Examples with SearchCursor org.apache.directory.api.ldap.model.cursor.SearchCursor used on opensource projects

Example 11 with SearchCursor

use of org.apache.directory.api.ldap.model.cursor.SearchCursor in project directory-fortress-core by apache.

the class AuditDAO method searchUserMods.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<Mod> searchUserMods(UserAudit audit) throws FinderException {
    List<Mod> modList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_MOD_CLASS_NM + ")(" + REQDN + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            modList.add(getModEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "searchUserMods caught LdapException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "searchUserMods caught CursorException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return modList;
}

Example 12 with SearchCursor

use of org.apache.directory.api.ldap.model.cursor.SearchCursor in project directory-fortress-core by apache.

the class AuditDAO method getAllAuthZs.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> getAllAuthZs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
        if (audit.getUserId() != null && audit.getUserId().length() > 0) {
            filter += REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        } else {
            // have to limit the query to only authorization entries.
            // TODO: determine why the cn=Manager user is showing up in this search:
            filter += REQUAUTHZID + "=*)(!(" + REQUAUTHZID + "=cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + "))";
            // TODO: fix this so filter by only the Fortress AuthZ entries and not the others:
            if (audit.isFailedOnly()) {
                filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
            }
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}

Example 13 with SearchCursor

use of org.apache.directory.api.ldap.model.cursor.SearchCursor in project directory-fortress-core by apache.

the class AuditDAO method searchInvalidAuthNs.

/**
 * This method returns failed authentications where the userid is not present in the directory.  This
 * is possible because Fortress performs read on user before the bind.
 * User:
 * dn: reqStart=20101014235402.000000Z, cn=log
 * reqStart: 20101014235402.000000Z
 * reqEnd: 20101014235402.000001Z
 * reqAuthzID: cn=Manager,dc=jts,dc=com
 * reqDerefAliases: never
 * reqSession: 84
 * reqAttrsOnly: FALSE
 * reqSizeLimit: -1
 * objectClass: auditSearch
 * reqResult: 32
 * reqAttr: ftId
 * reqAttr: uid
 * reqAttr: userpassword
 * reqAttr: description
 * reqAttr: ou
 * reqAttr: cn
 * reqAttr: sn
 * reqAttr: ftRoleCstr
 * reqAttr: ftCstr
 * reqAttr: ftRoleAsgn
 * reqAttr: pwdReset
 * reqAttr: pwdAccountLockedTime
 * reqAttr: ftProps
 * reqEntries: 0
 * reqFilter: (|(objectClass=*)(?objectClass=ldapSubentry))
 * reqType: search
 * reqDN: uid=foo,ou=People,dc=jts,dc=com        /cal/cal2.jsp
 * reqTimeLimit: -1
 * reqScope: base
 *
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> searchInvalidAuthNs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = Config.getInstance().getProperty(GlobalIds.USER_ROOT);
    try {
        // use wildcard for user if not passed in:
        // reqDN: uid=foo,ou=People,dc=jts,dc=com
        // (&
        // (objectclass=auditSearch)
        // (reqDN=uid=*,ou=People,dc=jts,dc=com)
        // (reqAuthzID=cn=Manager,dc=jts,dc=com)
        // (reqEntries=0)
        // )
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
        String userId;
        if (StringUtils.isNotEmpty(audit.getUserId())) {
            userId = audit.getUserId();
            filter += REQDN + "=" + SchemaConstants.UID_AT + "=" + userId + "," + userRoot + ")(" + REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + ")";
        } else {
            // pull back all failed authN attempts for all users:
            filter += REQATTR + "=" + SchemaConstants.UID_AT + ")(" + REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + ")";
        }
        if (audit.isFailedOnly()) {
            filter += "(" + REQENTRIES + "=" + 0 + ")";
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            AuthZ authZ = getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++);
            // Work around is to remove the ou=People failed searches from user failed searches on authN.
            if (!AuditUtil.getAuthZId(authZ.getReqDN()).equalsIgnoreCase("People")) {
                auditList.add(authZ);
            }
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}

Example 14 with SearchCursor

use of org.apache.directory.api.ldap.model.cursor.SearchCursor in project directory-fortress-core by apache.

the class SdDAO method search.

