Search in sources :

Example 1 with WhoAmIExtendedResult

use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.

the class SubtreeDeleter method setInaccessible.

/**
 * Marks the specified subtree as inaccessible.
 *
 * @param  connection
 *              The {@link LDAPInterface} instance to use to communicate with
 *              the directory server.  While this may be an individual
 *              {@link LDAPConnection}, it may be better as a connection
 *              pool with automatic retry enabled so that it's more likely to
 *              succeed in the event that a connection becomes invalid or an
 *              operation experiences a transient failure.  It must not be
 *              {@code null}.
 * @param  baseDN
 *              The base DN for the subtree to make inaccessible.  It must not
 *              be {@code null}.
 *
 * @return  An {@code LDAPResult} with information about a failure that
 *          occurred while trying to make the subtree inaccessible, or
 *          {@code null} if the subtree was successfully made inaccessible.
 */
@Nullable()
private static ExtendedResult setInaccessible(@NotNull final LDAPInterface connection, @NotNull final DN baseDN) {
    // Use the "Who Am I?" extended operation to get the authorization identity
    // of the provided connection.
    final ExtendedResult genericWhoAmIResult = processExtendedOperation(connection, new WhoAmIExtendedRequest());
    if (genericWhoAmIResult.getResultCode() != ResultCode.SUCCESS) {
        return genericWhoAmIResult;
    }
    final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) genericWhoAmIResult;
    // Extract the user DN from the "Who Am I?" result's authorization ID.
    final String authzDN;
    final String authzID = whoAmIResult.getAuthorizationID();
    if (authzID.startsWith("dn:")) {
        authzDN = authzID.substring(3);
    } else {
        return new ExtendedResult(-1, ResultCode.LOCAL_ERROR, ERR_SUBTREE_DELETER_INTERFACE_WHO_AM_I_AUTHZ_ID_NOT_DN.get(authzID), null, StaticUtils.NO_STRINGS, null, null, StaticUtils.NO_CONTROLS);
    }
    // Use the set subtree accessibility extended operation to make the target
    // subtree hidden and read-only.
    final ExtendedResult setInaccessibleResult = processExtendedOperation(connection, SetSubtreeAccessibilityExtendedRequest.createSetHiddenRequest(baseDN.toString(), authzDN));
    if (setInaccessibleResult.getResultCode() == ResultCode.SUCCESS) {
        return null;
    } else {
        return setInaccessibleResult;
    }
}
Also used : WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest) WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) ASN1OctetString(com.unboundid.asn1.ASN1OctetString)

Example 2 with WhoAmIExtendedResult

use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.

the class UpdateConnectionPoolBindRequestAndServerSetTestCase method assertAuthorizationDNEquals.

/**
 * Uses the "Who Am I?" extended operation on the provided connection to
 * ensure that it has the specified authorization identity.
 *
 * @param  conn  The connection for which to obtain the authorization
 *               identity.  It must not be {@code null}.
 * @param  dn    The DN of the entry that is expected to be the authorization
 *               identity for the connection.  It may be {@code null} if the
 *               connection should be unauthenticated.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
private void assertAuthorizationDNEquals(final LDAPConnection conn, final String dn) throws Exception {
    final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
    assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
    final String authorizationID = whoAmIResult.getAuthorizationID();
    assertNotNull(authorizationID);
    assertTrue(authorizationID.startsWith("dn:"));
    if (dn == null) {
        assertEquals(authorizationID, "dn:");
    } else {
        final String extractedDN = authorizationID.substring(3);
        assertDNsEqual(extractedDN, dn);
    }
}
Also used : WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)

Example 3 with WhoAmIExtendedResult

use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.

the class LDAPPasswordModify method getUserIdentity.

