) {
        controls.add(new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()));
    }
    if (proxyV1As.isPresent()) {
        controls.add(new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()));
    }
    if (suppressOperationalAttributeUpdates.isPresent()) {
        final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
        for (final String s : suppressOperationalAttributeUpdates.getValues()) {
            if (s.equalsIgnoreCase("last-access-time")) {
                suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
            } else if (s.equalsIgnoreCase("last-login-time")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
            } else if (s.equalsIgnoreCase("last-login-ip")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_IP);
            }
        }
        controls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
    }
    if (rejectUnindexedSearch.isPresent()) {
        controls.add(new RejectUnindexedSearchRequestControl());
    }
    if (permitUnindexedSearch.isPresent()) {
        controls.add(new PermitUnindexedSearchRequestControl());
    }
    return controls;
}
Also used : RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) ArrayList(java.util.ArrayList) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) JoinBaseDN(com.unboundid.ldap.sdk.unboundidds.controls.JoinBaseDN) DN(com.unboundid.ldap.sdk.DN) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) VirtualListViewRequestControl(com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl) RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) MatchingEntryCountRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.MatchingEntryCountRequestControl) MatchedValuesRequestControl(com.unboundid.ldap.sdk.controls.MatchedValuesRequestControl) VirtualAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.VirtualAttributesOnlyRequestControl) AccountUsableRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl) OverrideSearchLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OverrideSearchLimitsRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl) JoinRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.JoinRequestControl) ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) PermitUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PermitUnindexedSearchRequestControl) RejectUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RejectUnindexedSearchRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) Control(com.unboundid.ldap.sdk.Control) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl) ExcludeBranchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ExcludeBranchRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) ServerSideSortRequestControl(com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) RouteToBackendSetRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToBackendSetRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) PersistentSearchRequestControl(com.unboundid.ldap.sdk.controls.PersistentSearchRequestControl) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) AccountUsableRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl) PermitUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PermitUnindexedSearchRequestControl) ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl) RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl) SuppressType(com.unboundid.ldap.sdk.unboundidds.controls.SuppressType) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) ExcludeBranchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ExcludeBranchRequestControl) RejectUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RejectUnindexedSearchRequestControl) VirtualAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.VirtualAttributesOnlyRequestControl) NotNull(com.unboundid.util.NotNull)

Example 3 with ProxiedAuthorizationV1RequestControl

use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.

the class ParallelUpdate method getOperationControls.

