Examples with LdapConnection org.apache.directory.ldap.client.api.LdapConnection used on opensource projects

Example 71 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class UserDAO method findUsers.

/**
 * @param ou
 * @return
 * @throws FinderException
 */
List<User> findUsers(OrgUnit ou, boolean limitSize) throws FinderException {
    List<User> userList = new ArrayList<>();
    LdapConnection ld = null;
    String userRoot = getRootDn(ou.getContextId(), GlobalIds.USER_ROOT);
    try {
        String szOu = encodeSafeText(ou.getName(), GlobalIds.OU_LEN);
        StringBuilder filterbuf = new StringBuilder();
        filterbuf.append(GlobalIds.FILTER_PREFIX);
        filterbuf.append(Config.getInstance().getProperty(USER_OBJECT_CLASS));
        filterbuf.append(")(");
        filterbuf.append(SchemaConstants.OU_AT);
        filterbuf.append("=");
        filterbuf.append(szOu);
        filterbuf.append("))");
        int maxLimit;
        if (limitSize) {
            maxLimit = 10;
        } else {
            maxLimit = 0;
        }
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, userRoot, SearchScope.ONELEVEL, filterbuf.toString(), defaultAtrs, false, maxLimit);
        long sequence = 0;
        while (searchResults.next()) {
            userList.add(unloadLdapEntry(searchResults.getEntry(), sequence++, ou.getContextId()));
        }
    } catch (LdapException e) {
        String warning = "findUsers caught LDAPException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.USER_SEARCH_FAILED, warning, e);
    } catch (CursorException e) {
        String warning = "findUsers caught CursorException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.USER_SEARCH_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userList;
}

Example 72 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class UserDAO method changePassword.

/**
 * @param entity
 * @param newPassword
 * @return
 * @throws UpdateException
 * @throws SecurityException
 * @throws PasswordException
 */
boolean changePassword(User entity, String newPassword) throws SecurityException {
    boolean rc = true;
    LdapConnection ld = null;
    List<Modification> mods;
    String userDn = getDn(entity.getUserId(), entity.getContextId());
    try {
        // Perform this operation as the end user to allow password policy checking:
        ld = getUserConnection();
        bind(ld, userDn, entity.getPassword());
        mods = new ArrayList<Modification>();
        mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, SchemaConstants.USER_PASSWORD_AT, newPassword));
        // This modify changes the password and checks password policies (if enabled)
        modify(ld, userDn, mods);
        // This modify update audit attributes on the User entry (if enabled):
        if (Config.getInstance().isOpenldap() && !Config.getInstance().isAuditDisabled()) {
            mods = new ArrayList<>();
            modify(ld, userDn, mods, entity);
        }
    } catch (LdapInvalidAttributeValueException e) {
        String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
        warning += " constraint violation, ldap rc=" + e.getMessage() + " Fortress rc=" + GlobalErrIds.PSWD_CONST_VIOLATION;
        throw new PasswordException(GlobalErrIds.PSWD_CONST_VIOLATION, warning);
    } catch (LdapNoPermissionException e) {
        String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
        warning += " user not authorized to change password, ldap rc=" + e.getMessage() + " Fortress rc=" + GlobalErrIds.USER_PW_MOD_NOT_ALLOWED;
        throw new UpdateException(GlobalErrIds.USER_PW_MOD_NOT_ALLOWED, warning);
    } catch (LdapException e) {
        String warning = User.class.getName() + ".changePassword user [" + entity.getUserId() + "] ";
        warning += " caught LDAPException rc=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.USER_PW_CHANGE_FAILED, warning, e);
    } finally {
        closeUserConnection(ld);
    }
    // apacheds does not remove the pwdreset flag automatically when password is changed:
    if (Config.getInstance().isApacheds()) {
        deleteResetFlag(entity);
    }
    return rc;
}

Example 73 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class UserDAO method deassign.

/**
 * @param uRole
 * @return
 * @throws UpdateException
 * @throws FinderException
 */
String deassign(UserAdminRole uRole) throws UpdateException, FinderException {
    LdapConnection ld = null;
    String userDn = getDn(uRole.getUserId(), uRole.getContextId());
    try {
        // read the user's ARBAC roles to locate record.  Need the raw data before attempting removal:
        User user = new User(uRole.getUserId());
        user.setContextId(uRole.getContextId());
        List<UserAdminRole> roles = getUserAdminRoles(user);
        int indx = -1;
        // Does the user have any roles assigned?
        if (roles != null) {
            // function call will set index to -1 if name not found:
            indx = roles.indexOf(uRole);
            // Is the targeted name assigned to user?
            if (indx > -1) {
                // Retrieve the targeted name:
                UserRole fRole = roles.get(indx);
                // delete the name assignment attribute using the raw name data:
                List<Modification> mods = new ArrayList<Modification>();
                mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ADMINROLE_DATA, fRole.getRawData()));
                mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ADMINROLE_ASSIGN, fRole.getName()));
                ld = getAdminConnection();
                modify(ld, userDn, mods, uRole);
            }
        }
        // target name not found:
        if (indx == -1) {
            // The user does not have the target name assigned,
            String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] " + "assignment does not exist.";
            throw new FinderException(GlobalErrIds.ARLE_DEASSIGN_NOT_EXIST, warning);
        }
    } catch (LdapException e) {
        String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] caught " + "LDAPException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.ARLE_DEASSIGN_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userDn;
}

Example 74 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class UserDAO method assign.

/**
 * @param uRole
 * @param roleConstraint
 * @throws UpdateException
 * @throws FinderException
 */
void assign(UserRole uRole, RoleConstraint roleConstraint) throws UpdateException, FinderException {
    LdapConnection ld = null;
    String szRoleConstraint = "";
    String userDn = getDn(uRole.getUserId(), uRole.getContextId());
    try {
        roleConstraint.setId();
        List<Modification> mods = new ArrayList<Modification>();
        szRoleConstraint = roleConstraint.getRawData(uRole);
        mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_DATA, szRoleConstraint));
        ld = getAdminConnection();
        modify(ld, userDn, mods, uRole);
    } catch (LdapException e) {
        String warning = "assign userId [" + uRole.getUserId() + "] role constraint [" + szRoleConstraint + "] ";
        warning += "caught LDAPException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.URLE_ASSIGN_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
}

Example 75 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class UserDAO method assign.

/**
 * @param uRole
 * @return
 * @throws UpdateException
 * @throws FinderException
 */
String assign(UserRole uRole) throws UpdateException, FinderException {
    LdapConnection ld = null;
    String userDn = getDn(uRole.getUserId(), uRole.getContextId());
    try {
        List<Modification> mods = new ArrayList<Modification>();
        String szUserRole = uRole.getRawData();
        mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_DATA, szUserRole));
        mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, GlobalIds.USER_ROLE_ASSIGN, uRole.getName()));
        ld = getAdminConnection();
        modify(ld, userDn, mods, uRole);
    } catch (LdapAttributeInUseException e) {
        String warning = "assign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] ";
        warning += "assignment already exists.";
        throw new FinderException(GlobalErrIds.URLE_ASSIGN_EXIST, warning);
    } catch (LdapException e) {
        String warning = "assign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] ";
        warning += "caught LDAPException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.URLE_ASSIGN_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userDn;
}