Example 1 with SubtreeAccessibilityRestriction
use of com.unboundid.ldap.sdk.unboundidds.extensions.SubtreeAccessibilityRestriction in project ldapsdk by pingidentity.
the class MoveSubtree method checkInitialAccessibility.
/**
* Ensures that the specified subtree is accessible in both the source and
* target servers. If it is not accessible, then it may indicate that another
* administrative operation is in progress for the subtree, or that a previous
* move-subtree operation was interrupted before it could complete.
*
* @param sourceConnection The connection to use to communicate with the
* source directory server.
* @param targetConnection The connection to use to communicate with the
* target directory server.
* @param baseDN The base DN for which to verify accessibility.
* @param opPurposeControl An optional operation purpose request control
* that may be included in the requests.
*
* @return {@code null} if the specified subtree is accessible in both the
* source and target servers, or a non-{@code null} object with the
* result that should be used if there is an accessibility problem
* with the subtree on the source and/or target server.
*/
@Nullable()
private static MoveSubtreeResult checkInitialAccessibility(@NotNull final LDAPConnection sourceConnection, @NotNull final LDAPConnection targetConnection, @NotNull final String baseDN, @Nullable final OperationPurposeRequestControl opPurposeControl) {
final DN parsedBaseDN;
try {
parsedBaseDN = new DN(baseDN);
} catch (final Exception e) {
Debug.debugException(e);
return new MoveSubtreeResult(ResultCode.INVALID_DN_SYNTAX, ERR_MOVE_SUBTREE_CANNOT_PARSE_BASE_DN.get(baseDN, StaticUtils.getExceptionMessage(e)), null, false, false, 0, 0, 0);
}
final Control[] controls;
if (opPurposeControl == null) {
controls = StaticUtils.NO_CONTROLS;
} else {
controls = new Control[] { opPurposeControl };
}
// Get the restrictions from the source server. If there are any, then
// make sure that nothing in the hierarchy of the base DN is non-accessible.
final GetSubtreeAccessibilityExtendedResult sourceResult;
try {
sourceResult = (GetSubtreeAccessibilityExtendedResult) sourceConnection.processExtendedOperation(new GetSubtreeAccessibilityExtendedRequest(controls));
if (sourceResult.getResultCode() != ResultCode.SUCCESS) {
throw new LDAPException(sourceResult);
}
} catch (final LDAPException le) {
Debug.debugException(le);
return new MoveSubtreeResult(le.getResultCode(), ERR_MOVE_SUBTREE_CANNOT_GET_ACCESSIBILITY_STATE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get(), le.getMessage()), null, false, false, 0, 0, 0);
}
boolean sourceMatch = false;
String sourceMessage = null;
SubtreeAccessibilityRestriction sourceRestriction = null;
final List<SubtreeAccessibilityRestriction> sourceRestrictions = sourceResult.getAccessibilityRestrictions();
if (sourceRestrictions != null) {
for (final SubtreeAccessibilityRestriction r : sourceRestrictions) {
if (r.getAccessibilityState() == SubtreeAccessibilityState.ACCESSIBLE) {
continue;
}
final DN restrictionDN;
try {
restrictionDN = new DN(r.getSubtreeBaseDN());
} catch (final Exception e) {
Debug.debugException(e);
return new MoveSubtreeResult(ResultCode.INVALID_DN_SYNTAX, ERR_MOVE_SUBTREE_CANNOT_PARSE_RESTRICTION_BASE_DN.get(r.getSubtreeBaseDN(), INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get(), r.toString(), StaticUtils.getExceptionMessage(e)), null, false, false, 0, 0, 0);
}
if (restrictionDN.equals(parsedBaseDN)) {
sourceMatch = true;
sourceRestriction = r;
sourceMessage = ERR_MOVE_SUBTREE_NOT_ACCESSIBLE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get(), r.getAccessibilityState().getStateName());
break;
} else if (restrictionDN.isAncestorOf(parsedBaseDN, false)) {
sourceRestriction = r;
sourceMessage = ERR_MOVE_SUBTREE_WITHIN_UNACCESSIBLE_TREE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get(), r.getSubtreeBaseDN(), r.getAccessibilityState().getStateName());
break;
} else if (restrictionDN.isDescendantOf(parsedBaseDN, false)) {
sourceRestriction = r;
sourceMessage = ERR_MOVE_SUBTREE_CONTAINS_UNACCESSIBLE_TREE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get(), r.getSubtreeBaseDN(), r.getAccessibilityState().getStateName());
break;
}
}
}
// Get the restrictions from the target server. If there are any, then
// make sure that nothing in the hierarchy of the base DN is non-accessible.