/**
 * Updates the provided lists with the appropriate controls to include in
 * each type of request.
 *
 * @param  addControls       The list that should be updated with controls to
 *                           include in add requests.  It must not be
 *                           {@code null} and must be updatable.
 * @param  deleteControls    The list that should be updated with controls to
 *                           include in delete requests.  It must not be
 *                           {@code null} and must be updatable.
 * @param  modifyControls    The list that should be updated with controls to
 *                           include in modify requests.  It must not be
 *                           {@code null} and must be updatable.
 * @param  modifyDNControls  The list that should be updated with controls to
 *                           include in modify DN requests.  It must not be
 *                           {@code null} and must be updatable.
 *
 * @throws  LDAPException  If a problem is encountered while creating any of
 *                         the controls.
 */
private void getOperationControls(@NotNull final List<Control> addControls, @NotNull final List<Control> deleteControls, @NotNull final List<Control> modifyControls, @NotNull final List<Control> modifyDNControls) throws LDAPException {
    if (addControlArg.isPresent()) {
        addControls.addAll(addControlArg.getValues());
    }
    if (deleteControlArg.isPresent()) {
        deleteControls.addAll(deleteControlArg.getValues());
    }
    if (modifyControlArg.isPresent()) {
        modifyControls.addAll(modifyControlArg.getValues());
    }
    if (modifyDNControlArg.isPresent()) {
        modifyDNControls.addAll(modifyDNControlArg.getValues());
    }
    if (proxyAsArg.isPresent()) {
        final ProxiedAuthorizationV2RequestControl c = new ProxiedAuthorizationV2RequestControl(proxyAsArg.getValue());
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    } else if (proxyV1AsArg.isPresent()) {
        final ProxiedAuthorizationV1RequestControl c = new ProxiedAuthorizationV1RequestControl(proxyV1AsArg.getValue());
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
    if (usePermissiveModifyArg.isPresent()) {
        modifyControls.add(new PermissiveModifyRequestControl(true));
    }
    if (ignoreNoUserModificationArg.isPresent()) {
        final IgnoreNoUserModificationRequestControl c = new IgnoreNoUserModificationRequestControl();
        addControls.add(c);
        modifyControls.add(c);
    }
    if (useManageDsaITArg.isPresent()) {
        final ManageDsaITRequestControl c = new ManageDsaITRequestControl(true);
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
    if (nameWithEntryUUIDArg.isPresent()) {
        addControls.add(new NameWithEntryUUIDRequestControl(true));
    }
    if (softDeleteArg.isPresent()) {
        deleteControls.add(new SoftDeleteRequestControl(true, true));
    } else if (hardDeleteArg.isPresent()) {
        deleteControls.add(new HardDeleteRequestControl(true));
    }
    if (operationPurposeArg.isPresent()) {
        final OperationPurposeRequestControl c = new OperationPurposeRequestControl(false, "parallel-update", Version.NUMERIC_VERSION_STRING, ParallelUpdate.class.getName() + ".getOperationControls", operationPurposeArg.getValue());
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
    if (replicationRepairArg.isPresent()) {
        final ReplicationRepairRequestControl c = new ReplicationRepairRequestControl();
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
    if (suppressReferentialIntegrityUpdatesArg.isPresent()) {
        final SuppressReferentialIntegrityUpdatesRequestControl c = new SuppressReferentialIntegrityUpdatesRequestControl(true);
        deleteControls.add(c);
        modifyDNControls.add(c);
    }
    if (useAssuredReplicationArg.isPresent()) {
        final AssuredReplicationLocalLevel localLevel;
        if (assuredReplicationLocalLevelArg.isPresent()) {
            final String localLevelStr = StaticUtils.toLowerCase(assuredReplicationLocalLevelArg.getValue());
            switch(localLevelStr) {
                case ASSURED_REPLICATION_LOCAL_LEVEL_NONE:
                    localLevel = AssuredReplicationLocalLevel.NONE;
                    break;
                case ASSURED_REPLICATION_LOCAL_LEVEL_RECEIVED_ANY_SERVER:
                    localLevel = AssuredReplicationLocalLevel.RECEIVED_ANY_SERVER;
                    break;
                case ASSURED_REPLICATION_LOCAL_LEVEL_PROCESSED_ALL_SERVERS:
                    localLevel = AssuredReplicationLocalLevel.PROCESSED_ALL_SERVERS;
                    break;
                default:
                    // This should never happen.
                    localLevel = null;
                    break;
            }
        } else {
            localLevel = null;
        }
        final AssuredReplicationRemoteLevel remoteLevel;
        if (assuredReplicationRemoteLevelArg.isPresent()) {
            final String remoteLevelStr = StaticUtils.toLowerCase(assuredReplicationRemoteLevelArg.getValue());
            switch(remoteLevelStr) {
                case ASSURED_REPLICATION_REMOTE_LEVEL_NONE:
                    remoteLevel = AssuredReplicationRemoteLevel.NONE;
                    break;
                case ASSURED_REPLICATION_REMOTE_LEVEL_RECEIVED_ANY_REMOTE_LOCATION:
                    remoteLevel = AssuredReplicationRemoteLevel.RECEIVED_ANY_REMOTE_LOCATION;
                    break;
                case ASSURED_REPLICATION_REMOTE_LEVEL_RECEIVED_ALL_REMOTE_LOCATIONS:
                    remoteLevel = AssuredReplicationRemoteLevel.RECEIVED_ALL_REMOTE_LOCATIONS;
                    break;
                case ASSURED_REPLICATION_REMOTE_LEVEL_PROCESSED_ALL_REMOTE_SERVERS:
