use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.
the class SubtreeDeleter method setInaccessible.
/**
* Marks the specified subtree as inaccessible.
*
* @param connection
* The {@link LDAPInterface} instance to use to communicate with
* the directory server. While this may be an individual
* {@link LDAPConnection}, it may be better as a connection
* pool with automatic retry enabled so that it's more likely to
* succeed in the event that a connection becomes invalid or an
* operation experiences a transient failure. It must not be
* {@code null}.
* @param baseDN
* The base DN for the subtree to make inaccessible. It must not
* be {@code null}.
*
* @return An {@code LDAPResult} with information about a failure that
* occurred while trying to make the subtree inaccessible, or
* {@code null} if the subtree was successfully made inaccessible.
*/
@Nullable()
private static ExtendedResult setInaccessible(@NotNull final LDAPInterface connection, @NotNull final DN baseDN) {
// Use the "Who Am I?" extended operation to get the authorization identity
// of the provided connection.
final ExtendedResult genericWhoAmIResult = processExtendedOperation(connection, new WhoAmIExtendedRequest());
if (genericWhoAmIResult.getResultCode() != ResultCode.SUCCESS) {
return genericWhoAmIResult;
}
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) genericWhoAmIResult;
// Extract the user DN from the "Who Am I?" result's authorization ID.
final String authzDN;
final String authzID = whoAmIResult.getAuthorizationID();
if (authzID.startsWith("dn:")) {
authzDN = authzID.substring(3);
} else {
return new ExtendedResult(-1, ResultCode.LOCAL_ERROR, ERR_SUBTREE_DELETER_INTERFACE_WHO_AM_I_AUTHZ_ID_NOT_DN.get(authzID), null, StaticUtils.NO_STRINGS, null, null, StaticUtils.NO_CONTROLS);
}
// Use the set subtree accessibility extended operation to make the target
// subtree hidden and read-only.
final ExtendedResult setInaccessibleResult = processExtendedOperation(connection, SetSubtreeAccessibilityExtendedRequest.createSetHiddenRequest(baseDN.toString(), authzDN));
if (setInaccessibleResult.getResultCode() == ResultCode.SUCCESS) {
return null;
} else {
return setInaccessibleResult;
}
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.
the class UpdateConnectionPoolBindRequestAndServerSetTestCase method assertAuthorizationDNEquals.
/**
* Uses the "Who Am I?" extended operation on the provided connection to
* ensure that it has the specified authorization identity.
*
* @param conn The connection for which to obtain the authorization
* identity. It must not be {@code null}.
* @param dn The DN of the entry that is expected to be the authorization
* identity for the connection. It may be {@code null} if the
* connection should be unauthenticated.
*
* @throws Exception If an unexpected problem occurs.
*/
private void assertAuthorizationDNEquals(final LDAPConnection conn, final String dn) throws Exception {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
final String authorizationID = whoAmIResult.getAuthorizationID();
assertNotNull(authorizationID);
assertTrue(authorizationID.startsWith("dn:"));
if (dn == null) {
assertEquals(authorizationID, "dn:");
} else {
final String extractedDN = authorizationID.substring(3);
assertDNsEqual(extractedDN, dn);
}
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.
the class LDAPPasswordModify method getUserIdentity.
/**
* Retrieves the user identity for whom to update the password.
*
* @param pool A connection pool to use to communicate with the
* directory server, if necessary. This may be
* {@code null} if only an explicitly provided user
* identity should be used. If it is
* non-{@code null}, then an attempt will be made
* to infer the correct value, and the value
* returned will be a DN.
* @param isActiveDirectory Indicates whether the target directory server
* is believed to be an Active Directory instance.
*
* @return The user identity for whom to update the password.
*
* @throws LDAPException If a problem occurs while attempting to obtain the
* user identity.
