Search in sources :

Example 26 with CompareRequest

use of org.apache.directory.api.ldap.model.message.CompareRequest in project directory-fortress-core by apache.

the class LdapDataProvider method compareNode.

/**
 * This method uses the compare ldap func to assert audit record into the directory server's configured audit
 * logger.
 *
 * This is for one reason - to force the ldap server to maintain an audit trail on checkAccess api.
 *
 * Use proxy authz control (RFC4370) to assert the caller's id onto the record.
 *
 * @param connection is LdapConnection object used for all communication with host.
 * @param dn         contains address of distinguished name to begin ldap search
 * @param userDn     dn for user node
 * @param attribute  attribute used for compare
 * @return true if compare operation succeeds
 * @throws LdapException                thrown in the event of error in ldap client or server code.
 * @throws UnsupportedEncodingException in the event the server cannot perform the operation.
 */
protected boolean compareNode(LdapConnection connection, String dn, String userDn, Attribute attribute) throws LdapException, UnsupportedEncodingException {
    COUNTERS.incrementCompare();
    CompareRequest compareRequest = new CompareRequestImpl();
    compareRequest.setName(new Dn(dn));
    compareRequest.setAttributeId(attribute.getId());
    compareRequest.setAssertionValue(attribute.getString());
    // Assert the end user's dn onto the reqest using proxy authZ control so openldap can log who the user was (for authZ audit trail)
    ProxiedAuthz proxiedAuthzControl = new ProxiedAuthzImpl();
    proxiedAuthzControl.setAuthzId("dn: " + userDn);
    compareRequest.addControl(proxiedAuthzControl);
    CompareResponse response = connection.compare(compareRequest);
    return response.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS;
}
Also used : CompareResponse(org.apache.directory.api.ldap.model.message.CompareResponse) CompareRequest(org.apache.directory.api.ldap.model.message.CompareRequest) ProxiedAuthz(org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz) CompareRequestImpl(org.apache.directory.api.ldap.model.message.CompareRequestImpl) ProxiedAuthzImpl(org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl) Dn(org.apache.directory.api.ldap.model.name.Dn)

Aggregations

CompareRequest (org.apache.directory.api.ldap.model.message.CompareRequest)26 Test (org.junit.Test)15 AbstractTest (org.apache.directory.api.dsmlv2.AbstractTest)12 Dsmlv2Parser (org.apache.directory.api.dsmlv2.Dsmlv2Parser)12 Control (org.apache.directory.api.ldap.model.message.Control)7 DsmlControl (org.apache.directory.api.dsmlv2.DsmlControl)5 CompareRequestDecorator (org.apache.directory.api.ldap.codec.decorators.CompareRequestDecorator)5 CompareRequestImpl (org.apache.directory.api.ldap.model.message.CompareRequestImpl)5 CompareResponse (org.apache.directory.api.ldap.model.message.CompareResponse)5 DecoderException (org.apache.directory.api.asn1.DecoderException)4 ByteBuffer (java.nio.ByteBuffer)3 EncoderException (org.apache.directory.api.asn1.EncoderException)3 Asn1Decoder (org.apache.directory.api.asn1.ber.Asn1Decoder)3 TLV (org.apache.directory.api.asn1.ber.tlv.TLV)3 LdapMessageContainer (org.apache.directory.api.ldap.codec.api.LdapMessageContainer)3 AbstractCodecServiceTest (org.apache.directory.api.ldap.codec.osgi.AbstractCodecServiceTest)3 Dn (org.apache.directory.api.ldap.model.name.Dn)3 BatchRequestDsml (org.apache.directory.api.dsmlv2.request.BatchRequestDsml)2 ResponseCarryingException (org.apache.directory.api.ldap.codec.api.ResponseCarryingException)2 AbandonRequest (org.apache.directory.api.ldap.model.message.AbandonRequest)2