                    remoteLevel = AssuredReplicationRemoteLevel.PROCESSED_ALL_REMOTE_SERVERS;
                    break;
                default:
                    // This should never happen.
                    remoteLevel = null;
                    break;
            }
        } else {
            remoteLevel = null;
        }
        final Long timeoutMillis;
        if (assuredReplicationTimeoutArg.isPresent()) {
            timeoutMillis = assuredReplicationTimeoutArg.getValue(TimeUnit.MILLISECONDS);
        } else {
            timeoutMillis = null;
        }
        final AssuredReplicationRequestControl c = new AssuredReplicationRequestControl(true, localLevel, null, remoteLevel, null, timeoutMillis, false);
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
    if (passwordUpdateBehaviorArg.isPresent()) {
        final PasswordUpdateBehaviorRequestControlProperties properties = new PasswordUpdateBehaviorRequestControlProperties();
        for (final String argValue : passwordUpdateBehaviorArg.getValues()) {
            final int equalPos = argValue.indexOf('=');
            if (equalPos < 0) {
                throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PARALLEL_UPDATE_MALFORMED_PW_UPDATE_VALUE.get(argValue, passwordUpdateBehaviorArg.getIdentifierString()));
            }
            final String propertyName = argValue.substring(0, equalPos).trim();
            final String lowerName = StaticUtils.toLowerCase(propertyName);
            switch(lowerName) {
                case PW_UPDATE_BEHAVIOR_NAME_IS_SELF_CHANGE:
                    properties.setIsSelfChange(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_ALLOW_PRE_ENCODED_PW:
                    properties.setAllowPreEncodedPassword(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_SKIP_PW_VALIDATION:
                    properties.setSkipPasswordValidation(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_IGNORE_PW_HISTORY:
                    properties.setIgnorePasswordHistory(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_IGNORE_MIN_PW_AGE:
                    properties.setIgnoreMinimumPasswordAge(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_MUST_CHANGE_PW:
                    properties.setMustChangePassword(getBooleanPWUpdateBehaviorValue(argValue));
                    break;
                case PW_UPDATE_BEHAVIOR_NAME_PW_STORAGE_SCHEME:
                    final String propertyValue = argValue.substring(equalPos + 1).trim();
                    properties.setPasswordStorageScheme(propertyValue);
                    break;
                default:
                    throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PARALLEL_UPDATE_UNKNOWN_PW_UPDATE_PROP.get(argValue, passwordUpdateBehaviorArg.getIdentifierString(), PW_UPDATE_BEHAVIOR_NAME_IS_SELF_CHANGE, PW_UPDATE_BEHAVIOR_NAME_ALLOW_PRE_ENCODED_PW, PW_UPDATE_BEHAVIOR_NAME_SKIP_PW_VALIDATION, PW_UPDATE_BEHAVIOR_NAME_IGNORE_PW_HISTORY, PW_UPDATE_BEHAVIOR_NAME_IGNORE_MIN_PW_AGE, PW_UPDATE_BEHAVIOR_NAME_PW_STORAGE_SCHEME, PW_UPDATE_BEHAVIOR_NAME_MUST_CHANGE_PW));
            }
        }
        final PasswordUpdateBehaviorRequestControl c = new PasswordUpdateBehaviorRequestControl(properties, true);
        addControls.add(c);
        modifyControls.add(c);
    }
    if (suppressOperationalAttributeUpdatesArg.isPresent()) {
        final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
        for (final String s : suppressOperationalAttributeUpdatesArg.getValues()) {
            if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_ACCESS_TIME)) {
                suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
            } else if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_LOGIN_TIME)) {
                suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
            } else if (s.equalsIgnoreCase(SUPPRESS_OP_ATTR_LAST_LOGIN_IP)) {
                suppressTypes.add(SuppressType.LAST_LOGIN_IP);
            }
        }
        final SuppressOperationalAttributeUpdateRequestControl c = new SuppressOperationalAttributeUpdateRequestControl(true, suppressTypes);
        addControls.add(c);
        deleteControls.add(c);
        modifyControls.add(c);
        modifyDNControls.add(c);
    }
}
Also used : SuppressReferentialIntegrityUpdatesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl) AssuredReplicationRemoteLevel(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationRemoteLevel) SoftDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteRequestControl) AssuredReplicationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationRequestControl) PasswordUpdateBehaviorRequestControlProperties(com.unboundid.ldap.sdk.unboundidds.controls.PasswordUpdateBehaviorRequestControlProperties) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) SuppressType(com.unboundid.ldap.sdk.unboundidds.controls.SuppressType) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) PermissiveModifyRequestControl(com.unboundid.ldap.sdk.controls.PermissiveModifyRequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) NameWithEntryUUIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.NameWithEntryUUIDRequestControl) LDAPException(com.unboundid.ldap.sdk.LDAPException) HardDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.HardDeleteRequestControl) ReplicationRepairRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReplicationRepairRequestControl) IgnoreNoUserModificationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.IgnoreNoUserModificationRequestControl) AtomicLong(java.util.concurrent.atomic.AtomicLong) AssuredReplicationLocalLevel(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationLocalLevel) PasswordUpdateBehaviorRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordUpdateBehaviorRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)

