Example 86 with LdapConnection
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class RoleDAO method findRoles.
/**
* @param role
* @param limit
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<String> findRoles(Role role, int limit) throws FinderException {
List<String> roleList = new ArrayList<>();
LdapConnection ld = null;
String roleRoot = getRootDn(role.getContextId(), GlobalIds.ROLE_ROOT);
String filter = null;
try {
String searchVal = encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" + ROLE_NM + "=" + searchVal + "*))";
ld = getAdminConnection();
SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, ROLE_NM_ATR, false, limit);
while (searchResults.next()) {
Entry entry = searchResults.getEntry();
roleList.add(getAttribute(entry, ROLE_NM));
}
} catch (LdapException e) {
String error = "findRoles filter [" + filter + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ROLE_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findRoles filter [" + filter + "] caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ROLE_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return roleList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 87 with LdapConnection
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class RoleDAO method deleteParent.
/**
* @param entity
* @throws UpdateException
*/
void deleteParent(Role entity) throws UpdateException {
LdapConnection ld = null;
String dn = getDn(entity.getName(), entity.getContextId());
try {
List<Modification> mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.PARENT_NODES));
ld = getAdminConnection();
modify(ld, dn, mods, entity);
} catch (LdapException e) {
String error = "deleteParent name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.ROLE_REMOVE_PARENT_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 88 with LdapConnection
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class RoleDAO method remove.
/**
* @param role
* @throws RemoveException
*/
void remove(Role role) throws RemoveException {
LdapConnection ld = null;
String dn = getDn(role.getName(), role.getContextId());
try {
ld = getAdminConnection();
delete(ld, dn, role);
} catch (LdapException e) {
String error = "remove role name=" + role.getName() + " LdapException=" + e.getMessage();
throw new RemoveException(GlobalErrIds.ROLE_DELETE_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
}
Also used :
RemoveException(org.apache.directory.fortress.core.RemoveException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 89 with LdapConnection
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class RoleDAO method assign.
/**
* @param entity
* @param userDn
* @return
* @throws org.apache.directory.fortress.core.UpdateException
*/
Role assign(Role entity, String userDn) throws UpdateException {
LdapConnection ld = null;
String dn = getDn(entity.getName(), entity.getContextId());
try {
// ld = getAdminConnection();
List<Modification> mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, SchemaConstants.ROLE_OCCUPANT_AT, userDn));
ld = getAdminConnection();
modify(ld, dn, mods, entity);
} catch (LdapException e) {
String error = "assign role name [" + entity.getName() + "] user dn [" + userDn + "] caught LdapException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.ROLE_USER_ASSIGN_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
Also used :
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 90 with LdapConnection
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class LdapConnectionProvider method init.
/**
* Initialize the three connection pools using settings and coordinates contained in the config.
*/
private void init() {
IS_SSL = (Config.getInstance().getProperty(GlobalIds.ENABLE_LDAP_SSL) != null && Config.getInstance().getProperty(GlobalIds.ENABLE_LDAP_SSL).equalsIgnoreCase("true") && Config.getInstance().getProperty(GlobalIds.TRUST_STORE) != null && Config.getInstance().getProperty(GlobalIds.TRUST_STORE_PW, true) != null);
String host = Config.getInstance().getProperty(GlobalIds.LDAP_HOST, "localhost");
int port = Config.getInstance().getInt(GlobalIds.LDAP_PORT, 389);
int min = Config.getInstance().getInt(GlobalIds.LDAP_ADMIN_POOL_MIN, 1);
int max = Config.getInstance().getInt(GlobalIds.LDAP_ADMIN_POOL_MAX, 10);
int logmin = Config.getInstance().getInt(LDAP_LOG_POOL_MIN, 1);
int logmax = Config.getInstance().getInt(LDAP_LOG_POOL_MAX, 10);
LOG.info("LDAP POOL: host=[{}], port=[{}], min=[{}], max=[{}]", host, port, min, max);
LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost(host);
config.setLdapPort(port);
config.setName(Config.getInstance().getProperty(GlobalIds.LDAP_ADMIN_POOL_UID, ""));
config.setUseSsl(IS_SSL);
if (Config.getInstance().getBoolean(ENABLE_LDAP_STARTTLS, false)) {
config.setUseTls(true);
}
if (IS_SSL && StringUtils.isNotEmpty(Config.getInstance().getProperty(GlobalIds.TRUST_STORE)) && StringUtils.isNotEmpty(Config.getInstance().getProperty(GlobalIds.TRUST_STORE_PW))) {
// validate certificates but allow self-signed certs if within this truststore:
config.setTrustManagers(new LdapClientTrustStoreManager(Config.getInstance().getProperty(GlobalIds.TRUST_STORE), Config.getInstance().getProperty(GlobalIds.TRUST_STORE_PW).toCharArray(), null, true));
}
String adminPw;
if (EncryptUtil.isEnabled()) {
adminPw = EncryptUtil.getInstance().decrypt(Config.getInstance().getProperty(GlobalIds.LDAP_ADMIN_POOL_PW, true));
} else {