*/
@NotNull()
private String getUserIdentity(@NotNull final LDAPConnectionPool pool, final boolean isActiveDirectory) throws LDAPException {
String identity = null;
final DNArgument bindDNArgument = argumentParser.getDNArgument(BIND_DN_ARGUMENT_LONG_IDENTIFIER);
if (userIdentity.isPresent()) {
identity = userIdentity.getValue();
} else if (provideBindDNAsUserIdentity.isPresent()) {
identity = bindDNArgument.getStringValue();
if ((pool == null) && verbose.isPresent()) {
out();
wrapOut(0, WRAP_COLUMN, INFO_PWMOD_USING_USER_IDENTITY_FROM_DN_FOR_EXTOP.get(identity));
}
} else {
if ((pool == null) && verbose.isPresent()) {
out();
wrapOut(0, WRAP_COLUMN, INFO_PWMOD_OMITTING_USER_IDENTITY_FROM_EXTOP.get());
}
}
if (pool == null) {
return identity;
}
if (identity == null) {
if (bindDNArgument.isPresent()) {
final DN bindDN = bindDNArgument.getValue();
if (!bindDN.isNullDN()) {
return bindDN.toString();
}
}
final WhoAmIExtendedRequest whoAmIRequest = new WhoAmIExtendedRequest();
try {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) pool.processExtendedOperation(whoAmIRequest);
if (whoAmIResult.getResultCode() == ResultCode.SUCCESS) {
identity = whoAmIResult.getAuthorizationID();
}
} catch (final LDAPException e) {
Debug.debugException(e);
}
}
if (identity == null) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_CANNOT_DETERMINE_USER_IDENTITY.get(userIdentity.getIdentifierString()));
}
final String userDN;
final String lowerIdentity = StaticUtils.toLowerCase(identity);
if (lowerIdentity.startsWith("dn:")) {
userDN = identity.substring(3).trim();
} else if (lowerIdentity.startsWith("u:")) {
final String username = identity.substring(2).trim();
if (username.isEmpty()) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_USERNAME.get(userIdentity.getIdentifierString()));
}
userDN = searchForUser(pool, username, isActiveDirectory);
} else {
userDN = identity;
}
final DN parsedUserDN;
try {
parsedUserDN = new DN(userDN);
} catch (final LDAPException e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_NOT_VALID_DN.get(userDN, userIdentity.getIdentifierString()), e);
}
if (parsedUserDN.isNullDN()) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_DN.get(userIdentity.getIdentifierString()));
}
if (verbose.isPresent()) {
out();
INFO_PWMOD_USER_IDENTITY_DN_FOR_MOD.get(userDN);
}
return userDN;
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.
the class LDAPConnectionPoolTestCase method assertBoundAs.
/**
* Ensures that the provided connection is bound as the user with the
* specified DN.
*
* @param conn The connection to examine.
* @param dn The expected DN of the authenticated user.
*
* @throws Exception If an unexpected problem occurs.
*/
private void assertBoundAs(final LDAPConnection conn, final String dn) throws Exception {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
final String authzID = whoAmIResult.getAuthorizationID();
assertNotNull(authzID);
assertTrue(authzID.startsWith("dn:"));
assertDNsEqual(authzID.substring(3), dn);
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult in project ldapsdk by pingidentity.
the class LDAPConnectionTestCase method testExtendedGenericObject.
/**
* Tests the {@code processExtendedOperation} method variant that takes an
* extended request object, using a generic form of the object.
* <BR><BR>
* Access to a Directory Server instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testExtendedGenericObject() throws Exception {
if (!isDirectoryInstanceAvailable()) {
return;
}
LDAPConnection conn = getAdminConnection();
try {
assertTrue(conn.isConnected());
assertNotNull(conn.getConnectedAddress());
assertTrue((conn.getConnectedPort() >= 1) && (conn.getConnectedPort() <= 65535));
assertNotNull(conn.toString());
ExtendedRequest extendedRequest = new ExtendedRequest("1.3.6.1.4.1.4203.1.11.3");
ExtendedResult extendedResult = conn.processExtendedOperation(extendedRequest);
assertNotNull(extendedResult);
assertEquals(extendedResult.getResultCode(), ResultCode.SUCCESS);
assertNull(extendedResult.getOID());
assertNotNull(extendedResult.getValue());
assertFalse(extendedResult instanceof WhoAmIExtendedResult);
WhoAmIExtendedResult whoAmIResult = new WhoAmIExtendedResult(extendedResult);
assertNotNull(whoAmIResult);
assertNotNull(whoAmIResult.getAuthorizationID());
} finally {
conn.close();
assertFalse(conn.isConnected());
assertNull(conn.getConnectedAddress());
assertTrue(conn.getConnectedPort() < 0);
assertNotNull(conn.toString());
}
}
Aggregations