Example 4 with ProxiedAuthorizationV1RequestControl

use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.

the class RequestControlPreProcessorTestCase method testProxiedAuthV1Control.

/**
 * Provides test coverage for the proxied auth v1 control.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testProxiedAuthV1Control() throws Exception {
    final String oid = ProxiedAuthorizationV1RequestControl.PROXIED_AUTHORIZATION_V1_REQUEST_OID;
    final Control vc = new ProxiedAuthorizationV1RequestControl("cn=test");
    final Control vn = new Control(oid, false, vc.getValue());
    final Control ic = new Control(oid, true);
    final Control in = new Control(oid, false);
    final Class<?> c = ProxiedAuthorizationV1RequestControl.class;
    // Test with acceptable operation types.
    for (final byte opType : Arrays.asList(LDAPMessage.PROTOCOL_OP_TYPE_ADD_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_COMPARE_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_DELETE_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_DN_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_SEARCH_REQUEST)) {
        // A valid critical control.
        ensureControlHandled(opType, Arrays.asList(vc), oid, c);
        // A valid non-critical control.
        ensureControlHandled(opType, Arrays.asList(vn), oid, c);
        // Multiple instances of the control.
        ensureException(opType, Arrays.asList(vc, vn));
        // Malformed critical control.
        ensureException(opType, Arrays.asList(ic));
        // Malformed non-critical control.
        ensureException(opType, Arrays.asList(in));
    }
    // Test with unacceptable operation types.
    for (final byte opType : Arrays.asList(LDAPMessage.PROTOCOL_OP_TYPE_ABANDON_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_BIND_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_EXTENDED_REQUEST, LDAPMessage.PROTOCOL_OP_TYPE_UNBIND_REQUEST)) {
        // A valid critical control.
        ensureException(opType, Arrays.asList(vc));
        // A valid non-critical control.
        ensureControlIgnored(opType, Arrays.asList(vn), oid);
        // Malformed critical control.
        ensureException(opType, Arrays.asList(ic));
        // Malformed non-critical control.
        ensureControlIgnored(opType, Arrays.asList(in), oid);
    }
}
Also used : ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) VirtualListViewRequestControl(com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) DontUseCopyRequestControl(com.unboundid.ldap.sdk.controls.DontUseCopyRequestControl) Control(com.unboundid.ldap.sdk.Control) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) SubtreeDeleteRequestControl(com.unboundid.ldap.sdk.controls.SubtreeDeleteRequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) TransactionSpecificationRequestControl(com.unboundid.ldap.sdk.controls.TransactionSpecificationRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) ServerSideSortRequestControl(com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl) PostReadRequestControl(com.unboundid.ldap.sdk.controls.PostReadRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) PreReadRequestControl(com.unboundid.ldap.sdk.controls.PreReadRequestControl) PermissiveModifyRequestControl(com.unboundid.ldap.sdk.controls.PermissiveModifyRequestControl) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) Test(org.testng.annotations.Test)

