Examples with LookupOperationContext org.apache.directory.server.core.api.interceptor.context.LookupOperationContext used on opensource projects

Example 1 with LookupOperationContext

use of org.apache.directory.server.core.api.interceptor.context.LookupOperationContext in project aws-iam-ldap-bridge by denismo.

the class AWSIAMAuthenticator method authenticate.

@Override
public LdapPrincipal authenticate(BindOperationContext bindContext) throws Exception {
    if (!isAWSAccount(bindContext) || disabled) {
        LOG.debug("Skipping " + bindContext.getDn() + " - not an AWS account");
        if (delegatedAuth == null) {
            LOG.error("Delegated auth is null");
            return null;
        }
        return delegatedAuth.authenticate(bindContext);
    }
    LOG.debug("Authenticating " + bindContext.getDn());
    byte[] password = bindContext.getCredentials();
    LookupOperationContext lookupContext = new LookupOperationContext(getDirectoryService().getAdminSession(), bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
    Entry userEntry = getDirectoryService().getPartitionNexus().lookup(lookupContext);
    if (validator.verifyIAMPassword(userEntry, new String(password))) {
        LdapPrincipal principal = new LdapPrincipal(getDirectoryService().getSchemaManager(), bindContext.getDn(), AuthenticationLevel.SIMPLE, password);
        IoSession session = bindContext.getIoSession();
        if (session != null) {
            SocketAddress clientAddress = session.getRemoteAddress();
            principal.setClientAddress(clientAddress);
            SocketAddress serverAddress = session.getServiceAddress();
            principal.setServerAddress(serverAddress);
        }
        bindContext.setEntry(new ClonedServerEntry(userEntry));
        return principal;
    } else {
        // Bad password ...
        String message = I18n.err(I18n.ERR_230, bindContext.getDn().getName());
        LOG.info(message);
        throw new LdapAuthenticationException(message);
    }
}

Example 2 with LookupOperationContext

use of org.apache.directory.server.core.api.interceptor.context.LookupOperationContext in project aws-iam-ldap-bridge by denismo.

the class LDAPIAMPoller method readConfig.

private void readConfig() {
    try {
        Dn configDn = directory.getDnFactory().create("cn=config,ads-authenticatorid=awsiamauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config");
        if (!utils.exists(configDn)) {
            configEntry = directory.newEntry(configDn);
            configEntry.put("objectClass", "iamauthenticatorconfig", "top");
            configEntry.put(SchemaConstants.ENTRY_CSN_AT, directory.getCSN().toString());
            configEntry.put(SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString());
            configEntry.put("cn", "config");
            configEntry.put(ID_GENERATOR, "1000");
            directory.getAdminSession().add(configEntry);
        } else {
            LookupOperationContext lookupContext = new LookupOperationContext(directory.getAdminSession(), configDn, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
            configEntry = directory.getPartitionNexus().lookup(lookupContext);
        }
        AWSIAMAuthenticator.Config config = AWSIAMAuthenticator.getConfig();
        rootDN = config.rootDN;
        pollPeriod = config.pollPeriod;
        groupsDN = "ou=groups," + rootDN;
        usersDN = "ou=users," + rootDN;
        rolesDN = "ou=roles," + rootDN;
        GROUP_FMT = "cn=%s," + groupsDN;
        USER_FMT = "uid=%s," + usersDN;
        ROLE_FMT = "uid=%s,ou=roles," + rootDN;
        ensureDNs();
    } catch (Throwable e) {
        LOG.error("Exception reading config for LDAPIAMPoller", e);
    }
}

Example 3 with LookupOperationContext

use of org.apache.directory.server.core.api.interceptor.context.LookupOperationContext in project aws-iam-ldap-bridge by denismo.

the class AWSIAMAuthenticator method isAWSAccount.

private boolean isAWSAccount(BindOperationContext bindContext) throws LdapException {
    LookupOperationContext lookupContext = new LookupOperationContext(getDirectoryService().getAdminSession(), bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
    Entry userEntry = getDirectoryService().getPartitionNexus().lookup(lookupContext);
    return userEntry.hasObjectClass("iamaccount");
}

Example 4 with LookupOperationContext

use of org.apache.directory.server.core.api.interceptor.context.LookupOperationContext in project aws-iam-ldap-bridge by denismo.

the class LDAPIAMPoller method getExistingGroup.

private Entry getExistingGroup(Group iamGroup) throws Exception {
    Dn dn = directory.getDnFactory().create(String.format(GROUP_FMT, iamGroup.getGroupName()));
    LookupOperationContext lookupContext = new LookupOperationContext(directory.getAdminSession(), dn, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
    try {
        Entry groupEntry = directory.getPartitionNexus().lookup(lookupContext);
        if (groupEntry != null && groupEntry.hasObjectClass("iamgroup")) {
            return groupEntry;
        }
    } catch (LdapNoSuchObjectException e) {
    // Fallthrough
    }
    return null;
}