use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class PolicyDAO method update.
/**
* @param entity
* @throws org.apache.directory.fortress.core.UpdateException
*/
void update(PwPolicy entity) throws UpdateException {
LdapConnection ld = null;
String dn = getDn(entity);
try {
List<Modification> mods = new ArrayList<Modification>();
if (entity.getMinAge() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MIN_AGE, entity.getMinAge().toString()));
}
if (entity.getMaxAge() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MAX_AGE, entity.getMaxAge().toString()));
}
if (entity.getInHistory() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_IN_HISTORY, entity.getInHistory().toString()));
}
if (entity.getCheckQuality() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_CHECK_QUALITY, entity.getCheckQuality().toString()));
}
if (entity.getMinLength() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MIN_LENGTH, entity.getMinLength().toString()));
}
if (entity.getExpireWarning() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_EXPIRE_WARNING, entity.getExpireWarning().toString()));
}
if (entity.getGraceLoginLimit() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_GRACE_LOGIN_LIMIT, entity.getGraceLoginLimit().toString()));
}
if (entity.getLockout() != null) {
/**
* OpenLDAP requires the boolean values to be upper case:
*/
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_LOCKOUT, entity.getLockout().toString().toUpperCase()));
}
if (entity.getLockoutDuration() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_LOCKOUT_DURATION, entity.getLockoutDuration().toString()));
}
if (entity.getMaxFailure() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MAX_FAILURE, entity.getMaxFailure().toString()));
}
if (entity.getFailureCountInterval() != null) {
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_FAILURE_COUNT_INTERVAL, entity.getFailureCountInterval().toString()));
}
if (entity.getMustChange() != null) {
/**
* OpenLDAP requires the boolean values to be upper case:
*/
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_MUST_CHANGE, entity.getMustChange().toString().toUpperCase()));
}
if (entity.getAllowUserChange() != null) {
/**
* OpenLDAP requires the boolean values to be upper case:
*/
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_ALLOW_USER_CHANGE, entity.getAllowUserChange().toString().toUpperCase()));
}
if (entity.getSafeModify() != null) {
/**
* OpenLDAP requires the boolean values to be upper case:
*/
mods.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, PW_SAFE_MODIFY, entity.getSafeModify().toString().toUpperCase()));
}
if (mods != null && mods.size() > 0) {
ld = getAdminConnection();
modify(ld, dn, mods, entity);
}
} catch (LdapException e) {
String error = "update name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.PSWD_UPDATE_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
}
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class PropertyDAO method getProperties.
/**
* Get properties on the provided entity using the provided property provider
*
* @param entity A FortressEntity that supports properties (Role, AdminRole, Group, Permission, PermObj)
* @param propProvider DAO for entity type that implements property provider interface
* @return Current properties of entity
* @throws FinderException
*/
Properties getProperties(FortEntity entity, PropertyProvider propProvider) throws FinderException {
Properties props = null;
LdapConnection ld = null;
String entityDn = propProvider.getDn(entity);
try {
ld = getAdminConnection();
Entry findEntry = read(ld, entityDn, new String[] { GlobalIds.PROPS });
props = PropUtil.getProperties(getAttributes(findEntry, GlobalIds.PROPS));
if (props == null) {
props = new Properties();
}
} catch (LdapNoSuchObjectException e) {
String warning = "get properties COULD NOT FIND ENTRY for entity [" + entityDn + "]";
throw new FinderException(GlobalErrIds.ENTITY_PROPS_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "get properties [" + entityDn + "]= caught LDAPException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ENTITY_PROPS_LOAD_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return props;
}
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class AuditDAO method searchAuthZs.
/**
* @param audit
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<AuthZ> searchAuthZs(UserAudit audit) throws FinderException {
List<AuthZ> auditList = new ArrayList<>();
LdapConnection ld = null;
String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
String permRoot = getRootDn(audit.isAdmin(), audit.getContextId());
String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
try {
String reqDn = PermDAO.getOpRdn(audit.getOpName(), audit.getObjId()) + "," + GlobalIds.POBJ_NAME + "=" + audit.getObjName() + "," + permRoot;
String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(" + REQDN + "=" + reqDn + ")(" + REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
if (audit.isFailedOnly()) {
filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
}
if (audit.getBeginDate() != null) {
String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
filter += "(" + REQEND + ">=" + szTime + ")";
}
filter += ")";
// System.out.println("filter=" + filter);
ld = getLogConnection();
SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
}
} catch (LdapException e) {
String error = "LdapException in AuditDAO.searchAuthZs id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
} finally {
closeLogConnection(ld);
}
return auditList;
}
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class AuditDAO method searchUserMods.
/**
* @param audit
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<Mod> searchUserMods(UserAudit audit) throws FinderException {
List<Mod> modList = new ArrayList<>();
LdapConnection ld = null;
String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
try {
String filter = GlobalIds.FILTER_PREFIX + ACCESS_MOD_CLASS_NM + ")(" + REQDN + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
if (audit.getBeginDate() != null) {
String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
filter += "(" + REQEND + ">=" + szTime + ")";
}
filter += ")";
// log.warn("filter=" + filter);
ld = getLogConnection();
SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
modList.add(getModEntityFromLdapEntry(searchResults.getEntry(), sequence++));
}
} catch (LdapException e) {
String error = "searchUserMods caught LdapException id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "searchUserMods caught CursorException id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e);
} finally {
closeLogConnection(ld);
}
return modList;
}
use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.
the class AuditDAO method getAllAuthZs.
/**
* @param audit
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<AuthZ> getAllAuthZs(UserAudit audit) throws FinderException {
List<AuthZ> auditList = new ArrayList<>();
LdapConnection ld = null;
String auditRoot = Config.getInstance().getProperty(AUDIT_ROOT);
String userRoot = getRootDn(audit.getContextId(), GlobalIds.USER_ROOT);
try {
String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
if (audit.getUserId() != null && audit.getUserId().length() > 0) {
filter += REQUAUTHZID + "=" + SchemaConstants.UID_AT + "=" + audit.getUserId() + "," + userRoot + ")";
} else {
// have to limit the query to only authorization entries.
// TODO: determine why the cn=Manager user is showing up in this search:
filter += REQUAUTHZID + "=*)(!(" + REQUAUTHZID + "=cn=Manager," + Config.getInstance().getProperty(GlobalIds.SUFFIX) + "))";
// TODO: fix this so filter by only the Fortress AuthZ entries and not the others:
if (audit.isFailedOnly()) {
filter += "(" + REQRESULT + "=" + GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG + ")";
}
}
if (audit.getBeginDate() != null) {
String szTime = TUtil.encodeGeneralizedTime(audit.getBeginDate());
filter += "(" + REQEND + ">=" + szTime + ")";
}
filter += ")";
// log.warn("filter=" + filter);
ld = getLogConnection();
SearchCursor searchResults = search(ld, auditRoot, SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
auditList.add(getAuthzEntityFromLdapEntry(searchResults.getEntry(), sequence++));
}
} catch (LdapException e) {
String error = "LdapException in AuditDAO.getAllAuthZs id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "CursorException in AuditDAO.getAllAuthZs id=" + e.getMessage();
throw new FinderException(GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e);
} finally {
closeLogConnection(ld);
}
return auditList;
}
Aggregations