Example 5 with ProxiedAuthorizationV1RequestControl

use of com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl in project ldapsdk by pingidentity.

the class DSEETestCase method testProxiedAuthV1.

/**
 * Tests the ability to use the proxied authorization V1 request control
 * against a Sun DSEE instance.
 * <BR><BR>
 * Access to a Sun DSEE instance is required for complete processing.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testProxiedAuthV1() throws Exception {
    if (!available) {
        return;
    }
    LDAPConnection conn = getAdminDSEEConnection();
    try {
        LinkedList<Attribute> attrList = new LinkedList<Attribute>();
        attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
        attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)", "(targetattr=\"description\")(version 3.0; " + "acl \"Deny Description Write for Proxy User\"; deny (write) " + "userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
        conn.add(getTestBaseDN(), attrList);
        conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
        conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
        conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
        // Establish a second connection that is authenticated as the proxy user.
        LDAPConnection proxyConn = new LDAPConnection(getTestDSEEHost(), getTestDSEEPort(), "uid=proxy," + getTestBaseDN(), "password");
        // Verify that an attempt to modify the description of the test entry will
        // fail without the proxied authorization control.
        ModifyRequest modifyRequest = new ModifyRequest("dn: ou=test," + getTestBaseDN(), "changetype: modify", "replace: description", "description: bar");
        try {
            proxyConn.modify(modifyRequest);
            fail("Expected a failure when trying to modify description as the " + "proxy user without the proxied authorization V1 request control");
        } catch (LDAPException le) {
            assertEquals(le.getResultCode(), ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
        }
        // Verify that the modification is successful once the proxied auth V1
        // request control is added to perform it as the admin user.
        modifyRequest.addControl(new ProxiedAuthorizationV1RequestControl("uid=admin," + getTestBaseDN()));
        proxyConn.modify(modifyRequest);
        proxyConn.close();
        conn.delete("uid=admin," + getTestBaseDN());
        conn.delete("uid=proxy," + getTestBaseDN());
        conn.delete("ou=test," + getTestBaseDN());
        conn.delete(getTestBaseDN());
    } finally {
        conn.close();
    }
}
Also used : ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) LinkedList(java.util.LinkedList) Test(org.testng.annotations.Test)

Aggregations

ProxiedAuthorizationV1RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl)10 ProxiedAuthorizationV2RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl)8 ManageDsaITRequestControl (com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)7 AssertionRequestControl (com.unboundid.ldap.sdk.controls.AssertionRequestControl)6 OperationPurposeRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5 Control (com.unboundid.ldap.sdk.Control)5 AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)5 PreReadRequestControl (com.unboundid.ldap.sdk.controls.PreReadRequestControl)5 SimplePagedResultsControl (com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)5 SubtreeDeleteRequestControl (com.unboundid.ldap.sdk.controls.SubtreeDeleteRequestControl)5 AssuredReplicationRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationRequestControl)5 GetBackendSetIDRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl)5 GetServerIDRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl)5 HardDeleteRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.HardDeleteRequestControl)5 ReplicationRepairRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.ReplicationRepairRequestControl)5 RouteToServerRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl)5 SoftDeleteRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteRequestControl)5 SuppressReferentialIntegrityUpdatesRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl)5 NotNull (com.unboundid.util.NotNull)5