/**
 * Given an SSD name and type, find matching object in the directory.
 * @param sdset requires name and type.
 * @return List of matching SDSets.
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<SDSet> search(SDSet sdset) throws FinderException {
    List<SDSet> sdList = new ArrayList<>();
    LdapConnection ld = null;
    String ssdRoot = getSdRoot(sdset.getContextId());
    String objectClass = SSD_OBJECT_CLASS_NM;
    if (sdset.getType() == SDSet.SDType.DYNAMIC) {
        objectClass = DSD_OBJECT_CLASS_NM;
    }
    try {
        String searchVal = encodeSafeText(sdset.getName(), GlobalIds.ROLE_LEN);
        String filter = GlobalIds.FILTER_PREFIX + objectClass + ")(" + SD_SET_NM + "=" + searchVal + "*))";
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, ssdRoot, SearchScope.SUBTREE, filter, SD_SET_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            sdList.add(unloadLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "search sdset name [" + sdset.getName() + "] type [" + sdset.getType() + "] caught LdapException=" + e.getMessage();
        int errCode;
        if (sdset.getType() == SDSet.SDType.DYNAMIC) {
            errCode = GlobalErrIds.DSD_SEARCH_FAILED;
        } else {
            errCode = GlobalErrIds.SSD_SEARCH_FAILED;
        }
        throw new FinderException(errCode, error, e);
    } catch (CursorException e) {
        String error = "search sdset name [" + sdset.getName() + "] type [" + sdset.getType() + "] caught CursorException=" + e.getMessage();
        int errCode;
        if (sdset.getType() == SDSet.SDType.DYNAMIC) {
            errCode = GlobalErrIds.DSD_SEARCH_FAILED;
        } else {
            errCode = GlobalErrIds.SSD_SEARCH_FAILED;
        }
        throw new FinderException(errCode, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return sdList;
}

Example 15 with SearchCursor

use of org.apache.directory.api.ldap.model.cursor.SearchCursor in project directory-fortress-core by apache.

the class SdDAO method search.

/**
 * @param role
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<SDSet> search(Role role, SDSet.SDType type) throws FinderException {
    List<SDSet> sdList = new ArrayList<>();
    LdapConnection ld = null;
    String ssdRoot = getSdRoot(role.getContextId());
    String objectClass = SSD_OBJECT_CLASS_NM;
    if (type == SDSet.SDType.DYNAMIC) {
        objectClass = DSD_OBJECT_CLASS_NM;
    }
    try {
        String roleVal = encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
        StringBuilder filterbuf = new StringBuilder();
        filterbuf.append(GlobalIds.FILTER_PREFIX);
        filterbuf.append(objectClass);
        filterbuf.append(")(");
        // Include any parents target role may have:
        Set<String> roles = RoleUtil.getInstance().getAscendants(role.getName(), role.getContextId());
        if (CollectionUtils.isNotEmpty(roles)) {
            filterbuf.append("|(");
            filterbuf.append(ROLES);
            filterbuf.append("=");
            filterbuf.append(roleVal);
            filterbuf.append(")");
            for (String uRole : roles) {
                filterbuf.append("(");
                filterbuf.append(ROLES);
                filterbuf.append("=");
                filterbuf.append(uRole);
                filterbuf.append(")");
            }
            filterbuf.append(")");
        } else {
            filterbuf.append(ROLES);
            filterbuf.append("=");
            filterbuf.append(roleVal);
            filterbuf.append(")");
        }
        filterbuf.append(")");
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, ssdRoot, SearchScope.SUBTREE, filterbuf.toString(), SD_SET_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            sdList.add(unloadLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "search role [" + role.getName() + "] type [" + type + "] caught LdapException=" + e.getMessage();
        int errCode;
        if (type == SDSet.SDType.DYNAMIC) {
            errCode = GlobalErrIds.DSD_SEARCH_FAILED;
        } else {
            errCode = GlobalErrIds.SSD_SEARCH_FAILED;
        }
        throw new FinderException(errCode, error, e);
    } catch (CursorException e) {
        String error = "search role [" + role.getName() + "] type [" + type + "] caught CursorException=" + e.getMessage();
        int errCode;
        if (type == SDSet.SDType.DYNAMIC) {
            errCode = GlobalErrIds.DSD_SEARCH_FAILED;
        } else {
            errCode = GlobalErrIds.SSD_SEARCH_FAILED;
        }
        throw new FinderException(errCode, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return sdList;
}