use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.
the class LDAPGroups method isMemberOfGroup.
/**
* Find out if a user belongs to a particular group
* @param groupName the ldap DN of the group
* @param userDN the ldap DN of the user
* @return <code>true</code> if the user is member of the group;
* <code>false</code> otherwise.
*/
private boolean isMemberOfGroup(String groupName, DN userDN, String userRDN, SSOToken token) throws SSOException, PolicyException {
if (debug.messageEnabled()) {
debug.message("LDAPGroups.isMemberOfGroup():" + " entering with groupName = " + groupName + ",userDN = " + userDN);
}
if ((groupName == null) || (groupName.length() == 0) || (userDN == null)) {
return false;
}
String tokenID = token.getTokenID().toString();
boolean groupMatch = false;
SearchResultEntry entry;
try (Connection conn = connPool.getConnection()) {
entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(groupName));
} catch (Exception e) {
debug.warning("LDAPGroups: invalid group name {} specified in the policy definition.", groupName);
return false;
}
debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ATTR);
Attribute attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ATTR);
if (attribute != null) {
for (ByteString memberDNStr : attribute) {
debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
DN memberDN = DN.valueOf(memberDNStr.toString());
if (userDN.equals(memberDN)) {
groupMatch = true;
break;
}
}
}
if (!groupMatch) {
debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ALT_ATTR);
attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ALT_ATTR);
if (attribute != null) {
for (ByteString memberDNStr : attribute) {
debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
DN memberDN = DN.valueOf(memberDNStr.toString());
if (userDN.equals(memberDN)) {
groupMatch = true;
break;
}
}
}
}
if (!groupMatch) {
attribute = entry.getAttribute(DYNAMIC_GROUP_MEMBER_URL);
if (attribute != null) {
for (ByteString memberUrl : attribute) {
try {
LDAPUrl ldapUrl = LDAPUrl.valueOf(memberUrl.toString());
Set members = findDynamicGroupMembersByUrl(ldapUrl, userRDN);
Iterator iter = members.iterator();
while (iter.hasNext()) {
String memberDNStr = (String) iter.next();
DN memberDN = DN.valueOf(memberDNStr);
if (userDN.equals(memberDN)) {
groupMatch = true;
break;
}
}
} catch (LocalizedIllegalArgumentException e) {
throw new PolicyException(e);
}
}
}
}
debug.message("LDAPGroups.isMemberOfGroup():adding entry {} {} {} {} in subject evaluation cache.", tokenID, ldapServer, groupName, groupMatch);
SubjectEvaluationCache.addEntry(tokenID, ldapServer, groupName, groupMatch);
return groupMatch;
}
use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.
the class EmbeddedOpenDS method delOpenDSServer.
/**
* Removes host:port from OpenDJ replication
*/
public static void delOpenDSServer(Connection lc, String delServer) {
String replServerDN = "cn=" + delServer + ",cn=Servers,cn=admin data";
final String[] attrs = { "ds-cfg-key-id" };
Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
if (lc == null) {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local OpenDJ instance." + replServerDN);
return;
}
String trustKey = null;
try {
SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replServerDN, attrs));
if (le != null) {
Attribute la = le.getAttribute(attrs[0]);
if (la != null) {
trustKey = la.firstValueAsString();
}
String keyDN = "ds-cfg-key-id=" + trustKey + ",cn=instance keys,cn=admin data";
lc.delete(LDAPRequests.newDeleteRequest(keyDN));
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replServerDN);
}
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
}
try {
lc.delete(LDAPRequests.newDeleteRequest(replServerDN));
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting deleting server entry:" + replServerDN, ex);
}
try {
ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(replDN).addModification(new Modification(ModificationType.DELETE, Attributes.singletonAttribute("uniqueMember", "cn=" + delServer)));
lc.modify(modifyRequest);
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting removing :" + replDN, ex);
}
}
use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.
the class EmbeddedOpenDS method getServerSet.
/**
* Gets list of replicated servers from local OpenDJ directory.
*/
public static Set getServerSet(Connection lc) {
final String[] attrs = { "uniqueMember" };
Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
try {
if (lc != null) {
SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replDN, attrs));
if (le != null) {
Set hostSet = new HashSet();
Attribute la = le.getAttribute(attrs[0]);
if (la != null) {
for (ByteString value : la) {
hostSet.add(value.toString().substring(3, value.length()));
}
}
return hostSet;
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replDN);
}
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local opends instance.");
}
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
}
return null;
}
use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.
the class LdapTokenAttributeConversion method stripObjectClass.
/**
* Only strips out the ObjectClass if it is present.
*
* @param entry Non null Entry to process.
*
* @return The Entry reference passed in.
*/
public static Entry stripObjectClass(Entry entry) {
Attribute attribute = entry.getAttribute(CoreTokenConstants.OBJECT_CLASS);
if (attribute != null) {
AttributeDescription description = attribute.getAttributeDescription();
entry.removeAttribute(description);
}
return entry;
}
use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.
the class LdapTokenAttributeConversion method mapFromEntry.
/**
* Convert an Entry into a more convenient Mapping of CoreTokenField to Object.
*
* This function is important because no every operation with LDAP needs to return a
* fully initialised Token. Instead users may be interested in only certain
* attributes of the Token, and choose to query just those as a performance enhancement.
*
* @param entry Non null entry to convert.
*
* @return A mapping of zero or more CoreTokenFields to Objects.
*/
public Map<CoreTokenField, Object> mapFromEntry(Entry entry) {
stripObjectClass(entry);
Map<CoreTokenField, Object> r = new LinkedHashMap<>();
for (Attribute a : entry.getAllAttributes()) {
AttributeDescription description = a.getAttributeDescription();
CoreTokenField field = CoreTokenField.fromLDAPAttribute(description.toString());
// Special case for Token Type
if (CoreTokenField.TOKEN_TYPE.equals(field)) {
String value = entry.parseAttribute(description).asString();
r.put(field, TokenType.valueOf(value));
continue;
}
if (CoreTokenFieldTypes.isCalendar(field)) {
String dateString = entry.parseAttribute(description).asString();
Calendar calendar = conversion.fromLDAPDate(dateString);
r.put(field, calendar);
} else if (CoreTokenFieldTypes.isString(field)) {
String value = entry.parseAttribute(description).asString();
if (EMPTY.equals(value)) {
value = "";
}
r.put(field, value);
} else if (CoreTokenFieldTypes.isInteger(field)) {
Integer value = entry.parseAttribute(description).asInteger();
r.put(field, value);
} else if (CoreTokenFieldTypes.isByteArray(field)) {
byte[] data = entry.parseAttribute(description).asByteString().toByteArray();
r.put(field, data);
} else {
throw new IllegalStateException();
}
}
return r;
}
Aggregations