Example 6 with ProxiedAuthz
use of org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz in project directory-ldap-api by apache.
the class ProxiedAuthzControlTest method testDecodeProxiedAuthzControlDnSuccess.
/**
* Test the decoding of a ProxiedAuthzControl with a DN user
*/
@Test
public void testDecodeProxiedAuthzControlDnSuccess() throws Exception {
ByteBuffer bb = ByteBuffer.allocate(0x14);
bb.put(new byte[] { // ProxiedAuthzNotification ::= dn:dc=example,dc=com
'd', 'n', ':', 'd', 'c', '=', 'e', 'x', 'a', 'm', 'p', 'l', 'e', ',', 'd', 'c', '=', 'c', 'o', 'm' });
bb.flip();
ProxiedAuthzDecorator decorator = new ProxiedAuthzDecorator(codec);
ProxiedAuthz proxiedAuthz = (ProxiedAuthz) decorator.decode(bb.array());
assertEquals("dn:dc=example,dc=com", proxiedAuthz.getAuthzId());
}
Also used :
ProxiedAuthz(org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz)
ByteBuffer(java.nio.ByteBuffer)
AbstractCodecServiceTest(org.apache.directory.api.ldap.codec.osgi.AbstractCodecServiceTest)
Test(org.junit.Test)
Example 7 with ProxiedAuthz
use of org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz in project directory-fortress-core by apache.
the class LdapDataProvider method compareNode.
/**
* This method uses the compare ldap func to assert audit record into the directory server's configured audit
* logger.
*
* This is for one reason - to force the ldap server to maintain an audit trail on checkAccess api.
*
* Use proxy authz control (RFC4370) to assert the caller's id onto the record.
*
* @param connection is LdapConnection object used for all communication with host.
* @param dn contains address of distinguished name to begin ldap search
* @param userDn dn for user node
* @param attribute attribute used for compare
* @return true if compare operation succeeds
* @throws LdapException thrown in the event of error in ldap client or server code.
* @throws UnsupportedEncodingException in the event the server cannot perform the operation.
*/
protected boolean compareNode(LdapConnection connection, String dn, String userDn, Attribute attribute) throws LdapException, UnsupportedEncodingException {
COUNTERS.incrementCompare();
CompareRequest compareRequest = new CompareRequestImpl();
compareRequest.setName(new Dn(dn));
compareRequest.setAttributeId(attribute.getId());
compareRequest.setAssertionValue(attribute.getString());
// Assert the end user's dn onto the reqest using proxy authZ control so openldap can log who the user was (for authZ audit trail)
ProxiedAuthz proxiedAuthzControl = new ProxiedAuthzImpl();
proxiedAuthzControl.setAuthzId("dn: " + userDn);
compareRequest.addControl(proxiedAuthzControl);
CompareResponse response = connection.compare(compareRequest);
return response.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS;
}
Also used :
CompareResponse(org.apache.directory.api.ldap.model.message.CompareResponse)
CompareRequest(org.apache.directory.api.ldap.model.message.CompareRequest)
ProxiedAuthz(org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz)
CompareRequestImpl(org.apache.directory.api.ldap.model.message.CompareRequestImpl)
ProxiedAuthzImpl(org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl)
Dn(org.apache.directory.api.ldap.model.name.Dn)
Aggregations
ProxiedAuthz (org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz)7
ByteBuffer (java.nio.ByteBuffer)6
AbstractCodecServiceTest (org.apache.directory.api.ldap.codec.osgi.AbstractCodecServiceTest)6
Test (org.junit.Test)6
CompareRequest (org.apache.directory.api.ldap.model.message.CompareRequest)1
CompareRequestImpl (org.apache.directory.api.ldap.model.message.CompareRequestImpl)1
CompareResponse (org.apache.directory.api.ldap.model.message.CompareResponse)1
ProxiedAuthzImpl (org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl)1
Dn (org.apache.directory.api.ldap.model.name.Dn)1
