Example 11 with UpdateException
use of org.apache.directory.fortress.core.UpdateException in project directory-fortress-core by apache.
the class UserDAO method resetUserPassword.
/**
* @param user
* @throws UpdateException
*/
void resetUserPassword(User user) throws UpdateException {
LdapConnection ld = null;
String userDn = getDn(user.getUserId(), user.getContextId());
try {
List<Modification> mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, SchemaConstants.USER_PASSWORD_AT, user.getPassword()));
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_RESET, "TRUE"));
ld = getAdminConnection();
modify(ld, userDn, mods, user);
} catch (LdapException e) {
String warning = "resetUserPassword userId [" + user.getUserId() + "] caught LDAPException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.USER_PW_RESET_FAILED, warning, e);
} finally {
closeAdminConnection(ld);
}
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 12 with UpdateException
use of org.apache.directory.fortress.core.UpdateException in project directory-fortress-core by apache.
the class UserDAO method changePassword.
/**
* @param entity
* @param newPassword
* @return
* @throws UpdateException
* @throws SecurityException
* @throws PasswordException
*/
boolean changePassword(User entity, String newPassword) throws SecurityException {
boolean rc = true;
LdapConnection ld = null;
List<Modification> mods;
String userDn = getDn(entity.getUserId(), entity.getContextId());
try {
// Perform this operation as the end user to allow password policy checking:
ld = getUserConnection();
bind(ld, userDn, entity.getPassword());
mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, SchemaConstants.USER_PASSWORD_AT, newPassword));
// This modify changes the password and checks password policies (if enabled)
modify(ld, userDn, mods);
// This modify update audit attributes on the User entry (if enabled):
if (Config.getInstance().isOpenldap() && !Config.getInstance().isAuditDisabled()) {
mods = new ArrayList<>();
modify(ld, userDn, mods, entity);
}
} catch (LdapInvalidAttributeValueException e) {
String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
warning += " constraint violation, ldap rc=" + e.getMessage() + " Fortress rc=" + GlobalErrIds.PSWD_CONST_VIOLATION;
throw new PasswordException(GlobalErrIds.PSWD_CONST_VIOLATION, warning);
} catch (LdapNoPermissionException e) {
String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
warning += " user not authorized to change password, ldap rc=" + e.getMessage() + " Fortress rc=" + GlobalErrIds.USER_PW_MOD_NOT_ALLOWED;
throw new UpdateException(GlobalErrIds.USER_PW_MOD_NOT_ALLOWED, warning);
} catch (LdapException e) {
String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
warning += " caught LDAPException rc=" + e.getMessage();
throw new UpdateException(GlobalErrIds.USER_PW_CHANGE_FAILED, warning, e);
} finally {
closeUserConnection(ld);
}
// apacheds does not remove the pwdreset flag automatically when password is changed:
if (Config.getInstance().isApacheds()) {
deleteResetFlag(entity);
}
return rc;
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
PasswordException(org.apache.directory.fortress.core.PasswordException)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 13 with UpdateException
use of org.apache.directory.fortress.core.UpdateException in project directory-fortress-core by apache.
the class UserDAO method deassign.
/**
* @param uRole
* @return
* @throws UpdateException
* @throws FinderException
*/
String deassign(UserAdminRole uRole) throws UpdateException, FinderException {
LdapConnection ld = null;
String userDn = getDn(uRole.getUserId(), uRole.getContextId());
try {
// read the user's ARBAC roles to locate record. Need the raw data before attempting removal:
User user = new User(uRole.getUserId());
user.setContextId(uRole.getContextId());
List<UserAdminRole> roles = getUserAdminRoles(user);
int indx = -1;
// Does the user have any roles assigned?
if (roles != null) {
// function call will set index to -1 if name not found:
indx = roles.indexOf(uRole);
// Is the targeted name assigned to user?
