Examples with ProxiedAuthzImpl org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl used on opensource projects

Example 1 with ProxiedAuthzImpl

use of org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl in project directory-fortress-core by apache.

the class LdapDataProvider method compareNode.

/**
 * This method uses the compare ldap func to assert audit record into the directory server's configured audit
 * logger.
 *
 * This is for one reason - to force the ldap server to maintain an audit trail on checkAccess api.
 *
 * Use proxy authz control (RFC4370) to assert the caller's id onto the record.
 *
 * @param connection is LdapConnection object used for all communication with host.
 * @param dn         contains address of distinguished name to begin ldap search
 * @param userDn     dn for user node
 * @param attribute  attribute used for compare
 * @return true if compare operation succeeds
 * @throws LdapException                thrown in the event of error in ldap client or server code.
 * @throws UnsupportedEncodingException in the event the server cannot perform the operation.
 */
protected boolean compareNode(LdapConnection connection, String dn, String userDn, Attribute attribute) throws LdapException, UnsupportedEncodingException {
    COUNTERS.incrementCompare();
    CompareRequest compareRequest = new CompareRequestImpl();
    compareRequest.setName(new Dn(dn));
    compareRequest.setAttributeId(attribute.getId());
    compareRequest.setAssertionValue(attribute.getString());
    // Assert the end user's dn onto the reqest using proxy authZ control so openldap can log who the user was (for authZ audit trail)
    ProxiedAuthz proxiedAuthzControl = new ProxiedAuthzImpl();
    proxiedAuthzControl.setAuthzId("dn: " + userDn);
    compareRequest.addControl(proxiedAuthzControl);
    CompareResponse response = connection.compare(compareRequest);
    return response.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS;
}