Examples with Attribute org.forgerock.opendj.ldap.Attribute used on opensource projects

Example 16 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class DJLDAPv3Repo method modifyGroupMembership.

/**
     * Modifies group membership data in the directory. In case the memberOf attribute is configured, this will also
     * iterate through all the user entries and modify those as well. Otherwise this will only modify the uniquemember
     * attribute on the group entry based on the operation.
     *
     * @param groupDN The DN of the group.
     * @param memberDNs The DNs of the group members.
     * @param operation Whether the members needs to be added or removed from the group. Use {@link IdRepo#ADDMEMBER}
     * or {@link IdRepo#REMOVEMEMBER}.
     * @throws IdRepoException If there was an error while modifying the membership data.
     */
private void modifyGroupMembership(String groupDN, Set<String> memberDNs, int operation) throws IdRepoException {
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(groupDN);
    Attribute attr = new LinkedAttribute(uniqueMemberAttr, memberDNs);
    ModificationType modType;
    if (ADDMEMBER == operation) {
        modType = ModificationType.ADD;
    } else {
        modType = ModificationType.DELETE;
    }
    modifyRequest.addModification(new Modification(modType, attr));
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        conn.modify(modifyRequest);
        if (memberOfAttr != null) {
            for (String member : memberDNs) {
                ModifyRequest userMod = LDAPRequests.newModifyRequest(member);
                userMod.addModification(modType, memberOfAttr, groupDN);
                conn.modify(userMod);
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to modify group membership. Name: " + groupDN + " memberDNs: " + memberDNs + " Operation: " + modType, ere);
        handleErrorResult(ere);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}

Example 17 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getAttributes.

/**
     * Returns all the requested attributes either in binary or in String format. Only the attributes defined in the
     * configuration will be returned for this given identity. In case the default "inetUserStatus" attribute has been
     * requested, it will be converted to the actual status attribute during query, and while processing it will be
     * mapped back to standard "inetUserStatus" values as well (rather than returning the configuration/directory
     * specific values). If there is an attempt to read a realm identity type's objectclass attribute, this method will
     * return an empty map right away (legacy handling). If the dn attribute has been requested, and it's also defined
     * in the configuration, then the attributemap will also contain the dn in the result.
     *
     * @param <T>
     * @param type The type of the identity.
     * @param name The name of the identity.
     * @param attrNames The names of the requested attributes or <code>null</code> to retrieve all the attributes.
     * @param function A function that can extract String or byte array values from an LDAP attribute.
     * @return The requested attributes in string or binary format.
     * @throws IdRepoException If there is an error while retrieving the identity attributes.
     */
private <T> Map<String, T> getAttributes(IdType type, String name, Set<String> attrNames, Function<Attribute, T, IdRepoException> function) throws IdRepoException {
    Set<String> attrs = attrNames == null ? new CaseInsensitiveHashSet(0) : new CaseInsensitiveHashSet(attrNames);
    if (type.equals(IdType.REALM)) {
        if (attrs.contains(OBJECT_CLASS_ATTR)) {
            return new HashMap(0);
        }
    }
    Map<String, T> result = new HashMap<String, T>();
    String dn = getDN(type, name);
    if (type.equals(IdType.USER)) {
        if (attrs.contains(DEFAULT_USER_STATUS_ATTR)) {
            attrs.add(userStatusAttr);
        }
    }
    Connection conn = null;
    Set<String> definedAttributes = getDefinedAttributes(type);
    if (attrs.isEmpty() || attrs.contains("*")) {
        attrs.clear();
        if (definedAttributes.isEmpty()) {
            attrs.add("*");
        } else {
            attrs.addAll(definedAttributes);
        }
    } else {
        if (!definedAttributes.isEmpty()) {
            attrs.retainAll(definedAttributes);
        }
        if (attrs.isEmpty()) {
            //there were only non-defined attributes requested, so we shouldn't return anything here.
            return new HashMap<String, T>(0);
        }
    }
    try {
        conn = connectionFactory.getConnection();
        SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, attrs.toArray(new String[attrs.size()])));
        for (Attribute attribute : entry.getAllAttributes()) {
            String attrName = attribute.getAttributeDescriptionAsString();
            if (!definedAttributes.isEmpty() && !definedAttributes.contains(attrName)) {
                continue;
            }
            result.put(attribute.getAttributeDescriptionAsString(), function.apply(attribute));
            if (attrName.equalsIgnoreCase(userStatusAttr) && attrs.contains(DEFAULT_USER_STATUS_ATTR)) {
                String converted = helper.convertToInetUserStatus(attribute.firstValueAsString(), inactiveValue);
                result.put(DEFAULT_USER_STATUS_ATTR, function.apply(new LinkedAttribute(DEFAULT_USER_STATUS_ATTR, converted)));
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while getting user attributes", ere);
        handleErrorResult(ere);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    if (attrs.contains(DN_ATTR)) {
        result.put(DN_ATTR, function.apply(new LinkedAttribute(DN_ATTR, dn)));
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("getAttributes returning attrMap: " + IdRepoUtils.getAttrMapWithoutPasswordAttrs(result, null));
    }
    return result;
}