adminPw = Config.getInstance().getProperty(GlobalIds.LDAP_ADMIN_POOL_PW, true);
}
config.setCredentials(adminPw);
try {
List<String> listExOps = new ArrayList<>();
listExOps.add("org.openldap.accelerator.impl.createSession.RbacCreateSessionFactory");
listExOps.add("org.openldap.accelerator.impl.checkAccess.RbacCheckAccessFactory");
listExOps.add("org.openldap.accelerator.impl.addRole.RbacAddRoleFactory");
listExOps.add("org.openldap.accelerator.impl.dropRole.RbacDropRoleFactory");
listExOps.add("org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory");
listExOps.add("org.openldap.accelerator.impl.sessionRoles.RbacSessionRolesFactory");
LdapApiService ldapApiService = new StandaloneLdapApiService(new ArrayList<String>(), listExOps);
if (!LdapApiServiceFactory.isInitialized()) {
LdapApiServiceFactory.initialize(ldapApiService);
}
config.setLdapApiService(ldapApiService);
} catch (Exception ex) {
String error = "Exception caught initializing Admin Pool: " + ex;
throw new CfgRuntimeException(GlobalErrIds.FT_APACHE_LDAP_POOL_INIT_FAILED, error, ex);
}
PoolableObjectFactory<LdapConnection> poolFactory = new ValidatingPoolableLdapConnectionFactory(config);
// Create the Admin pool
adminPool = new LdapConnectionPool(poolFactory);
adminPool.setTestOnBorrow(true);
adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_GROW);
adminPool.setMaxActive(max);
adminPool.setMinIdle(min);
adminPool.setMaxIdle(-1);
// adminPool.setMaxWait( 0 );
// Create the User pool
userPool = new LdapConnectionPool(poolFactory);
userPool.setTestOnBorrow(true);
userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_GROW);
userPool.setMaxActive(max);
userPool.setMinIdle(min);
userPool.setMaxIdle(-1);
// To enable, set {@code log.admin.user} && {@code log.admin.pw} inside fortress.properties file:
if (StringUtils.isNotEmpty(LDAP_LOG_POOL_UID) && StringUtils.isNotEmpty(LDAP_LOG_POOL_PW)) {
// Initializing the log pool in static block requires static props set within fortress.properties.
// To make this dynamic requires moving this code outside of static block AND storing the connection
// metadata inside fortress config node (in ldap).
LdapConnectionConfig logConfig = new LdapConnectionConfig();
logConfig.setLdapHost(host);
logConfig.setLdapPort(port);
logConfig.setName(Config.getInstance().getProperty(GlobalIds.LDAP_ADMIN_POOL_UID, ""));
logConfig.setUseSsl(IS_SSL);
if (IS_SSL && StringUtils.isNotEmpty(Config.getInstance().getProperty(GlobalIds.TRUST_STORE)) && StringUtils.isNotEmpty(Config.getInstance().getProperty(GlobalIds.TRUST_STORE_PW, true))) {
// validate certificates but allow self-signed certs if within this truststore:
logConfig.setTrustManagers(new LdapClientTrustStoreManager(Config.getInstance().getProperty(GlobalIds.TRUST_STORE), Config.getInstance().getProperty(GlobalIds.TRUST_STORE_PW, true).toCharArray(), null, true));
}
logConfig.setName(Config.getInstance().getProperty(LDAP_LOG_POOL_UID, ""));
String logPw;
if (EncryptUtil.isEnabled()) {
logPw = EncryptUtil.getInstance().decrypt(Config.getInstance().getProperty(LDAP_LOG_POOL_PW, true));
} else {
logPw = Config.getInstance().getProperty(LDAP_LOG_POOL_PW, true);
}
logConfig.setCredentials(logPw);
poolFactory = new ValidatingPoolableLdapConnectionFactory(logConfig);
logPool = new LdapConnectionPool(poolFactory);
logPool.setTestOnBorrow(true);
logPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_GROW);
logPool.setMaxActive(logmax);
logPool.setMinIdle(logmin);
}
}
Also used :
ValidatingPoolableLdapConnectionFactory(org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory)
LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig)
ArrayList(java.util.ArrayList)
LdapConnectionPool(org.apache.directory.ldap.client.api.LdapConnectionPool)
StandaloneLdapApiService(org.apache.directory.api.ldap.codec.standalone.StandaloneLdapApiService)
CfgRuntimeException(org.apache.directory.fortress.core.CfgRuntimeException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
CfgRuntimeException(org.apache.directory.fortress.core.CfgRuntimeException)
LdapApiService(org.apache.directory.api.ldap.codec.api.LdapApiService)
StandaloneLdapApiService(org.apache.directory.api.ldap.codec.standalone.StandaloneLdapApiService)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Aggregations
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)180
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)166
ArrayList (java.util.ArrayList)90
FinderException (org.apache.directory.fortress.core.FinderException)73
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)65
Entry (org.apache.directory.api.ldap.model.entry.Entry)52
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)49
Modification (org.apache.directory.api.ldap.model.entry.Modification)43
DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)41
UpdateException (org.apache.directory.fortress.core.UpdateException)41
DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)37
LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)20
CreateException (org.apache.directory.fortress.core.CreateException)17
RemoveException (org.apache.directory.fortress.core.RemoveException)17
IOException (java.io.IOException)14
LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)14
Permission (org.apache.directory.fortress.core.model.Permission)9
Dn (org.apache.directory.api.ldap.model.name.Dn)7
EntryCursor (org.apache.directory.api.ldap.model.cursor.EntryCursor)6
LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)6