/**
 * Retrieves the user identity for whom to update the password.
 *
 * @param  pool               A connection pool to use to communicate with the
 *                            directory server, if necessary.  This may be
 *                            {@code null} if only an explicitly provided user
 *                            identity should be used.  If it is
 *                            non-{@code null}, then an attempt will be made
 *                            to infer the correct value, and the value
 *                            returned will be a DN.
 * @param  isActiveDirectory  Indicates whether the target directory server
 *                            is believed to be an Active Directory instance.
 *
 * @return  The user identity for whom to update the password.
 *
 * @throws  LDAPException  If a problem occurs while attempting to obtain the
 *                         user identity.
 */
@NotNull()
private String getUserIdentity(@NotNull final LDAPConnectionPool pool, final boolean isActiveDirectory) throws LDAPException {
    String identity = null;
    final DNArgument bindDNArgument = argumentParser.getDNArgument(BIND_DN_ARGUMENT_LONG_IDENTIFIER);
    if (userIdentity.isPresent()) {
        identity = userIdentity.getValue();
    } else if (provideBindDNAsUserIdentity.isPresent()) {
        identity = bindDNArgument.getStringValue();
        if ((pool == null) && verbose.isPresent()) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_PWMOD_USING_USER_IDENTITY_FROM_DN_FOR_EXTOP.get(identity));
        }
    } else {
        if ((pool == null) && verbose.isPresent()) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_PWMOD_OMITTING_USER_IDENTITY_FROM_EXTOP.get());
        }
    }
    if (pool == null) {
        return identity;
    }
    if (identity == null) {
        if (bindDNArgument.isPresent()) {
            final DN bindDN = bindDNArgument.getValue();
            if (!bindDN.isNullDN()) {
                return bindDN.toString();
            }
        }
        final WhoAmIExtendedRequest whoAmIRequest = new WhoAmIExtendedRequest();
        try {
            final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) pool.processExtendedOperation(whoAmIRequest);
            if (whoAmIResult.getResultCode() == ResultCode.SUCCESS) {
                identity = whoAmIResult.getAuthorizationID();
            }
        } catch (final LDAPException e) {
            Debug.debugException(e);
        }
    }
    if (identity == null) {
        throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_CANNOT_DETERMINE_USER_IDENTITY.get(userIdentity.getIdentifierString()));
    }
    final String userDN;
    final String lowerIdentity = StaticUtils.toLowerCase(identity);
    if (lowerIdentity.startsWith("dn:")) {
        userDN = identity.substring(3).trim();
    } else if (lowerIdentity.startsWith("u:")) {
        final String username = identity.substring(2).trim();
        if (username.isEmpty()) {
            throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_USERNAME.get(userIdentity.getIdentifierString()));
        }
        userDN = searchForUser(pool, username, isActiveDirectory);
    } else {
        userDN = identity;
    }
    final DN parsedUserDN;
    try {
        parsedUserDN = new DN(userDN);
    } catch (final LDAPException e) {
        Debug.debugException(e);
        throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_NOT_VALID_DN.get(userDN, userIdentity.getIdentifierString()), e);
    }
    if (parsedUserDN.isNullDN()) {
        throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_DN.get(userIdentity.getIdentifierString()));
    }
    if (verbose.isPresent()) {
        out();
        INFO_PWMOD_USER_IDENTITY_DN_FOR_MOD.get(userDN);
    }
    return userDN;
}
Also used : WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) DNArgument(com.unboundid.util.args.DNArgument) LDAPException(com.unboundid.ldap.sdk.LDAPException) WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest) DN(com.unboundid.ldap.sdk.DN) NotNull(com.unboundid.util.NotNull)

Example 4 with WhoAmIExtendedResult

use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.

the class LDAPConnectionPoolTestCase method assertBoundAs.

/**
 * Ensures that the provided connection is bound as the user with the
 * specified DN.
 *
 * @param  conn  The connection to examine.
 * @param  dn    The expected DN of the authenticated user.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
private void assertBoundAs(final LDAPConnection conn, final String dn) throws Exception {
    final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
    assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
    final String authzID = whoAmIResult.getAuthorizationID();
    assertNotNull(authzID);
    assertTrue(authzID.startsWith("dn:"));
    assertDNsEqual(authzID.substring(3), dn);
}
Also used : WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)

Example 5 with WhoAmIExtendedResult

use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.

the class LDAPConnectionTestCase method testExtendedGenericObject.

/**
 * Tests the {@code processExtendedOperation} method variant that takes an
 * extended request object, using a generic form of the object.
 * <BR><BR>
 * Access to a Directory Server instance is required for complete processing.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testExtendedGenericObject() throws Exception {
    if (!isDirectoryInstanceAvailable()) {
        return;
    }
    LDAPConnection conn = getAdminConnection();
    try {
        assertTrue(conn.isConnected());
        assertNotNull(conn.getConnectedAddress());
        assertTrue((conn.getConnectedPort() >= 1) && (conn.getConnectedPort() <= 65535));
        assertNotNull(conn.toString());
        ExtendedRequest extendedRequest = new ExtendedRequest("1.3.6.1.4.1.4203.1.11.3");
        ExtendedResult extendedResult = conn.processExtendedOperation(extendedRequest);
        assertNotNull(extendedResult);
        assertEquals(extendedResult.getResultCode(), ResultCode.SUCCESS);
        assertNull(extendedResult.getOID());
        assertNotNull(extendedResult.getValue());
        assertFalse(extendedResult instanceof WhoAmIExtendedResult);
        WhoAmIExtendedResult whoAmIResult = new WhoAmIExtendedResult(extendedResult);
        assertNotNull(whoAmIResult);
        assertNotNull(whoAmIResult.getAuthorizationID());
    } finally {
        conn.close();
        assertFalse(conn.isConnected());
        assertNull(conn.getConnectedAddress());
        assertTrue(conn.getConnectedPort() < 0);
        assertNotNull(conn.toString());
    }
}
Also used : WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest) CancelExtendedRequest(com.unboundid.ldap.sdk.extensions.CancelExtendedRequest) WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult) Test(org.testng.annotations.Test)

Aggregations

WhoAmIExtendedResult (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)19 WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)16 Test (org.testng.annotations.Test)13 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)7 Control (com.unboundid.ldap.sdk.Control)6 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)6 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)5 BindResult (com.unboundid.ldap.sdk.BindResult)4 AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)4 AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)4 LDAPException (com.unboundid.ldap.sdk.LDAPException)3 DN (com.unboundid.ldap.sdk.DN)2 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)2 PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)2 AddRequest (com.unboundid.ldap.sdk.AddRequest)1 BindRequest (com.unboundid.ldap.sdk.BindRequest)1 CompareRequest (com.unboundid.ldap.sdk.CompareRequest)1 DeleteRequest (com.unboundid.ldap.sdk.DeleteRequest)1 ExtendedRequest (com.unboundid.ldap.sdk.ExtendedRequest)1 ModifyDNRequest (com.unboundid.ldap.sdk.ModifyDNRequest)1