Example 18 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class DJLDAPv3Repo method modifyRoleMembership.

/**
     * Modifies role membership data in the directory. This will add/remove the corresponding nsRoleDN attribute from
     * the user entry.
     *
     * @param roleDN The DN of the role.
     * @param memberDNs The DNs of the role members.
     * @param operation Whether the members needs to be added or removed from the group. Use {@link IdRepo#ADDMEMBER}
     * or {@link IdRepo#REMOVEMEMBER}.
     * @throws IdRepoException If there was an error while modifying the membership data.
     */
private void modifyRoleMembership(String roleDN, Set<String> memberDNs, int operation) throws IdRepoException {
    Attribute attr = new LinkedAttribute(roleDNAttr, roleDN);
    Modification mod;
    if (ADDMEMBER == operation) {
        mod = new Modification(ModificationType.ADD, attr);
    } else {
        mod = new Modification(ModificationType.DELETE, attr);
    }
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        for (String memberDN : memberDNs) {
            ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(memberDN);
            modifyRequest.addModification(mod);
            conn.modify(modifyRequest);
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to modify role membership. Name: " + roleDN + " memberDNs: " + memberDNs, ere);
        handleErrorResult(ere);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}

Example 19 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getFilteredRoleMembers.

/**
     * Returns the DNs of the members of this filtered role. To do that this will execute a read on the filtered role
     * entry to get the values of the nsRoleFilter attribute, and then it will perform searches using the retrieved
     * filters.
     *
     * @param dn The DN of the filtered role to query.
     * @return The DNs of the members.
     * @throws IdRepoException If there is an error while trying to retrieve the filtered role members.
     */
private Set<String> getFilteredRoleMembers(String dn) throws IdRepoException {
    Set<String> results = new HashSet<String>();
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, roleFilterAttr));
        Attribute filterAttr = entry.getAttribute(roleFilterAttr);
        if (filterAttr != null) {
            for (ByteString byteString : filterAttr) {
                Filter filter = Filter.valueOf(byteString.toString());
                //TODO: would it make sense to OR these filters and run a single search?
                SearchRequest searchRequest = LDAPRequests.newSearchRequest(rootSuffix, defaultScope, filter.toString(), DN_ATTR);
                searchRequest.setTimeLimit(defaultTimeLimit);
                searchRequest.setSizeLimit(defaultSizeLimit);
                ConnectionEntryReader reader = conn.search(searchRequest);
                while (reader.hasNext()) {
                    if (reader.isEntry()) {
                        results.add(reader.readEntry().getName().toString());
                    } else {
                        //ignore search result references
                        reader.readReference();
                    }
                }
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to retrieve filtered role members for " + dn, ere);
        handleErrorResult(ere);
    } catch (SearchResultReferenceIOException srrioe) {
        //should never ever happen...
        DEBUG.error("Got reference instead of entry", srrioe);
        throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return results;
}

Example 20 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getRoleMemberships.

/**
     * Return the role membership informations for this given user. This will execute a read on the user entry to
     * retrieve the nsRoleDN attribute. The values of the attribute will be returned.
     *
     * @param dn The DN of the user identity.
     * @return The DNs of the roles this user is member of.
     * @throws IdRepoException If there was an error while retrieving the role membership information.
     */
private Set<String> getRoleMemberships(String dn) throws IdRepoException {
    Set<String> results = new HashSet<String>();
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, roleDNAttr));
        Attribute attr = entry.getAttribute(roleDNAttr);
        if (attr != null) {
            results.addAll(LDAPUtils.getAttributeValuesAsStringSet(attr));
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to retrieve role memberships for " + dn + " using " + roleDNAttr + " attribute", ere);
        handleErrorResult(ere);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return results;
}