if (indx > -1) {
// Retrieve the targeted name:
UserRole fRole = roles.get(indx);
// delete the name assignment attribute using the raw name data:
List<Modification> mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ADMINROLE_DATA, fRole.getRawData()));
mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ADMINROLE_ASSIGN, fRole.getName()));
ld = getAdminConnection();
modify(ld, userDn, mods, uRole);
}
}
// target name not found:
if (indx == -1) {
// The user does not have the target name assigned,
String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] " + "assignment does not exist.";
throw new FinderException(GlobalErrIds.ARLE_DEASSIGN_NOT_EXIST, warning);
}
} catch (LdapException e) {
String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] caught " + "LDAPException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.ARLE_DEASSIGN_FAILED, warning, e);
} finally {
closeAdminConnection(ld);
}
return userDn;
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
User(org.apache.directory.fortress.core.model.User)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
ArrayList(java.util.ArrayList)
RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint)
FinderException(org.apache.directory.fortress.core.FinderException)
UserRole(org.apache.directory.fortress.core.model.UserRole)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 14 with UpdateException
use of org.apache.directory.fortress.core.UpdateException in project directory-fortress-core by apache.
the class UserDAO method assign.
/**
* @param uRole
* @param roleConstraint
* @throws UpdateException
* @throws FinderException
*/
void assign(UserRole uRole, RoleConstraint roleConstraint) throws UpdateException, FinderException {
LdapConnection ld = null;
String szRoleConstraint = "";
String userDn = getDn(uRole.getUserId(), uRole.getContextId());
try {
roleConstraint.setId();
List<Modification> mods = new ArrayList<Modification>();
szRoleConstraint = roleConstraint.getRawData(uRole);
mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_DATA, szRoleConstraint));
ld = getAdminConnection();
modify(ld, userDn, mods, uRole);
} catch (LdapException e) {
String warning = "assign userId [" + uRole.getUserId() + "] role constraint [" + szRoleConstraint + "] ";
warning += "caught LDAPException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.URLE_ASSIGN_FAILED, warning, e);
} finally {
closeAdminConnection(ld);
}
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 15 with UpdateException
use of org.apache.directory.fortress.core.UpdateException in project directory-fortress-core by apache.
the class UserDAO method assign.
/**
* @param uRole
* @return
* @throws UpdateException
* @throws FinderException
*/
String assign(UserRole uRole) throws UpdateException, FinderException {
LdapConnection ld = null;
String userDn = getDn(uRole.getUserId(), uRole.getContextId());
try {
List<Modification> mods = new ArrayList<Modification>();
String szUserRole = uRole.getRawData();
mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_DATA, szUserRole));
mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_ASSIGN, uRole.getName()));
ld = getAdminConnection();
modify(ld, userDn, mods, uRole);
} catch (LdapAttributeInUseException e) {
String warning = "assign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] ";
warning += "assignment already exists.";
throw new FinderException(GlobalErrIds.URLE_ASSIGN_EXIST, warning);
} catch (LdapException e) {
String warning = "assign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] ";
warning += "caught LDAPException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.URLE_ASSIGN_FAILED, warning, e);
} finally {
closeAdminConnection(ld);
}
return userDn;
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
FinderException(org.apache.directory.fortress.core.FinderException)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Aggregations
Modification (org.apache.directory.api.ldap.model.entry.Modification)41
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)41
UpdateException (org.apache.directory.fortress.core.UpdateException)41
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)41
ArrayList (java.util.ArrayList)40
DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)39
FinderException (org.apache.directory.fortress.core.FinderException)7
LdapAttributeInUseException (org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)4
LdapNoSuchAttributeException (org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException)4
LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)3
LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)2
Dn (org.apache.directory.api.ldap.model.name.Dn)2
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)2
UserRole (org.apache.directory.fortress.core.model.UserRole)2
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
LdapNoPermissionException (org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)1
CreateException (org.apache.directory.fortress.core.CreateException)1
PasswordException (org.apache.directory.fortress.core.PasswordException)1
RemoveException (org.apache.directory.fortress.core.RemoveException)1
User (org.apache.directory.fortress.core.model.User)1