final GetSubtreeAccessibilityExtendedResult targetResult;
try {
targetResult = (GetSubtreeAccessibilityExtendedResult) targetConnection.processExtendedOperation(new GetSubtreeAccessibilityExtendedRequest(controls));
if (targetResult.getResultCode() != ResultCode.SUCCESS) {
throw new LDAPException(targetResult);
}
} catch (final LDAPException le) {
Debug.debugException(le);
return new MoveSubtreeResult(le.getResultCode(), ERR_MOVE_SUBTREE_CANNOT_GET_ACCESSIBILITY_STATE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get(), le.getMessage()), null, false, false, 0, 0, 0);
}
boolean targetMatch = false;
String targetMessage = null;
SubtreeAccessibilityRestriction targetRestriction = null;
final List<SubtreeAccessibilityRestriction> targetRestrictions = targetResult.getAccessibilityRestrictions();
if (targetRestrictions != null) {
for (final SubtreeAccessibilityRestriction r : targetRestrictions) {
if (r.getAccessibilityState() == SubtreeAccessibilityState.ACCESSIBLE) {
continue;
}
final DN restrictionDN;
try {
restrictionDN = new DN(r.getSubtreeBaseDN());
} catch (final Exception e) {
Debug.debugException(e);
return new MoveSubtreeResult(ResultCode.INVALID_DN_SYNTAX, ERR_MOVE_SUBTREE_CANNOT_PARSE_RESTRICTION_BASE_DN.get(r.getSubtreeBaseDN(), INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get(), r.toString(), StaticUtils.getExceptionMessage(e)), null, false, false, 0, 0, 0);
}
if (restrictionDN.equals(parsedBaseDN)) {
targetMatch = true;
targetRestriction = r;
targetMessage = ERR_MOVE_SUBTREE_NOT_ACCESSIBLE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get(), r.getAccessibilityState().getStateName());
break;
} else if (restrictionDN.isAncestorOf(parsedBaseDN, false)) {
targetRestriction = r;
targetMessage = ERR_MOVE_SUBTREE_WITHIN_UNACCESSIBLE_TREE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get(), r.getSubtreeBaseDN(), r.getAccessibilityState().getStateName());
break;
} else if (restrictionDN.isDescendantOf(parsedBaseDN, false)) {
targetRestriction = r;
targetMessage = ERR_MOVE_SUBTREE_CONTAINS_UNACCESSIBLE_TREE.get(baseDN, INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get(), r.getSubtreeBaseDN(), r.getAccessibilityState().getStateName());
break;
}
}
}
// to do anything else.
if ((sourceRestriction == null) && (targetRestriction == null)) {
return null;
}
// specific advice about how to recover.
if (sourceMatch || targetMatch) {
// accessible before running again.
if ((sourceRestriction != null) && sourceRestriction.getAccessibilityState().isReadOnly() && (targetRestriction != null) && targetRestriction.getAccessibilityState().isHidden()) {
return new MoveSubtreeResult(ResultCode.UNWILLING_TO_PERFORM, ERR_MOVE_SUBTREE_POSSIBLY_INTERRUPTED_IN_ADDS.get(baseDN, sourceConnection.getConnectedAddress(), sourceConnection.getConnectedPort(), targetConnection.getConnectedAddress(), targetConnection.getConnectedPort()), ERR_MOVE_SUBTREE_POSSIBLY_INTERRUPTED_IN_ADDS_ADMIN_MSG.get(), false, false, 0, 0, 0);
}
// subtree accessible. There shouldn't be a need to run again.
if ((sourceRestriction != null) && sourceRestriction.getAccessibilityState().isHidden() && (targetRestriction == null)) {
return new MoveSubtreeResult(ResultCode.UNWILLING_TO_PERFORM, ERR_MOVE_SUBTREE_POSSIBLY_INTERRUPTED_IN_DELETES.get(baseDN, sourceConnection.getConnectedAddress(), sourceConnection.getConnectedPort(), targetConnection.getConnectedAddress(), targetConnection.getConnectedPort()), ERR_MOVE_SUBTREE_POSSIBLY_INTERRUPTED_IN_DELETES_ADMIN_MSG.get(), false, false, 0, 0, 0);
}
}
// If we've made it here, then we're in a situation we don't recognize.
