Search in sources :

Example 46 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class PropertyDAO method getProperties.

/**
 * Get properties on the provided entity using the provided property provider
 *
 * @param entity A FortressEntity that supports properties (Role, AdminRole, Group, Permission, PermObj)
 * @param propProvider DAO for entity type that implements property provider interface
 * @return Current properties of entity
 * @throws FinderException
 */
Properties getProperties(FortEntity entity, PropertyProvider propProvider) throws FinderException {
    Properties props = null;
    LdapConnection ld = null;
    String entityDn = propProvider.getDn(entity);
    try {
        ld = getAdminConnection();
        Entry findEntry = read(ld, entityDn, new String[] { GlobalIds.PROPS });
        props = PropUtil.getProperties(getAttributes(findEntry, GlobalIds.PROPS));
        if (props == null) {
            props = new Properties();
        }
    } catch (LdapNoSuchObjectException e) {
        String warning = "get properties COULD NOT FIND ENTRY for entity [" + entityDn + "]";
        throw new FinderException(GlobalErrIds.ENTITY_PROPS_NOT_FOUND, warning);
    } catch (LdapException e) {
        String error = "get properties [" + entityDn + "]= caught LDAPException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ENTITY_PROPS_LOAD_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return props;
}
Also used : LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException) FinderException(org.apache.directory.fortress.core.FinderException) Entry(org.apache.directory.api.ldap.model.entry.Entry) Properties(java.util.Properties) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 47 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method searchAuthZs.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> searchAuthZs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String permRoot = getRootDn(audit.isAdmin(), audit.getContextId());
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String reqDn = PermDAO.getOpRdn(audit.getOpName(), audit.getObjId()) + "," + GlobalIds.POBJ_NAME + "=" + audit.getObjName() + "," + permRoot;
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(" + REQDN + "=" + reqDn + ")(" + REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        if (audit.isFailedOnly()) {
            filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // System.out.println("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) AuthZ(org.apache.directory.fortress.core.model.AuthZ) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 48 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method searchUserMods.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<Mod> searchUserMods(UserAudit audit) throws FinderException {
    List<Mod> modList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_MOD_CLASS_NM + ")(" + REQDN + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            modList.add(getModEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "searchUserMods caught LdapException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "searchUserMods caught CursorException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return modList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) Mod(org.apache.directory.fortress.core.model.Mod) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 49 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method getAllAuthZs.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> getAllAuthZs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
        if (audit.getUserId() != null && audit.getUserId().length() > 0) {
            filter += REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        } else {
            // have to limit the query to only authorization entries.
            // TODO: determine why the cn=Manager user is showing up in this search:
            filter += REQUAUTHZID + "=*)(!(" + REQUAUTHZID + "=cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + "))";
            // TODO: fix this so filter by only the Fortress AuthZ entries and not the others:
            if (audit.isFailedOnly()) {
                filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
            }
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) AuthZ(org.apache.directory.fortress.core.model.AuthZ) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 50 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method searchInvalidAuthNs.

/**
 * This method returns failed authentications where the userid is not present in the directory.  This
 * is possible because Fortress performs read on user before the bind.
 * User:
 * dn: reqStart=20101014235402.000000Z, cn=log
 * reqStart: 20101014235402.000000Z
 * reqEnd: 20101014235402.000001Z
 * reqAuthzID: cn=Manager,dc=jts,dc=com
 * reqDerefAliases: never
 * reqSession: 84
 * reqAttrsOnly: FALSE
 * reqSizeLimit: -1
 * objectClass: auditSearch
 * reqResult: 32
 * reqAttr: ftId
 * reqAttr: uid
 * reqAttr: userpassword
 * reqAttr: description
 * reqAttr: ou
 * reqAttr: cn
 * reqAttr: sn
 * reqAttr: ftRoleCstr
 * reqAttr: ftCstr
 * reqAttr: ftRoleAsgn
 * reqAttr: pwdReset
 * reqAttr: pwdAccountLockedTime
 * reqAttr: ftProps
 * reqEntries: 0
 * reqFilter: (|(objectClass=*)(?objectClass=ldapSubentry))
 * reqType: search
 * reqDN: uid=foo,ou=People,dc=jts,dc=com        /cal/cal2.jsp
 * reqTimeLimit: -1
 * reqScope: base
 *
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> searchInvalidAuthNs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = Config.getInstance().getProperty(GlobalIds.USER_ROOT);
    try {
        // use wildcard for user if not passed in:
        // reqDN: uid=foo,ou=People,dc=jts,dc=com
        // (&
        // (objectclass=auditSearch)
        // (reqDN=uid=*,ou=People,dc=jts,dc=com)
        // (reqAuthzID=cn=Manager,dc=jts,dc=com)
        // (reqEntries=0)
        // )
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
        String userId;
        if (StringUtils.isNotEmpty(audit.getUserId())) {
            userId = audit.getUserId();
            filter += REQDN + "=" + SchemaConstants.UID_AT + "=" + userId + "," + userRoot + ")(" + REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + ")";
        } else {
            // pull back all failed authN attempts for all users:
            filter += REQATTR + "=" + SchemaConstants.UID_AT + ")(" + REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + ")";
        }
        if (audit.isFailedOnly()) {
            filter += "(" + REQENTRIES + "=" + 0 + ")";
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            AuthZ authZ = getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++);
            // Work around is to remove the ou=People failed searches from user failed searches on authN.
            if (!AuditUtil.getAuthZId(authZ.getReqDN()).equalsIgnoreCase("People")) {
                auditList.add(authZ);
            }
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) AuthZ(org.apache.directory.fortress.core.model.AuthZ) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)180 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)166 ArrayList (java.util.ArrayList)90 FinderException (org.apache.directory.fortress.core.FinderException)73 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)65 Entry (org.apache.directory.api.ldap.model.entry.Entry)52 SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)49 Modification (org.apache.directory.api.ldap.model.entry.Modification)43 DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)41 UpdateException (org.apache.directory.fortress.core.UpdateException)41 DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)37 LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)20 CreateException (org.apache.directory.fortress.core.CreateException)17 RemoveException (org.apache.directory.fortress.core.RemoveException)17 IOException (java.io.IOException)14 LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)14 Permission (org.apache.directory.fortress.core.model.Permission)9 Dn (org.apache.directory.api.ldap.model.name.Dn)7 EntryCursor (org.apache.directory.api.ldap.model.cursor.EntryCursor)6 LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)6