Search in sources :

Example 41 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class PolicyDAO method update.

/**
 * @param entity
 * @throws org.apache.directory.fortress.core.UpdateException
 */
void update(PwPolicy entity) throws UpdateException {
    LdapConnection ld = null;
    String dn = getDn(entity);
    try {
        List<Modification> mods = new ArrayList<Modification>();
        if (entity.getMinAge() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MIN_AGE, entity.getMinAge().toString()));
        }
        if (entity.getMaxAge() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MAX_AGE, entity.getMaxAge().toString()));
        }
        if (entity.getInHistory() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_IN_HISTORY, entity.getInHistory().toString()));
        }
        if (entity.getCheckQuality() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_CHECK_QUALITY, entity.getCheckQuality().toString()));
        }
        if (entity.getMinLength() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MIN_LENGTH, entity.getMinLength().toString()));
        }
        if (entity.getExpireWarning() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_EXPIRE_WARNING, entity.getExpireWarning().toString()));
        }
        if (entity.getGraceLoginLimit() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_GRACE_LOGIN_LIMIT, entity.getGraceLoginLimit().toString()));
        }
        if (entity.getLockout() != null) {
            /**
             * OpenLDAP requires the boolean values to be upper case:
             */
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_LOCKOUT, entity.getLockout().toString().toUpperCase()));
        }
        if (entity.getLockoutDuration() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_LOCKOUT_DURATION, entity.getLockoutDuration().toString()));
        }
        if (entity.getMaxFailure() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MAX_FAILURE, entity.getMaxFailure().toString()));
        }
        if (entity.getFailureCountInterval() != null) {
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_FAILURE_COUNT_INTERVAL, entity.getFailureCountInterval().toString()));
        }
        if (entity.getMustChange() != null) {
            /**
             * OpenLDAP requires the boolean values to be upper case:
             */
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MUST_CHANGE, entity.getMustChange().toString().toUpperCase()));
        }
        if (entity.getAllowUserChange() != null) {
            /**
             * OpenLDAP requires the boolean values to be upper case:
             */
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_ALLOW_USER_CHANGE, entity.getAllowUserChange().toString().toUpperCase()));
        }
        if (entity.getSafeModify() != null) {
            /**
             * OpenLDAP requires the boolean values to be upper case:
             */
            mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_SAFE_MODIFY, entity.getSafeModify().toString().toUpperCase()));
        }
        if (mods != null && mods.size() > 0) {
            ld = getAdminConnection();
            modify(ld, dn, mods, entity);
        }
    } catch (LdapException e) {
        String error = "update name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.PSWD_UPDATE_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
}
Also used : DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification) Modification(org.apache.directory.api.ldap.model.entry.Modification) DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification) ArrayList(java.util.ArrayList) UpdateException(org.apache.directory.fortress.core.UpdateException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 42 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class PropertyDAO method getProperties.

/**
 * Get properties on the provided entity using the provided property provider
 *
 * @param entity A FortressEntity that supports properties (Role, AdminRole, Group, Permission, PermObj)
 * @param propProvider DAO for entity type that implements property provider interface
 * @return Current properties of entity
 * @throws FinderException
 */
Properties getProperties(FortEntity entity, PropertyProvider propProvider) throws FinderException {
    Properties props = null;
    LdapConnection ld = null;
    String entityDn = propProvider.getDn(entity);
    try {
        ld = getAdminConnection();
        Entry findEntry = read(ld, entityDn, new String[] { GlobalIds.PROPS });
        props = PropUtil.getProperties(getAttributes(findEntry, GlobalIds.PROPS));
        if (props == null) {
            props = new Properties();
        }
    } catch (LdapNoSuchObjectException e) {
        String warning = "get properties COULD NOT FIND ENTRY for entity [" + entityDn + "]";
        throw new FinderException(GlobalErrIds.ENTITY_PROPS_NOT_FOUND, warning);
    } catch (LdapException e) {
        String error = "get properties [" + entityDn + "]= caught LDAPException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ENTITY_PROPS_LOAD_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return props;
}
Also used : LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException) FinderException(org.apache.directory.fortress.core.FinderException) Entry(org.apache.directory.api.ldap.model.entry.Entry) Properties(java.util.Properties) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 43 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method searchAuthZs.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> searchAuthZs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String permRoot = getRootDn(audit.isAdmin(), audit.getContextId());
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String reqDn = PermDAO.getOpRdn(audit.getOpName(), audit.getObjId()) + "," + GlobalIds.POBJ_NAME + "=" + audit.getObjName() + "," + permRoot;
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(" + REQDN + "=" + reqDn + ")(" + REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        if (audit.isFailedOnly()) {
            filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // System.out.println("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) AuthZ(org.apache.directory.fortress.core.model.AuthZ) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 44 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method searchUserMods.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<Mod> searchUserMods(UserAudit audit) throws FinderException {
    List<Mod> modList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_MOD_CLASS_NM + ")(" + REQDN + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            modList.add(getModEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "searchUserMods caught LdapException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "searchUserMods caught CursorException id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return modList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) Mod(org.apache.directory.fortress.core.model.Mod) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 45 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AuditDAO method getAllAuthZs.

/**
 * @param audit
 * @return
 * @throws org.apache.directory.fortress.core.FinderException
 */
List<AuthZ> getAllAuthZs(UserAudit audit) throws FinderException {
    List<AuthZ> auditList = new ArrayList<>();
    LdapConnection ld = null;
    String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
    String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
        if (audit.getUserId() != null && audit.getUserId().length() > 0) {
            filter += REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
        } else {
            // have to limit the query to only authorization entries.
            // TODO: determine why the cn=Manager user is showing up in this search:
            filter += REQUAUTHZID + "=*)(!(" + REQUAUTHZID + "=cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + "))";
            // TODO: fix this so filter by only the Fortress AuthZ entries and not the others:
            if (audit.isFailedOnly()) {
                filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
            }
        }
        if (audit.getBeginDate() != null) {
            String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
            filter += "(" + REQEND + ">=" + szTime + ")";
        }
        filter += ")";
        // log.warn("filter=" + filter);
        ld = getLogConnection();
        SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "LdapException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "CursorException in AuditDAO.getAllAuthZs id=" + e.getMessage();
        throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
    } finally {
        closeLogConnection(ld);
    }
    return auditList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) AuthZ(org.apache.directory.fortress.core.model.AuthZ) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)178 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)164 ArrayList (java.util.ArrayList)89 FinderException (org.apache.directory.fortress.core.FinderException)73 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)63 Entry (org.apache.directory.api.ldap.model.entry.Entry)50 SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)49 Modification (org.apache.directory.api.ldap.model.entry.Modification)43 DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)41 UpdateException (org.apache.directory.fortress.core.UpdateException)41 DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)37 LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)20 CreateException (org.apache.directory.fortress.core.CreateException)17 RemoveException (org.apache.directory.fortress.core.RemoveException)17 LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)14 IOException (java.io.IOException)12 Permission (org.apache.directory.fortress.core.model.Permission)9 Dn (org.apache.directory.api.ldap.model.name.Dn)7 LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)6 SecurityException (org.apache.directory.fortress.core.SecurityException)6