// Provide general information about the current state of the subtree and
// recommend that the user contact support if they need assistance.
final StringBuilder details = new StringBuilder();
if (sourceMessage != null) {
details.append(sourceMessage);
}
if (targetMessage != null) {
append(targetMessage, details);
}
return new MoveSubtreeResult(ResultCode.UNWILLING_TO_PERFORM, ERR_MOVE_SUBTREE_POSSIBLY_INTERRUPTED.get(baseDN, sourceConnection.getConnectedAddress(), sourceConnection.getConnectedPort(), targetConnection.getConnectedAddress(), targetConnection.getConnectedPort(), details.toString()), null, false, false, 0, 0, 0);
}
Also used :
GetSubtreeAccessibilityExtendedResult(com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedResult)
DN(com.unboundid.ldap.sdk.DN)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
GetSubtreeAccessibilityExtendedRequest(com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedRequest)
LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException)
ArgumentException(com.unboundid.util.args.ArgumentException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
Control(com.unboundid.ldap.sdk.Control)
RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl)
OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl)
SuppressReferentialIntegrityUpdatesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl)
SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl)
ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)
ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl)
DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
SubtreeAccessibilityRestriction(com.unboundid.ldap.sdk.unboundidds.extensions.SubtreeAccessibilityRestriction)
Nullable(com.unboundid.util.Nullable)
Example 2 with SubtreeAccessibilityRestriction
use of com.unboundid.ldap.sdk.unboundidds.extensions.SubtreeAccessibilityRestriction in project ldapsdk by pingidentity.
the class SubtreeAccessibility method doGet.
/**
* Does the work necessary to retrieve the set of subtree accessibility
* restrictions defined in the server.
*
* @param connection The connection to use to communicate with the server.
*
* @return A result code with information about the result of operation
* processing.
*/
@NotNull()
private ResultCode doGet(@NotNull final LDAPConnection connection) {
final GetSubtreeAccessibilityExtendedResult result;
try {
result = (GetSubtreeAccessibilityExtendedResult) connection.processExtendedOperation(new GetSubtreeAccessibilityExtendedRequest());
} catch (final LDAPException le) {
Debug.debugException(le);
err("An error occurred while attempting to invoke the get subtree " + "accessibility request: ", StaticUtils.getExceptionMessage(le));
return le.getResultCode();
}
if (result.getResultCode() != ResultCode.SUCCESS) {
err("The server returned an error for the get subtree accessibility " + "request: ", result.getDiagnosticMessage());
return result.getResultCode();
}
final List<SubtreeAccessibilityRestriction> restrictions = result.getAccessibilityRestrictions();
if ((restrictions == null) || restrictions.isEmpty()) {
out("There are no subtree accessibility restrictions defined in the " + "server.");
return ResultCode.SUCCESS;
}
if (restrictions.size() == 1) {
out("1 subtree accessibility restriction was found in the server:");
} else {
out(restrictions.size(), " subtree accessibility restrictions were found in the server:");
}
for (final SubtreeAccessibilityRestriction r : restrictions) {
out("Subtree Base DN: ", r.getSubtreeBaseDN());
out("Accessibility State: ", r.getAccessibilityState().getStateName());
final String bypassDN = r.getBypassUserDN();
if (bypassDN != null) {
out("Bypass User DN: ", bypassDN);
}
out("Effective Time: ", r.getEffectiveTime());
out();
}
return ResultCode.SUCCESS;
}
Also used :
LDAPException(com.unboundid.ldap.sdk.LDAPException)
GetSubtreeAccessibilityExtendedResult(com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedResult)
GetSubtreeAccessibilityExtendedRequest(com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedRequest)
SubtreeAccessibilityRestriction(com.unboundid.ldap.sdk.unboundidds.extensions.SubtreeAccessibilityRestriction)
NotNull(com.unboundid.util.NotNull)
Aggregations
LDAPException (com.unboundid.ldap.sdk.LDAPException)2
GetSubtreeAccessibilityExtendedRequest (com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedRequest)2
GetSubtreeAccessibilityExtendedResult (com.unboundid.ldap.sdk.unboundidds.extensions.GetSubtreeAccessibilityExtendedResult)2
SubtreeAccessibilityRestriction (com.unboundid.ldap.sdk.unboundidds.extensions.SubtreeAccessibilityRestriction)2
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1
Control (com.unboundid.ldap.sdk.Control)1
DN (com.unboundid.ldap.sdk.DN)1
LDAPSearchException (com.unboundid.ldap.sdk.LDAPSearchException)1
DraftLDUPSubentriesRequestControl (com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl)1
ManageDsaITRequestControl (com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)1
OperationPurposeRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl)1
RealAttributesOnlyRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl)1
ReturnConflictEntriesRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl)1
SoftDeletedEntryAccessRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl)1
SuppressReferentialIntegrityUpdatesRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl)1
NotNull (com.unboundid.util.NotNull)1
Nullable (com.unboundid.util.Nullable)1
ArgumentException (com.unboundid.util.args.ArgumentException)1
